PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
utils Directory Reference

Files

 artefacts_util.cpp
 
 artefacts_util.h
 
 byte_buffer.h
 
 code_patterns.h
 
 console_color.cpp
 
 console_color.h
 
 custom_buffer.h
 
 custom_mutex.h
 
 format_util.cpp
 
 format_util.h
 
 modules_enum.cpp
 
 modules_enum.h
 
 path_converter.cpp
 
 path_converter.h
 
 path_util.cpp
 
 path_util.h
 
 process_minidump.cpp
 
 process_minidump.h
 
 process_privilege.cpp
 
 process_privilege.h
 
 process_reflection.cpp
 
 process_reflection.h
 
 process_symbols.h
 
 process_util.cpp
 
 process_util.h
 
 strings_util.cpp
 
 strings_util.h
 
 syscall_extractor.cpp
 
 syscall_extractor.h
 
 threads_util.cpp
 
 threads_util.h
 
 workingset_enum.cpp
 
 workingset_enum.h
 
Generated by doxygen 1.13.2