PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
entropy_stats.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include "entropy.h"
5#include "stats.h"
6
7namespace pesieve {
8
9 class AreaEntropyStats : public AreaStats {
10 public:
11 AreaEntropyStats()
12 : AreaStats(),
13 entropy(0.0)
14 {
15 }
16
17 // Copy constructor
24
25 void _appendVal(BYTE val)
26 {
27 histogram[val]++;
28 }
29
34
35 double entropy;
36
37 protected:
38 const virtual void fieldsToJSON(std::stringstream& outs, size_t level)
39 {
40 OUT_PADDED(outs, level, "\"area_start\" : ");
41 outs << "\"" << std::hex << area_start << "\"";
42 outs << ",\n";
43 OUT_PADDED(outs, level, "\"area_size\" : ");
44 outs << "\"" << std::hex << area_size << "\"";
45 outs << ",\n";
46 OUT_PADDED(outs, level, "\"entropy\" : ");
47 outs << std::dec << entropy;
48 }
49
50 std::map<BYTE, size_t> histogram;
51
52 friend class AreaStatsCalculator;
53
54 }; // AreaStats
55
56};
pesieve::AreaEntropyStats::AreaEntropyStats
AreaEntropyStats(const AreaEntropyStats &p1)
Definition entropy_stats.h:18
pesieve::AreaEntropyStats::fieldsToJSON
virtual const void fieldsToJSON(std::stringstream &outs, size_t level)
Definition entropy_stats.h:38
pesieve::AreaEntropyStats::histogram
std::map< BYTE, size_t > histogram
Definition entropy_stats.h:50
pesieve::AreaEntropyStats::AreaStatsCalculator
friend class AreaStatsCalculator
Definition entropy_stats.h:52
pesieve::AreaStats::area_size
size_t area_size
Definition stats.h:64
pesieve::AreaStats::area_start
size_t area_start
Definition stats.h:65
OUT_PADDED
#define OUT_PADDED(stream, field_size, str)
Definition format_util.h:12
pesieve::stats::calcShannonEntropy
double calcShannonEntropy(std::map< T, size_t > &histogram, size_t totalSize)
Definition entropy.h:22
Generated by doxygen 1.13.2