PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
entropy_stats.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include "entropy.h"
5#include "stats.h"
6
7namespace pesieve {
8
9 class AreaEntropyStats : public AreaStats {
10 public:
11 AreaEntropyStats()
12 : AreaStats(),
13 entropy(0.0)
14 {
15 }
16
17 // Copy constructor
18 AreaEntropyStats(const AreaEntropyStats& p1)
19 {
20 area_size = p1.area_size;
21 area_start = p1.area_start;
22 entropy = p1.entropy;
23 }
24
25 void _appendVal(BYTE val)
26 {
27 histogram[val]++;
28 }
29
34
35 std::map<BYTE, size_t> histogram;
36 double entropy;
37
38 protected:
39
40 const virtual void fieldsToJSON(std::stringstream& outs, size_t level)
41 {
42 OUT_PADDED(outs, level, "\"area_start\" : ");
43 outs << "\"" << std::hex << area_start << "\"";
44 outs << ",\n";
45 OUT_PADDED(outs, level, "\"area_size\" : ");
46 outs << "\"" << std::hex << area_size << "\"";
47 outs << ",\n";
48 OUT_PADDED(outs, level, "\"entropy\" : ");
49 outs << std::dec << entropy;
50 }
51
52 friend class AreaStatsCalculator;
53
54 }; // AreaStats
55
56};
pesieve::AreaEntropyStats::AreaEntropyStats
AreaEntropyStats(const AreaEntropyStats &p1)
Definition entropy_stats.h:18
pesieve::AreaEntropyStats::fieldsToJSON
virtual const void fieldsToJSON(std::stringstream &outs, size_t level)
Definition entropy_stats.h:40
pesieve::AreaEntropyStats::histogram
std::map< BYTE, size_t > histogram
Definition entropy_stats.h:35
pesieve::AreaStatsCalculator
A class responsible for filling in the statistics with the data from the particular buffer.
Definition stats.h:73
pesieve::AreaStats
Base class for the statistics from analyzed buffer.
Definition stats.h:20
pesieve::AreaStats::area_size
size_t area_size
Definition stats.h:64
pesieve::AreaStats::area_start
size_t area_start
Definition stats.h:65
OUT_PADDED
#define OUT_PADDED(stream, field_size, str)
Definition format_util.h:12
pesieve::stats::calcShannonEntropy
double calcShannonEntropy(std::map< T, size_t > &histogram, size_t totalSize)
Definition entropy.h:22
pesieve::fill_iat
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)
Definition iat_finder.h:31
Generated by doxygen 1.10.0