PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
File List
Here is a list of all files with brief descriptions:
 bindings
 python
 
demo.py
 
pesieve.py
 include
 
pe_sieve_api.h		The API: definitions of the exported elements that are accessible from PE-sieve DLL
 
pe_sieve_return_codes.h		The codes returned by the PE-sieve EXE
 
pe_sieve_types.h		The types used by PE-sieve API
 params_info
 
params_dump.cpp
 
params_dump.h
 
pe_sieve_params_info.cpp
 
pe_sieve_params_info.h
 postprocessors
 imp_rec
 
iat_block.cpp
 
iat_block.h
 
iat_finder.h
 
imp_reconstructor.cpp
 
imp_reconstructor.h
 
import_table_finder.cpp
 
import_table_finder.h
 
dump_report.cpp
 
dump_report.h
 
pe_buffer.cpp
 
pe_buffer.h
 
pe_reconstructor.cpp
 
pe_reconstructor.h
 
report_formatter.cpp
 
report_formatter.h
 
results_dumper.cpp
 
results_dumper.h
 scanners
 
artefact_scanner.cpp
 
artefact_scanner.h
 
code_scanner.cpp
 
code_scanner.h
 
headers_scanner.cpp
 
headers_scanner.h
 
hook_targets_resolver.cpp
 
hook_targets_resolver.h
 
iat_scanner.cpp
 
iat_scanner.h
 
mapping_scanner.cpp
 
mapping_scanner.h
 
mempage_data.cpp
 
mempage_data.h
 
module_cache.cpp
 
module_cache.h
 
module_data.cpp
 
module_data.h
 
module_scan_report.h
 
module_scanner.h
 
patch_analyzer.cpp
 
patch_analyzer.h
 
patch_list.cpp
 
patch_list.h
 
pe_section.h
 
process_details.h
 
process_feature_scanner.h
 
scan_report.cpp
 
scan_report.h
 
scanned_modules.cpp
 
scanned_modules.h
 
scanner.cpp
 
scanner.h
 
thread_scanner.cpp
 
thread_scanner.h
 
workingset_scanner.cpp
 
workingset_scanner.h
 stats
 
entropy.h
 
entropy_stats.h
 
multi_stats.h
 
stats.h
 
stats_analyzer.cpp
 
stats_analyzer.h
 
stats_util.h
 
std_dev_calc.h
 utils
 
artefacts_util.cpp
 
artefacts_util.h
 
byte_buffer.h
 
code_patterns.h
 
console_color.cpp
 
console_color.h
 
custom_buffer.h
 
custom_mutex.h
 
dbg_help_wrapper.cpp
 
dbg_help_wrapper.h
 
format_util.cpp
 
format_util.h
 
modules_enum.cpp
 
modules_enum.h
 
path_converter.cpp
 
path_converter.h
 
path_util.cpp
 
path_util.h
 
process_minidump.cpp
 
process_minidump.h
 
process_privilege.cpp
 
process_privilege.h
 
process_reflection.cpp
 
process_reflection.h
 
process_symbols.h
 
process_util.cpp
 
process_util.h
 
strings_util.cpp
 
strings_util.h
 
syscall_extractor.cpp
 
syscall_extractor.h
 
threads_util.cpp
 
threads_util.h
 
workingset_enum.cpp
 
workingset_enum.h
 
color_scheme.h
 
dll_main.cpp		The main file of PE-sieve built as a DLL
 
main.cpp		The main file of PE-sieve built as an EXE
 
params.h
 
pe_sieve.cpp
 
pe_sieve.h		The root of the PE-sieve scanner
 
pe_sieve_api.cpp
 
pe_sieve_report.h		The final report produced by PE-sieve
 
pe_sieve_ver_short.h
 
resources.h
Generated by doxygen 1.17.0