PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Toggle main menu visibility
Main Page
Namespaces
Namespace List
Namespace Members
All
_
b
c
d
e
f
g
h
i
j
l
m
n
o
p
q
r
s
t
u
v
w
Functions
_
b
c
d
e
f
g
h
i
l
m
n
o
p
q
r
s
t
v
w
Variables
b
c
d
e
f
g
h
i
j
l
m
n
o
p
q
r
s
t
u
w
Typedefs
Enumerations
Enumerator
c
h
i
p
s
t
Classes
Class List
Class Index
Class Hierarchy
Class Members
All
_
a
b
c
d
e
f
g
h
i
j
l
m
n
o
p
q
r
s
t
u
v
w
~
Functions
_
a
b
c
d
e
f
g
h
i
l
m
n
o
p
r
s
t
u
v
w
~
Variables
_
a
b
c
d
e
f
h
i
j
l
m
n
o
p
q
r
s
t
u
v
w
Typedefs
Enumerations
Enumerator
i
o
r
s
Related Symbols
Files
File List
File Members
All
a
b
c
d
e
f
g
h
i
j
l
m
o
p
r
s
t
u
Functions
Variables
Typedefs
Enumerations
Enumerator
j
o
p
r
s
Macros
c
d
e
g
h
i
l
m
o
p
r
u
•
All
Classes
Namespaces
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Friends
Macros
Pages
Loading...
Searching...
No Matches
Here is a list of all class members with links to the classes they belong to:
- r -
rawSize :
pesieve::PeSection
rbp :
pesieve::_ctx_details
readRemote() :
pesieve::PeBuffer
real_end :
pesieve::util::BasicBuffer
real_start :
pesieve::util::BasicBuffer
rebase :
params
rebasedTo :
pesieve::ModuleDumpReport
rebuildImportTable() :
pesieve::ImpReconstructor
reconstruct() :
pesieve::PeReconstructor
reconstructFileHdr() :
pesieve::PeReconstructor
reconstructPeHdr() :
pesieve::PeReconstructor
ReflectionClientId :
pesieve::util::T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION
ReflectionProcessHandle :
pesieve::util::T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION
ReflectionThreadHandle :
pesieve::util::T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION
region_end :
pesieve::MemPageData
region_start :
pesieve::MemPageData
regionStart :
pesieve::PeArtefacts
reloadWow64() :
pesieve::ModuleData
relocateToBase() :
pesieve::ModuleData
relocBase :
pesieve::ModuleScanReport
,
pesieve::PeBuffer
relocs :
pesieve::PatchAnalyzer
remoteModData :
pesieve::ModuleScanner
RemoteModuleData() :
pesieve::RemoteModuleData
replaced :
report
REPORT_ALL :
pesieve.t_report_type
REPORT_ARTEFACT_SCAN :
pesieve::ProcessScanReport
REPORT_CODE_SCAN :
pesieve::ProcessScanReport
REPORT_DUMPED :
pesieve.t_report_type
REPORT_HEADERS_SCAN :
pesieve::ProcessScanReport
REPORT_IAT_SCAN :
pesieve::ProcessScanReport
REPORT_MAPPING_SCAN :
pesieve::ProcessScanReport
REPORT_MEMPAGE_SCAN :
pesieve::ProcessScanReport
REPORT_NONE :
pesieve.t_report_type
REPORT_SCANNED :
pesieve.t_report_type
REPORT_SKIPPED_SCAN :
pesieve::ProcessScanReport
REPORT_THREADS_SCAN :
pesieve::ProcessScanReport
REPORT_TYPES_COUNT :
pesieve::ProcessScanReport
REPORT_UNREACHABLE_SCAN :
pesieve::ProcessScanReport
ReportEx() :
pesieve::ReportEx
reportResolvedCallstack() :
pesieve::ThreadScanner
reportsByType :
pesieve::ProcessScanReport
reportSuspiciousAddr() :
pesieve::ThreadScanner
resize() :
pesieve::ScannedModule
resizeBuffer() :
pesieve::PeBuffer
resizeLastSection() :
pesieve::PeBuffer
resolveAddrToString() :
pesieve::ThreadScanner
resolveAllHooks() :
pesieve::HookTargetResolver
resolveHookedExport() :
pesieve::PatchList::Patch
resolveHooksTargets() :
pesieve::ProcessScanner
resolveLowLevelFuncName() :
pesieve::ThreadScanner
resolveTarget() :
pesieve::HookTargetResolver
results_filter :
params
ResultsDumper :
pesieve::ProcessDumpReport
,
pesieve::ProcessScanReport
,
pesieve::ResultsDumper
ret_on_stack :
pesieve::_ctx_details
returned_hndl :
pesieve::util::t_refl_args
returned_pid :
pesieve::util::t_refl_args
rip :
pesieve::_ctx_details
rsp :
pesieve::_ctx_details
RULE_CODE :
pesieve::RuleMatcher
RULE_ENCRYPTED :
pesieve::RuleMatcher
RULE_NONE :
pesieve::RuleMatcher
RULE_OBFUSCATED :
pesieve::RuleMatcher
RULE_TEXT :
pesieve::RuleMatcher
RuleMatcher() :
pesieve::RuleMatcher
RuleMatchersSet() :
pesieve::RuleMatchersSet
RuleType :
pesieve::RuleMatcher
rva :
pesieve::PeSection
rvaToVa() :
pesieve::ModuleData
Generated by
1.13.2