PE-sieve: File Members

PE-sieve

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Loading...

Searching...

No Matches

Here is a list of all macros with links to the files they belong to:

- c -

CALC_PAGE_STATS : workingset_scanner.h
CHARSET_SIZE : stats_analyzer.cpp
CODE_RULE : stats_analyzer.h

- d -

DIR_SEPARATOR : results_dumper.cpp

- e -

ENTROPY_CODE_TRESHOLD : stats_analyzer.cpp
ENTROPY_DATA_TRESHOLD : stats_analyzer.cpp
ENTROPY_ENC_TRESHOLD : stats_analyzer.cpp
ENTROPY_STRONG_ENC_TRESHOLD : stats_analyzer.cpp
ENTROPY_TRESHOLD : thread_scanner.cpp

- g -

GLOBALROOT_NAME : path_converter.cpp

- h -

HPSS : process_reflection.cpp

- i -

INVALID_OFFSET : artefact_scanner.h
INVALID_SYSCALL : threads_util.h
IS_ENDLINE : strings_util.h
IS_PRINTABLE : strings_util.h

- l -

LIB_NAME : pe_sieve_api.cpp
LONG_PATH_PREFIX : path_converter.cpp

- m -

MASK_TO_DWORD : iat_finder.h
MIN_THUNKS_COUNT : imp_reconstructor.cpp

- o -

OUT_PADDED : format_util.h

- p -

PAGE_SIZE : workingset_enum.h
PARAM_DATA : params.h
PARAM_DIR : params.h
PARAM_DOTNET_POLICY : params.h
PARAM_DUMP_MODE : params.h
PARAM_IAT : params.h
PARAM_IMP_REC : params.h
PARAM_JSON : params.h
PARAM_JSON_LVL : params.h
PARAM_LIST_SEPARATOR : pe_sieve_types.h
PARAM_MINIDUMP : params.h
PARAM_MODULES_IGNORE : params.h
PARAM_OBFUSCATED : params.h
PARAM_OUT_FILTER : params.h
PARAM_PATTERN : params.h
PARAM_PID : params.h
PARAM_QUIET : params.h
PARAM_REFLECTION : params.h
PARAM_SHELLCODE : params.h
PARAM_THREADS : params.h
PATTERN_NOT_FOUND : artefacts_util.h
PE_NOT_FOUND : artefact_scanner.h
PESIEVE_API : pe_sieve_api.h
PESIEVE_API_FUNC : pe_sieve_api.h
PESIEVE_EXPORTS : dll_main.cpp, pe_sieve_api.cpp
PESIEVE_MAJOR_VERSION : pe_sieve_ver_short.h
PESIEVE_MICRO_VERSION : pe_sieve_ver_short.h
PESIEVE_MINOR_VERSION : pe_sieve_ver_short.h
PESIEVE_PATCH_VERSION : pe_sieve_ver_short.h
PESIEVE_VERSION_STR : pe_sieve_ver_short.h

- r -

RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED : process_reflection.cpp
RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES : process_reflection.cpp
RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE : process_reflection.cpp

- u -

USE_PROCESS_SNAPSHOT : process_reflection.h
USE_RTL_PROCESS_REFLECTION : process_reflection.h