9 std::cerr <<
"[-] Module not initialized" << std::endl;
13 std::cerr <<
"[-] Failed to read the module header" << std::endl;
25 if (
hdrs_size > peconv::MAX_HEADER_SIZE) {
67 std::cout <<
"[#] .NET module detected as SUSPICIOUS\n";
77 std::cout <<
"[#] Filtered out modifications typical for .NET files, setting as not suspicious\n";
94 if (sec_hdr ==
nullptr)
continue;
96 if (sec_hdr->SizeOfRawData == 0) {
97 sec_hdr->PointerToRawData = 0;
186 if (!
nt1 && !
nt2)
return false;
187 if (!
nt1 || !
nt2)
return true;
RemoteModuleData & remoteModData
BYTE headerBuffer[peconv::MAX_HEADER_SIZE]
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)