PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
hook_targets_resolver.h
Go to the documentation of this file.
1#pragma once
2
3#include "scan_report.h"
4#include "code_scanner.h"
5
6namespace pesieve {
7
9 class HookTargetResolver
10 {
11 public:
12 HookTargetResolver(IN ProcessScanReport& process_report)
13 : processReport(process_report)
14 {
15 }
16
18 size_t resolveAllHooks(IN OUT std::set<ModuleScanReport*> &code_reports);
19
21 bool resolveTarget(IN OUT PatchList::Patch* currPatch);
22
23 protected:
24 ProcessScanReport& processReport;
25 };
26
27}; //namespace pesieve
28
29
pesieve::HookTargetResolver
Processes the list of the collected patches (preprocessed by PatchAnalyzer), and for those of them th...
Definition hook_targets_resolver.h:10
pesieve::HookTargetResolver::resolveAllHooks
size_t resolveAllHooks(IN OUT std::set< ModuleScanReport * > &code_reports)
Resolves all the hooks collected within the given set of reports.
Definition hook_targets_resolver.cpp:29
pesieve::HookTargetResolver::resolveTarget
bool resolveTarget(IN OUT PatchList::Patch *currPatch)
Resolves the information about the target of the provided hook, and fills it back into the object.
Definition hook_targets_resolver.cpp:9
pesieve::HookTargetResolver::HookTargetResolver
HookTargetResolver(IN ProcessScanReport &process_report)
Definition hook_targets_resolver.h:12
pesieve::ProcessScanReport
The report aggregating the results of the performed scan.
Definition scan_report.h:19
code_scanner.h
scan_report.h
Generated by doxygen 1.12.0