PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
import_table_finder.cpp
Go to the documentation of this file.
1#include "import_table_finder.h"
2
3IMAGE_IMPORT_DESCRIPTOR* pesieve::find_import_table(
4 IN bool is64bit,
5 IN BYTE* vBuf,
6 IN size_t vBufSize,
7 IN const peconv::ExportsMapper* exportsMap,
8 IN DWORD iat_offset,
9 OUT size_t &table_size,
10 IN OPTIONAL size_t search_offset
11)
12{
13 IMAGE_IMPORT_DESCRIPTOR* import_table = nullptr;
14 if (is64bit) {
15 import_table = find_import_table_tpl<ULONGLONG>(
16 vBuf,
17 vBufSize,
18 exportsMap,
19 iat_offset,
20 table_size,
21 search_offset
22 );
23 }
24 else {
25 import_table = find_import_table_tpl<DWORD>(
26 vBuf,
27 vBufSize,
28 exportsMap,
29 iat_offset,
30 table_size,
31 search_offset
32 );
33 }
34 return import_table;
35}
import_table_finder.h
pesieve::find_import_table_tpl
IMAGE_IMPORT_DESCRIPTOR * find_import_table_tpl(IN BYTE *vBuf, IN size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN DWORD iat_offset, OUT size_t &table_size, IN OPTIONAL size_t search_offset)
Definition import_table_finder.h:87
pesieve::find_import_table
IMAGE_IMPORT_DESCRIPTOR * find_import_table(IN bool is64bit, IN BYTE *vBuf, IN size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN DWORD iat_offset, OUT size_t &table_size, IN OPTIONAL size_t search_offset)
Definition import_table_finder.cpp:3
Generated by doxygen 1.13.2