 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <peconv.h>Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
Functions | |
| template<typename FIELD_T > | |
| bool | pesieve::is_valid_import_descriptor (BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IMAGE_IMPORT_DESCRIPTOR *desc) |
| template<typename FIELD_T > | |
| size_t | pesieve::calc_import_table_size (BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IMAGE_IMPORT_DESCRIPTOR *first_desc) |
| template<typename FIELD_T > | |
| IMAGE_IMPORT_DESCRIPTOR * | pesieve::find_first_import_descriptor (BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IMAGE_IMPORT_DESCRIPTOR *found_desc) |
| template<typename FIELD_T > | |
| IMAGE_IMPORT_DESCRIPTOR * | pesieve::find_import_table_tpl (IN BYTE *vBuf, IN size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN DWORD iat_offset, OUT size_t &table_size, IN OPTIONAL size_t search_offset) |
| IMAGE_IMPORT_DESCRIPTOR * | pesieve::find_import_table (IN bool is64bit, IN BYTE *vBuf, IN size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN DWORD iat_offset, OUT size_t &table_size, IN OPTIONAL size_t search_offset) |
1.12.0