pe-sieve/mapping__scanner_8h_source.html

#pragma once


#include <windows.h>


#include "module_scanner.h"

#include "../utils/path_util.h"

#include "process_feature_scanner.h"


namespace pesieve {


    class MappingScanReport : public ModuleScanReport

    {

    public:


        MappingScanReport(HMODULE _module, size_t _moduleSize)

            : ModuleScanReport(_module, _moduleSize)

        {

        }


        const virtual void fieldsToJSON(std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)

        {

            OUT_PADDED(outs, level, "\"module\" : ");

            outs << "\"" << std::hex << (ULONGLONG)module << "\"" << ",\n";


            OUT_PADDED(outs, level, "\"module_file\" : \"" << pesieve::util::escape_path_separators(this->moduleFile) << "\"");

            outs << ",\n";

            OUT_PADDED(outs, level, "\"mapped_file\" : \"" << pesieve::util::escape_path_separators(this->mappedFile) << "\"");


            outs << ",\n";

            OUT_PADDED(outs, level, "\"status\" : ");

            outs << std::dec << status;

        }


        const virtual bool toJSON(std::stringstream& outs, size_t level, const pesieve::t_json_level &jdetails)

        {

            OUT_PADDED(outs, level, "\"mapping_scan\" : ");

            outs << "{\n";

            fieldsToJSON(outs, level + 1, jdetails);

            outs << "\n";

            OUT_PADDED(outs, level, "}");

            return true;

        }


        std::string mappedFile;

    };


    class MappingScanner : public ProcessFeatureScanner {

    public:


        MappingScanner(HANDLE hProc, ModuleData &moduleData)

            : ProcessFeatureScanner(hProc), moduleData(moduleData)

        {

        }


        virtual MappingScanReport* scanRemote();


        ModuleData &moduleData;

    };


}; //namespace pesieve

pesieve::ElementScanReport::status
t_scan_status status
Definition module_scan_report.h:43

pesieve::MappingScanReport
Definition mapping_scanner.h:13

pesieve::MappingScanReport::mappedFile
std::string mappedFile
Definition mapping_scanner.h:44

pesieve::MappingScanReport::toJSON
virtual const bool toJSON(std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
Definition mapping_scanner.h:34

pesieve::MappingScanReport::MappingScanReport
MappingScanReport(HMODULE _module, size_t _moduleSize)
Definition mapping_scanner.h:15

pesieve::MappingScanReport::fieldsToJSON
virtual const void fieldsToJSON(std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
Definition mapping_scanner.h:20

pesieve::MappingScanner::MappingScanner
MappingScanner(HANDLE hProc, ModuleData &moduleData)
Definition mapping_scanner.h:51

pesieve::MappingScanner::scanRemote
virtual MappingScanReport * scanRemote()
Definition mapping_scanner.cpp:8

pesieve::MappingScanner::moduleData
ModuleData & moduleData
Definition mapping_scanner.h:58

pesieve::ModuleData
Loads a module from the disk, corresponding to the module in the scanned process' memory.
Definition module_data.h:15

pesieve::ModuleScanReport::ModuleScanReport
ModuleScanReport(HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS)
Definition module_scan_report.h:58

pesieve::ModuleScanReport::module
HMODULE module
Definition module_scan_report.h:74

pesieve::ModuleScanReport::moduleFile
std::string moduleFile
Definition module_scan_report.h:77

pesieve::ProcessFeatureScanner::ProcessFeatureScanner
ProcessFeatureScanner(HANDLE _processHandle)
Definition process_feature_scanner.h:15

pesieve.t_json_level
Definition pesieve.py:83

OUT_PADDED
#define OUT_PADDED(stream, field_size, str)
Definition format_util.h:12

module_scanner.h

pesieve::util::escape_path_separators
std::string escape_path_separators(std::string path)
Definition path_util.cpp:27

pesieve
Definition pesieve.py:1

path_util.h

process_feature_scanner.h