PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
module_scanner.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include <psapi.h>
5#include <map>
6
7#include <peconv.h>
8#include "module_scan_report.h"
9#include "module_data.h"
10
11#include "../utils/format_util.h"
12#include "process_feature_scanner.h"
13
14namespace pesieve {
15
17 class ModuleScanner : public ProcessFeatureScanner {
18 public:
19 ModuleScanner(HANDLE _procHndl, ModuleData &_moduleData, RemoteModuleData &_remoteModData)
20 : ProcessFeatureScanner(_procHndl),
21 moduleData(_moduleData), remoteModData(_remoteModData)
22 {
23 }
24
25 virtual ~ModuleScanner() {}
26
27 virtual ModuleScanReport* scanRemote() = 0;
28
29 protected:
30 ModuleData &moduleData;
31 RemoteModuleData &remoteModData;
32 };
33
34}; //namespace pesieve
pesieve::ModuleData
Loads a module from the disk, corresponding to the module in the scanned process' memory.
Definition module_data.h:15
pesieve::ModuleScanReport
A base class of all the reports detailing on the output of the performed module's scan.
Definition module_scan_report.h:26
pesieve::ModuleScanner
A base class for all the scanners operating on module data.
Definition module_scanner.h:17
pesieve::ModuleScanner::scanRemote
virtual ModuleScanReport * scanRemote()=0
pesieve::ModuleScanner::remoteModData
RemoteModuleData & remoteModData
Definition module_scanner.h:31
pesieve::ModuleScanner::ModuleScanner
ModuleScanner(HANDLE _procHndl, ModuleData &_moduleData, RemoteModuleData &_remoteModData)
Definition module_scanner.h:19
pesieve::ProcessFeatureScanner
A base class for all the scanners checking appropriate process' features.
Definition process_feature_scanner.h:12
pesieve::RemoteModuleData
Buffers the data from the module loaded in the scanned process into the local memory.
Definition module_data.h:121
format_util.h
module_data.h
module_scan_report.h
process_feature_scanner.h
Generated by doxygen 1.12.0