PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
module_scanner.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include <psapi.h>
5#include <map>
6
7#include <peconv.h>
8#include "module_scan_report.h"
9#include "module_data.h"
10
11#include "../utils/format_util.h"
12#include "process_feature_scanner.h"
13
14namespace pesieve {
15
33
34}; //namespace pesieve
pesieve::ModuleData
Loads a module from the disk, corresponding to the module in the scanned process' memory.
Definition module_data.h:15
pesieve::ModuleScanReport
A base class of all the reports detailing on the output of the performed module's scan.
Definition module_scan_report.h:26
pesieve::ModuleScanner
A base class for all the scanners operating on module data.
Definition module_scanner.h:17
pesieve::ModuleScanner::scanRemote
virtual ModuleScanReport * scanRemote()=0
pesieve::ModuleScanner::remoteModData
RemoteModuleData & remoteModData
Definition module_scanner.h:31
pesieve::ModuleScanner::ModuleScanner
ModuleScanner(HANDLE _procHndl, ModuleData &_moduleData, RemoteModuleData &_remoteModData)
Definition module_scanner.h:19
pesieve::ProcessFeatureScanner
A base class for all the scanners checking appropriate process' features.
Definition process_feature_scanner.h:12
pesieve::RemoteModuleData
Buffers the data from the module loaded in the scanned process into the local memory.
Definition module_data.h:123
format_util.h
module_data.h
module_scan_report.h
pesieve::fill_iat
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)
Definition iat_finder.h:31
process_feature_scanner.h
Generated by doxygen 1.10.0