PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Functions
pesieve::matcher Namespace Reference

Functions

bool is_matcher_ready ()
 
bool init_shellcode_patterns ()
 
size_t load_pattern_file (const char *filename)
 
size_t find_all_patterns (BYTE *loadedData, size_t loadedSize, std::vector< sig_finder::Match > &allMatches)
 
size_t filter_custom (std::vector< sig_finder::Match > &allMatches, std::vector< sig_finder::Match > &customPatternMatches)
 

Function Documentation

◆ filter_custom()

size_t pesieve::matcher::filter_custom ( std::vector< sig_finder::Match > & allMatches,
std::vector< sig_finder::Match > & customPatternMatches )

Definition at line 188 of file artefacts_util.cpp.

◆ find_all_patterns()

size_t pesieve::matcher::find_all_patterns ( BYTE * loadedData,
size_t loadedSize,
std::vector< sig_finder::Match > & allMatches )

Definition at line 176 of file artefacts_util.cpp.

Here is the call graph for this function:

◆ init_shellcode_patterns()

bool pesieve::matcher::init_shellcode_patterns ( )

Definition at line 165 of file artefacts_util.cpp.

Here is the call graph for this function:

◆ is_matcher_ready()

bool pesieve::matcher::is_matcher_ready ( )

Definition at line 143 of file artefacts_util.cpp.

◆ load_pattern_file()

size_t pesieve::matcher::load_pattern_file ( const char * filename)

Definition at line 148 of file artefacts_util.cpp.

Generated by doxygen 1.10.0