PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Functions | |
bool | is_matcher_ready () |
bool | init_shellcode_patterns () |
size_t | load_pattern_file (const char *filename) |
size_t | find_all_patterns (BYTE *loadedData, size_t loadedSize, std::vector< sig_finder::Match > &allMatches) |
size_t | filter_custom (std::vector< sig_finder::Match > &allMatches, std::vector< sig_finder::Match > &customPatternMatches) |
size_t pesieve::matcher::filter_custom | ( | std::vector< sig_finder::Match > & | allMatches, |
std::vector< sig_finder::Match > & | customPatternMatches ) |
Definition at line 188 of file artefacts_util.cpp.
bool pesieve::matcher::init_shellcode_patterns | ( | ) |
bool pesieve::matcher::is_matcher_ready | ( | ) |
Definition at line 143 of file artefacts_util.cpp.
Definition at line 148 of file artefacts_util.cpp.