PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Classes | Functions
pesieve::stats Namespace Reference

Classes

class  StdDeviationCalc
 

Functions

template<typename T >
size_t generateHistogram (IN T buffer[], IN size_t bufferSize, OUT std::map< T, size_t > &counts)
 
template<typename T >
double calcShannonEntropy (std::map< T, size_t > &histogram, size_t totalSize)
 
size_t fillCodeStrings (OUT std::set< std::string > &codeStrings)
 
size_t fetchPeakValues (IN const ChunkStats &currArea, IN double stdDev, int devCount, OUT std::set< BYTE > &peaks)
 
size_t valuesNotBelowMean (IN const ChunkStats &currArea, double mean)
 
double getPrintableRatio (IN const AreaMultiStats &stats)
 
template<typename T >
std::string hexdumpValue (const BYTE *in_buf, const size_t max_size)
 
template<typename T >
std::string hexdumpValues (std::set< T > &values)
 
template<typename T >
BYTE getMostFrequentValue (IN const std::map< size_t, std::set< T > > &frequencies)
 
template<typename T >
size_t getMostFrequentValues (IN const std::map< size_t, std::set< T > > &frequencies, OUT std::set< T > &values, IN OPTIONAL size_t top=0, IN OPTIONAL size_t maxDiff=0)
 
template<typename T >
bool isAllPrintable (IN std::map< T, size_t > &histogram)
 

Function Documentation

◆ calcShannonEntropy()

template<typename T >
double pesieve::stats::calcShannonEntropy ( std::map< T, size_t > & histogram,
size_t totalSize )

Definition at line 22 of file entropy.h.

◆ fetchPeakValues()

size_t pesieve::stats::fetchPeakValues ( IN const ChunkStats & currArea,
IN double stdDev,
int devCount,
OUT std::set< BYTE > & peaks )

◆ fillCodeStrings()

size_t pesieve::stats::fillCodeStrings ( OUT std::set< std::string > & codeStrings)

Definition at line 118 of file stats_analyzer.cpp.

◆ generateHistogram()

template<typename T >
size_t pesieve::stats::generateHistogram ( IN T buffer[],
IN size_t bufferSize,
OUT std::map< T, size_t > & counts )

Definition at line 9 of file entropy.h.

◆ getMostFrequentValue()

template<typename T >
BYTE pesieve::stats::getMostFrequentValue ( IN const std::map< size_t, std::set< T > > & frequencies)

Definition at line 35 of file stats_util.h.

◆ getMostFrequentValues()

template<typename T >
size_t pesieve::stats::getMostFrequentValues ( IN const std::map< size_t, std::set< T > > & frequencies,
OUT std::set< T > & values,
IN OPTIONAL size_t top = 0,
IN OPTIONAL size_t maxDiff = 0 )

Definition at line 48 of file stats_util.h.

◆ getPrintableRatio()

double pesieve::stats::getPrintableRatio ( IN const AreaMultiStats & stats)

◆ hexdumpValue()

template<typename T >
std::string pesieve::stats::hexdumpValue ( const BYTE * in_buf,
const size_t max_size )

Definition at line 13 of file stats_util.h.

◆ hexdumpValues()

template<typename T >
std::string pesieve::stats::hexdumpValues ( std::set< T > & values)

Definition at line 23 of file stats_util.h.

◆ isAllPrintable()

template<typename T >
bool pesieve::stats::isAllPrintable ( IN std::map< T, size_t > & histogram)

Definition at line 70 of file stats_util.h.

◆ valuesNotBelowMean()

size_t pesieve::stats::valuesNotBelowMean ( IN const ChunkStats & currArea,
double mean )
Generated by doxygen 1.12.0