PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Classes | Functions
pesieve::stats Namespace Reference

Classes

class  StdDeviationCalc
 

Functions

template<typename T >
size_t generateHistogram (IN T buffer[], IN size_t bufferSize, OUT std::map< T, size_t > &counts)
 
template<typename T >
double calcShannonEntropy (std::map< T, size_t > &histogram, size_t totalSize)
 
size_t fillCodeStrings (OUT std::set< std::string > &codeStrings)
 
size_t fetchPeakValues (IN const ChunkStats &currArea, IN double stdDev, int devCount, OUT std::set< BYTE > &peaks)
 
size_t valuesNotBelowMean (IN const ChunkStats &currArea, double mean)
 
double getPrintableRatio (IN const AreaMultiStats &stats)
 
template<typename T >
std::string hexdumpValue (const BYTE *in_buf, const size_t max_size)
 
template<typename T >
T getMostFrequentValue (IN std::map< size_t, std::set< T > > frequencies)
 
template<typename T >
size_t getMostFrequentValues (IN std::map< size_t, std::set< T > > frequencies, OUT std::set< T > &values)
 
template<typename T >
bool isAllPrintable (IN std::map< T, size_t > &histogram)
 

Function Documentation

◆ calcShannonEntropy()

template<typename T >
double pesieve::stats::calcShannonEntropy ( std::map< T, size_t > & histogram,
size_t totalSize )

Definition at line 22 of file entropy.h.

Here is the call graph for this function:

◆ fetchPeakValues()

size_t pesieve::stats::fetchPeakValues ( IN const ChunkStats & currArea,
IN double stdDev,
int devCount,
OUT std::set< BYTE > & peaks )

Definition at line 80 of file stats_analyzer.cpp.

Here is the call graph for this function:

◆ fillCodeStrings()

size_t pesieve::stats::fillCodeStrings ( OUT std::set< std::string > & codeStrings)

Definition at line 118 of file stats_analyzer.cpp.

◆ generateHistogram()

template<typename T >
size_t pesieve::stats::generateHistogram ( IN T buffer[],
IN size_t bufferSize,
OUT std::map< T, size_t > & counts )

Definition at line 9 of file entropy.h.

Here is the call graph for this function:

◆ getMostFrequentValue()

template<typename T >
T pesieve::stats::getMostFrequentValue ( IN std::map< size_t, std::set< T > > frequencies)

Definition at line 22 of file stats_util.h.

Here is the call graph for this function:

◆ getMostFrequentValues()

template<typename T >
size_t pesieve::stats::getMostFrequentValues ( IN std::map< size_t, std::set< T > > frequencies,
OUT std::set< T > & values )

Definition at line 35 of file stats_util.h.

Here is the call graph for this function:

◆ getPrintableRatio()

double pesieve::stats::getPrintableRatio ( IN const AreaMultiStats & stats)

Definition at line 27 of file stats_analyzer.cpp.

Here is the call graph for this function:

◆ hexdumpValue()

template<typename T >
std::string pesieve::stats::hexdumpValue ( const BYTE * in_buf,
const size_t max_size )

Definition at line 11 of file stats_util.h.

Here is the call graph for this function:

◆ isAllPrintable()

template<typename T >
bool pesieve::stats::isAllPrintable ( IN std::map< T, size_t > & histogram)

Definition at line 49 of file stats_util.h.

Here is the call graph for this function:

◆ valuesNotBelowMean()

size_t pesieve::stats::valuesNotBelowMean ( IN const ChunkStats & currArea,
double mean )

Definition at line 99 of file stats_analyzer.cpp.

Here is the call graph for this function:
Generated by doxygen 1.10.0