|
| size_t | calc_offset (MemPageData &memPage, LPVOID field) |
| |
| size_t | calc_sec_hdrs_offset (MemPageData &memPage, IMAGE_FILE_HEADER *nt_file_hdr) |
| |
| size_t | calc_nt_hdr_offset (MemPageData &memPage, IMAGE_SECTION_HEADER *first_sec, bool is64bit=true) |
| |
| bool | validate_hdrs_alignment (MemPageData &memPage, IMAGE_FILE_HEADER *nt_file_hdr, IMAGE_SECTION_HEADER *_sec_hdr) |
| |
| size_t | count_section_hdrs (BYTE *loadedData, size_t loadedSize, IMAGE_SECTION_HEADER *hdr_ptr) |
| |
| IMAGE_SECTION_HEADER * | get_first_section (BYTE *loadedData, size_t loadedSize, IMAGE_SECTION_HEADER *hdr_ptr) |
| |
| void | print_scantime (std::stringstream &stream, size_t timeInMs) |
| |
| BYTE * | find_pattern (BYTE *buffer, size_t buf_size, BYTE *pattern_buf, size_t pattern_size, size_t max_iter=0) |
| |
| size_t | is_32bit_code (BYTE *loadedData, size_t loadedSize) |
| |
| size_t | is_64bit_code (BYTE *loadedData, size_t loadedSize) |
| |
| bool | is_code (BYTE *loadedData, size_t loadedSize) |
| |
| bool | is_executable (DWORD mapping_type, DWORD protection) |
| |
| bool | is_readable (DWORD mapping_type, DWORD protection) |
| |
| bool | is_normal_inaccessible (DWORD state, DWORD mapping_type, DWORD protection) |
| |
| bool | get_current_color (int descriptor, WORD &color) |
| |
| void | print_in_color (int color, const std::string &text, bool is_error=false) |
| |
| bool | is_hex (const char *buf, size_t len) |
| |
| bool | is_dec (const char *buf, size_t len) |
| |
| std::string & | ltrim (std::string &str, const std::string &chars="\t\n\v\f\r ") |
| |
| std::string & | rtrim (std::string &str, const std::string &chars="\t\n\v\f\r ") |
| |
| std::string & | trim (std::string &str, const std::string &chars="\t\n\v\f\r ") |
| |
| long | get_number (const char *buf) |
| |
| bool | is_number (const char *buf) |
| |
| bool | is_in_list (std::string searched_string, std::set< std::string > &string_list, bool to_lower=true) |
| |
| size_t | string_to_list (IN::std::string s, IN char _delim, OUT std::set< std::string > &elements_list, bool to_lower=true) |
| |
| size_t | enum_modules (IN HANDLE hProcess, IN OUT HMODULE hMods[], IN const DWORD hModsMax, IN DWORD filters) |
| |
| void | init_syspaths () |
| |
| HANDLE | nt_create_file (PCWSTR filePath) |
| |
| std::string | nt_retrieve_file_path (HANDLE hFile) |
| |
| bool | is_relative (const char *path, size_t path_len) |
| |
| bool | is_disk_relative (const char *path, size_t path_len) |
| |
| std::string | remap_to_drive_letter (std::string full_path) |
| |
| std::string | relative_to_absolute_path (std::string path) |
| |
| std::string | replace_char (std::string &str, char ch1, char ch2) |
| |
| bool | convert_to_wow64_path (char *szModName) |
| |
| std::string | convert_to_win32_path (const std::string &path) |
| |
| std::string | device_path_to_win32_path (const std::string &full_path) |
| |
| std::string | expand_path (std::string path) |
| |
| char * | get_subpath_ptr (char *modulePath, char *searchedPath) |
| |
| std::string | escape_path_separators (std::string path) |
| |
| std::string | get_system_drive () |
| |
| bool | dir_exists (const char *path) |
| |
| bool | create_dir_recursively (const std::string &path) |
| |
| std::string | strip_prefix (std::string path, std::string prefix) |
| |
| | BOOL (CALLBACK *_MiniDumpWriteDump)(HANDLE hProcess |
| |
| bool | load_MiniDumpWriteDump () |
| |
| bool | make_minidump (DWORD pid, const std::string &out_file) |
| |
| HMODULE | get_or_load_module (const char *name) |
| |
| BOOL | set_privilege (HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) |
| |
| BOOL | _get_process_DEP_policy (HANDLE processHandle, DWORD &flags, BOOL &is_permanent) |
| |
| DEP_SYSTEM_POLICY_TYPE | _get_system_DEP_policy () |
| |
| bool | set_debug_privilege () |
| |
| process_integrity_t | get_integrity_level (HANDLE hProcess) |
| |
| bool | is_DEP_enabled (HANDLE hProcess) |
| |
| | NTSTATUS (NTAPI *_RtlCreateProcessReflection)(HANDLE ProcessHandle |
| |
| | DWORD (__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle |
| |
| bool | load_PssCaptureFreeSnapshot () |
| |
| bool | load_RtlCreateProcessReflection () |
| |
| DWORD WINAPI | refl_creator (LPVOID lpParam) |
| |
| HANDLE | make_process_reflection1 (HANDLE orig_hndl) |
| |
| HPSS | make_process_snapshot (HANDLE orig_hndl) |
| |
| bool | release_process_snapshot (HANDLE procHndl, HPSS snapshot) |
| |
| HANDLE | make_process_reflection2 (HPSS snapshot) |
| |
| bool | can_make_process_reflection () |
| |
| HANDLE | make_process_reflection (HANDLE orig_hndl) |
| |
| bool | release_process_reflection (HANDLE *reflection_hndl) |
| |
| | BOOL (WINAPI *g_IsWow64Process)(IN HANDLE = nullptr |
| |
| HMODULE | get_kernel32_hndl () |
| |
| BOOL | is_process_wow64 (IN HANDLE processHandle, OUT BOOL *isProcWow64) |
| |
| bool | is_process_64bit (IN HANDLE process) |
| |
| BOOL | wow64_disable_fs_redirection (OUT PVOID *OldValue) |
| |
| BOOL | wow64_revert_fs_redirection (IN PVOID OldValue) |
| |
| BOOL | wow64_get_thread_context (IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext) |
| |
| std::string | to_lowercase (std::string) |
| |
| bool | is_cstr_equal (char const *a, char const *b, const size_t max_len) |
| |
| bool | fetch_threads_info (DWORD pid, std::vector< thread_info > &threads_info) |
| |
| bool | fetch_threads_by_snapshot (DWORD pid, std::vector< thread_info > &threads_info) |
| |
| bool | get_next_commited_region (HANDLE processHandle, ULONGLONG start_va, MEMORY_BASIC_INFORMATION &page_info) |
| |
| size_t | enum_workingset (HANDLE processHandle, std::set< mem_region_info > ®ions) |
| |
| DWORD | count_workingset_entries (HANDLE processHandle) |
| |
1.10.0
