PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Classes | Macros | Functions
params.h File Reference
#include <sstream>
#include "pe_sieve.h"
#include "params_info/pe_sieve_params_info.h"
#include <paramkit.h>

Go to the source code of this file.

Classes

class  PEsieveParams

Macros

#define PARAM_PID   "pid"
#define PARAM_SHELLCODE   "shellc"
#define PARAM_OBFUSCATED   "obfusc"
#define PARAM_THREADS   "threads"
#define PARAM_DATA   "data"
#define PARAM_IAT   "iat"
#define PARAM_MODULES_IGNORE   "mignore"
#define PARAM_REFLECTION   "refl"
#define PARAM_DOTNET_POLICY   "dnet"
#define PARAM_SYMBOLS   "sym"
#define PARAM_IMP_REC   "imp"
#define PARAM_DUMP_MODE   "dmode"
#define PARAM_REBASE   "rebase"
#define PARAM_OUT_FILTER   "ofilter"
#define PARAM_RESULTS_FILTER   "report"
#define PARAM_QUIET   "quiet"
#define PARAM_JSON   "json"
#define PARAM_JSON_LVL   "jlvl"
#define PARAM_DIR   "dir"
#define PARAM_MINIDUMP   "minidmp"
#define PARAM_PATTERN   "pattern"

Functions

bool alloc_strparam (PARAM_STRING &strparam, ULONG len)
void free_strparam (PARAM_STRING &strparam)

Macro Definition Documentation

◆ PARAM_DATA

#define PARAM_DATA   "data"

Definition at line 17 of file params.h.

◆ PARAM_DIR

#define PARAM_DIR   "dir"

Definition at line 34 of file params.h.

◆ PARAM_DOTNET_POLICY

#define PARAM_DOTNET_POLICY   "dnet"

Definition at line 21 of file params.h.

◆ PARAM_DUMP_MODE

#define PARAM_DUMP_MODE   "dmode"

Definition at line 26 of file params.h.

◆ PARAM_IAT

#define PARAM_IAT   "iat"

Definition at line 18 of file params.h.

◆ PARAM_IMP_REC

#define PARAM_IMP_REC   "imp"

Definition at line 25 of file params.h.

◆ PARAM_JSON

#define PARAM_JSON   "json"

Definition at line 32 of file params.h.

◆ PARAM_JSON_LVL

#define PARAM_JSON_LVL   "jlvl"

Definition at line 33 of file params.h.

◆ PARAM_MINIDUMP

#define PARAM_MINIDUMP   "minidmp"

Definition at line 35 of file params.h.

◆ PARAM_MODULES_IGNORE

#define PARAM_MODULES_IGNORE   "mignore"

Definition at line 19 of file params.h.

◆ PARAM_OBFUSCATED

#define PARAM_OBFUSCATED   "obfusc"

Definition at line 15 of file params.h.

◆ PARAM_OUT_FILTER

#define PARAM_OUT_FILTER   "ofilter"

Definition at line 29 of file params.h.

◆ PARAM_PATTERN

#define PARAM_PATTERN   "pattern"

Definition at line 36 of file params.h.

◆ PARAM_PID

#define PARAM_PID   "pid"

Definition at line 13 of file params.h.

◆ PARAM_QUIET

#define PARAM_QUIET   "quiet"

Definition at line 31 of file params.h.

◆ PARAM_REBASE

#define PARAM_REBASE   "rebase"

Definition at line 27 of file params.h.

◆ PARAM_REFLECTION

#define PARAM_REFLECTION   "refl"

Definition at line 20 of file params.h.

◆ PARAM_RESULTS_FILTER

#define PARAM_RESULTS_FILTER   "report"

Definition at line 30 of file params.h.

◆ PARAM_SHELLCODE

#define PARAM_SHELLCODE   "shellc"

Definition at line 14 of file params.h.

◆ PARAM_SYMBOLS

#define PARAM_SYMBOLS   "sym"

Definition at line 22 of file params.h.

◆ PARAM_THREADS

#define PARAM_THREADS   "threads"

Definition at line 16 of file params.h.

Function Documentation

◆ alloc_strparam()

bool alloc_strparam ( PARAM_STRING & strparam,
ULONG len )

Definition at line 39 of file params.h.

◆ free_strparam()

void free_strparam ( PARAM_STRING & strparam)

Definition at line 52 of file params.h.

Generated by doxygen 1.17.0