 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <sstream>#include "pe_sieve.h"#include "params_info/pe_sieve_params_info.h"#include <paramkit.h>Go to the source code of this file.
Classes | |
| class | PEsieveParams |
Macros | |
| #define | PARAM_PID "pid" |
| #define | PARAM_SHELLCODE "shellc" |
| #define | PARAM_OBFUSCATED "obfusc" |
| #define | PARAM_THREADS "threads" |
| #define | PARAM_DATA "data" |
| #define | PARAM_IAT "iat" |
| #define | PARAM_MODULES_IGNORE "mignore" |
| #define | PARAM_REFLECTION "refl" |
| #define | PARAM_DOTNET_POLICY "dnet" |
| #define | PARAM_IMP_REC "imp" |
| #define | PARAM_DUMP_MODE "dmode" |
| #define | PARAM_REBASE "rebase" |
| #define | PARAM_OUT_FILTER "ofilter" |
| #define | PARAM_RESULTS_FILTER "report" |
| #define | PARAM_QUIET "quiet" |
| #define | PARAM_JSON "json" |
| #define | PARAM_JSON_LVL "jlvl" |
| #define | PARAM_DIR "dir" |
| #define | PARAM_MINIDUMP "minidmp" |
| #define | PARAM_PATTERN "pattern" |
Functions | |
| bool | alloc_strparam (PARAM_STRING &strparam, ULONG len) |
| void | free_strparam (PARAM_STRING &strparam) |
| bool alloc_strparam | ( | PARAM_STRING & | strparam, |
| ULONG | len ) |
| void free_strparam | ( | PARAM_STRING & | strparam | ) |
1.13.2