pe-sieve/params__dump_8cpp_source.html

#include "params_dump.h"


#include "../utils/format_util.h"


void pesieve::params_fields_to_JSON(pesieve::t_params& params, std::stringstream& outs, size_t level)

{

    if (params.modules_ignored.length && params.modules_ignored.buffer) {

        OUT_PADDED(outs, level, "\"modules_ignored\" : ");

        outs << "\"" << params.modules_ignored.buffer << "\"" << ",\n";

    }

    if (params.data) {

        OUT_PADDED(outs, level, "\"data\" : ");

        outs << std::dec << params.data << ",\n";

    }

    if (params.dotnet_policy) {

        OUT_PADDED(outs, level, "\"dotnet_policy\" : ");

        outs << std::dec << params.dotnet_policy << ",\n";

    }


    if (params.make_reflection) {

        OUT_PADDED(outs, level, "\"use_reflection\" : ");

        outs << std::dec << params.make_reflection << ",\n";

    }

    if (params.use_cache) {

        OUT_PADDED(outs, level, "\"use_cache\" : ");

        outs << std::dec << params.use_cache << ",\n";

    }

    if (params.out_filter) {

        OUT_PADDED(outs, level, "\"out_filter\" : ");

        outs << std::dec << params.out_filter << ",\n";

    }

    if (params.imprec_mode) {

        OUT_PADDED(outs, level, "\"imprec_mode\" : ");

        outs << std::dec << params.imprec_mode << ",\n";

    }


    OUT_PADDED(outs, level, "\"hooks\" : ");

    outs << std::dec << (params.no_hooks ? 0 : 1) << ",\n";


    OUT_PADDED(outs, level, "\"iat\" : ");

    outs << std::dec << params.iat << ",\n";


    OUT_PADDED(outs, level, "\"threads\" : ");

    outs << std::dec << params.threads << ",\n";


    OUT_PADDED(outs, level, "\"shellcode\" : ");

    outs << std::dec << params.shellcode << ",\n";


    OUT_PADDED(outs, level, "\"obfuscated\" : ");

    outs << std::dec << params.obfuscated << "\n";

}


void pesieve::params_to_JSON(pesieve::t_params& params, std::stringstream& stream, size_t level)

{

    OUT_PADDED(stream, level, "\"pesieve_params\" : {\n");

    params_fields_to_JSON(params, stream, level + 1);

    OUT_PADDED(stream, level, "}");

}


pesieve.t_params
Definition pesieve.py:100

format_util.h

OUT_PADDED
#define OUT_PADDED(stream, field_size, str)
Definition format_util.h:12

pesieve::params_fields_to_JSON
void params_fields_to_JSON(pesieve::t_params &params, std::stringstream &outs, size_t level)
Definition params_dump.cpp:5

pesieve::params_to_JSON
void params_to_JSON(pesieve::t_params &params, std::stringstream &stream, size_t start_level)
Definition params_dump.cpp:54

params_dump.h

_PARAM_STRING::length
ULONG length
Definition pe_sieve_types.h:119

_PARAM_STRING::buffer
char * buffer
Definition pe_sieve_types.h:120

params
Input parameters for PE-sieve, defining the configuration.
Definition pe_sieve_types.h:124

params::make_reflection
bool make_reflection
operate on a process reflection rather than on the live process (this allows i.e. to force-read inacc...
Definition pe_sieve_types.h:140

params::shellcode
t_shellc_mode shellcode
detect shellcode implants
Definition pe_sieve_types.h:131

params::dotnet_policy
t_dotnet_policy dotnet_policy
policy for scanning .NET modules
Definition pe_sieve_types.h:126

params::no_hooks
bool no_hooks
don't scan for hooks
Definition pe_sieve_types.h:130

params::use_cache
bool use_cache
enable cache for the scanned modules
Definition pe_sieve_types.h:141

params::modules_ignored
PARAM_STRING modules_ignored
a list of modules that will not be scanned, separated by PARAM_LIST_SEPARATOR
Definition pe_sieve_types.h:145

params::imprec_mode
t_imprec_mode imprec_mode
import recovery mode
Definition pe_sieve_types.h:127

params::obfuscated
t_obfusc_mode obfuscated
detect encrypted or obfuscated content (possible encrypted shellcodes)
Definition pe_sieve_types.h:132

params::iat
t_iat_scan_mode iat
detect IAT hooking
Definition pe_sieve_types.h:134

params::threads
bool threads
scan threads
Definition pe_sieve_types.h:133

params::out_filter
t_output_filter out_filter
level of details of the created output material
Definition pe_sieve_types.h:129

params::data
t_data_scan_mode data
should scan non-executable pages?
Definition pe_sieve_types.h:135