 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include "pe_sieve.h"#include <peconv.h>#include <windows.h>#include "scanners/scanner.h"#include "utils/format_util.h"#include "utils/process_util.h"#include "utils/process_privilege.h"#include "utils/process_minidump.h"#include "utils/path_converter.h"#include "postprocessors/results_dumper.h"#include "utils/process_reflection.h"#include "utils/console_color.h"#include "color_scheme.h"#include "utils/artefacts_util.h"#include "utils/syscall_extractor.h"Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
Functions | |
| void | pesieve::check_access_denied (DWORD processID) |
| bool | pesieve::is_scanner_compatible (IN HANDLE hProcess) |
| HANDLE | pesieve::open_process (DWORD processID, bool reflection, bool quiet) |
| pesieve::ProcessDumpReport * | pesieve::make_dump (IN HANDLE hProcess, IN bool isRefl, IN const pesieve::t_params &args, IN ProcessScanReport &process_report) |
| bool | pesieve::is_by_patterns (const t_shellc_mode &shellc_mode) |
Variables | |
| pesieve::PatternMatcher | g_Matcher |
| pesieve::SyscallTable | g_SyscallTable |
| pesieve::PatternMatcher g_Matcher |
Definition at line 23 of file pe_sieve.cpp.
| pesieve::SyscallTable g_SyscallTable |
Definition at line 24 of file pe_sieve.cpp.
1.13.2