PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
pe_sieve.h
Go to the documentation of this file.
1
5
6#pragma once
7
8#include <windows.h>
9#include <iostream>
10#include <stdexcept>
11
12#include <pe_sieve_types.h>
13#include <pe_sieve_return_codes.h>
14
15#include "pe_sieve_ver_short.h"
16#include "pe_sieve_report.h"
17#include "postprocessors/report_formatter.h"
18
19namespace pesieve {
20
21 const char PESIEVE_URL[] = "https://github.com/hasherezade/pe-sieve";
22
24 std::string info();
25
27
31 ReportEx* scan_and_dump(IN const pesieve::t_params args);
32};
pesieve::ReportEx
The final report about the actions performed on the process: scanning and dumping.
Definition pe_sieve_report.h:29
pesieve.t_params
Definition pesieve.py:109
pesieve::PESIEVE_URL
const char PESIEVE_URL[]
Definition pe_sieve.h:21
pesieve::info
std::string info()
The string with the basic information about the scanner.
Definition pe_sieve.cpp:274
pesieve::scan_and_dump
ReportEx * scan_and_dump(IN const pesieve::t_params args)
The main action performed by PE-sieve: scanning the process and dumping the detected material.
Definition pe_sieve.cpp:198
pe_sieve_report.h
The final report produced by PE-sieve.
pe_sieve_return_codes.h
The codes returned by the PE-sieve EXE.
pe_sieve_types.h
The types used by PE-sieve API.
pe_sieve_ver_short.h
report_formatter.h
Generated by doxygen 1.13.2