10#define LIB_NAME "PE-sieve"
20 const size_t report_len = report_str.length();
22 if (json_buf && json_buf_size) {
23 ::memset(json_buf, 0, json_buf_size);
24 size_t max_len = report_len <= (json_buf_size - 1) ? report_len : (json_buf_size - 1);
25 ::memcpy(json_buf, report_str.c_str(), max_len);
40 nullrep.pid = args.pid;
47 if (!json_buf_size || IsBadWritePtr(json_buf, json_buf_size)) {
52 if (needed_size && IsBadWritePtr(needed_size,
sizeof(
size_t))) {
53 needed_size =
nullptr;
57 if (json_buf || needed_size) {
58 const size_t report_size =
print_report(*
report, args, rtype, json_buf, json_buf_size);
60 *needed_size = report_size;
77 MessageBox(NULL, my_info.c_str(),
LIB_NAME, MB_ICONINFORMATION);
@ REPORT_SUSPICIOUS_AND_ERRORS
The final report about the actions performed on the process: scanning and dumping.
DWORD(__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle
(t_report, str, int) PESieve_scan_ex(t_params params, t_report_type rtype, int buf_size)
std::string info()
The string with the basic information about the scanner.
std::string report_to_json(const pesieve::ReportEx &report, const t_report_type rtype, ProcessScanReport::t_report_filter filter, const pesieve::t_json_level &jdetails, size_t start_level=0)
ReportEx * scan_and_dump(IN const pesieve::t_params args)
The main action performed by PE-sieve: scanning the process and dumping the detected material.
t_report PESieve_scan(t_params params)
The root of the PE-sieve scanner.
size_t print_report(const pesieve::ReportEx &report, const pesieve::t_params args, const t_report_type rtype, char *json_buf, size_t json_buf_size)
The API: definitions of the exported elements that are accessible from PE-sieve DLL.
@ REPORT_NONE
do not output a report
#define PESIEVE_PATCH_VERSION
#define PESIEVE_MINOR_VERSION
#define PESIEVE_MAJOR_VERSION
#define PESIEVE_MICRO_VERSION
Input parameters for PE-sieve, defining the configuration.
Final summary about the scanned process.