pe-sieve/pe__sieve__api_8cpp_source.html

#include <windows.h>

#include <string>

#include <iostream>


#include "pe_sieve.h"


#define PESIEVE_EXPORTS

#include <pe_sieve_api.h>


#define LIB_NAME "PE-sieve"


using namespace pesieve;


size_t print_report(const pesieve::ReportEx& report, const pesieve::t_params args, const t_report_type rtype, char* json_buf, size_t json_buf_size)

{

    if (rtype == REPORT_NONE) return 0;


    size_t level = 1;

    std::string report_str = report_to_json(report, rtype, args.results_filter, args.json_lvl, level);

    const size_t report_len = report_str.length();

    if (!report_len) return 0;


    const size_t report_size = report_len + 1;// including the '\0' terminator

    if (json_buf && json_buf_size) {

        ::memset(json_buf, 0, json_buf_size);

        size_t max_len = report_len <= (json_buf_size - 1) ? report_len : (json_buf_size - 1);

        ::memcpy(json_buf, report_str.c_str(), max_len);

    }

    return report_size;

}


PEsieve_report PESIEVE_API_FUNC PESieve_scan_ex(IN const PEsieve_params *args, IN const PEsieve_rtype rtype, OUT char* json_buf, IN size_t json_buf_size, OUT size_t* needed_size)

{

    if (!args || IsBadReadPtr((LPVOID)args, sizeof(PEsieve_params))) {

        pesieve::t_report empty = { 0 };

        empty.errors = 1;

        return empty;

    }

    const PEsieve_params _args = *args;

    const pesieve::ReportEx* report = pesieve::scan_and_dump(_args);

    pesieve::t_report summary = { 0 };

    summary.pid = _args.pid;

    summary.errors = pesieve::ERROR_SCAN_FAILURE;

    if (!report) {

        return summary;

    }

    if (report->scan_report) {

        summary = report->scan_report->generateSummary();

    }

    //check the pointers:

    if (json_buf) {

        if (!json_buf_size || IsBadWritePtr(json_buf, json_buf_size)) {

            json_buf = nullptr;

            json_buf_size = 0;

        }

    }

    if (needed_size && IsBadWritePtr(needed_size, sizeof(size_t))) {

        needed_size = nullptr;

    }


    //print the report (only if any valid output buffer was passed)

    if (json_buf || needed_size) {

        const size_t report_size = print_report(*report, _args, rtype, json_buf, json_buf_size);

        if (needed_size) {

            *needed_size = report_size;

        }

    }

    delete report;

    return summary;

}


PEsieve_report PESIEVE_API_FUNC PESieve_scan(IN const PEsieve_params *args)

{

    return PESieve_scan_ex(args, REPORT_NONE, nullptr, 0, nullptr);

}


void PESIEVE_API_FUNC PESieve_help(void)

{

    std::string my_info = pesieve::info();


    std::cout << my_info;

    MessageBox(NULL, my_info.c_str(), LIB_NAME, MB_ICONINFORMATION);

}


extern const DWORD PESIEVE_API PESieve_version = MAKELONG(MAKEWORD(PESIEVE_PATCH_VERSION, PESIEVE_MICRO_VERSION), MAKEWORD(PESIEVE_MINOR_VERSION, PESIEVE_MAJOR_VERSION));

pesieve::ReportEx
The final report about the actions performed on the process: scanning and dumping.
Definition pe_sieve_report.h:29

pesieve.t_params
Definition pesieve.py:110

pesieve.t_report_type
Definition pesieve.py:98

pesieve.t_report
Definition pesieve.py:136

pesieve::util::DWORD
DWORD(__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle

pesieve
Definition pesieve.py:1

pesieve.PESieve_help
PESieve_help()
Definition pesieve.py:197

pesieve.ERROR_SCAN_FAILURE
int ERROR_SCAN_FAILURE
Definition pesieve.py:10

pesieve::report_to_json
std::string report_to_json(const ReportEx &report, const t_report_type rtype, t_results_filter filter, const pesieve::t_json_level &jdetails, size_t start_level=0)
Definition report_formatter.cpp:106

pesieve.PESieve_version
PESieve_version
Definition pesieve.py:158

pesieve.PESieve_scan_ex
tuple[t_report, str, int] PESieve_scan_ex(t_params params, t_report_type rtype, int buf_size)
Definition pesieve.py:210

pesieve::info
std::string info()
The string with the basic information about the scanner.
Definition pe_sieve.cpp:274

pesieve::scan_and_dump
ReportEx * scan_and_dump(IN const pesieve::t_params args)
The main action performed by PE-sieve: scanning the process and dumping the detected material.
Definition pe_sieve.cpp:198

pesieve.PESieve_scan
t_report PESieve_scan(t_params params)
Definition pesieve.py:202

pe_sieve.h
The root of the PE-sieve scanner.

print_report
size_t print_report(const pesieve::ReportEx &report, const pesieve::t_params args, const t_report_type rtype, char *json_buf, size_t json_buf_size)
Definition pe_sieve_api.cpp:14

LIB_NAME
#define LIB_NAME
Definition pe_sieve_api.cpp:10

pe_sieve_api.h
The API: definitions of the exported elements that are accessible from PE-sieve DLL.

PEsieve_rtype
t_report_type PEsieve_rtype
Definition pe_sieve_api.h:41

PEsieve_params
t_params PEsieve_params
Definition pe_sieve_api.h:40

PEsieve_report
t_report PEsieve_report
Definition pe_sieve_api.h:39

PESIEVE_API
#define PESIEVE_API
Definition pe_sieve_api.h:13

PESIEVE_API_FUNC
#define PESIEVE_API_FUNC
Definition pe_sieve_api.h:21

REPORT_NONE
@ REPORT_NONE
do not output a report
Definition pe_sieve_types.h:111

PESIEVE_PATCH_VERSION
#define PESIEVE_PATCH_VERSION
Definition pe_sieve_ver_short.h:6

PESIEVE_MINOR_VERSION
#define PESIEVE_MINOR_VERSION
Definition pe_sieve_ver_short.h:4

PESIEVE_MAJOR_VERSION
#define PESIEVE_MAJOR_VERSION
Definition pe_sieve_ver_short.h:3

PESIEVE_MICRO_VERSION
#define PESIEVE_MICRO_VERSION
Definition pe_sieve_ver_short.h:5

params::pid
DWORD pid
the PID of the process to be scanned
Definition pe_sieve_types.h:125

report
Final summary about the scanned process.
Definition pe_sieve_types.h:150