PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pe_sieve_api.h
Go to the documentation of this file.
1
5
6#pragma once
7
8#include <windows.h>
9#include <pe_sieve_types.h>
10
11#ifndef PESIEVE_STATIC_LIB
12#ifdef PESIEVE_EXPORTS
13#define PESIEVE_API __declspec(dllexport)
14#else
15#define PESIEVE_API __declspec(dllimport)
16#endif
17#else
18#define PESIEVE_API
19#endif
20
21#define PESIEVE_API_FUNC PESIEVE_API __cdecl
22
23#ifdef __cplusplus
24extern "C" {
25#endif
26
27
29extern const DWORD PESIEVE_API PESieve_version;
30
32void PESIEVE_API_FUNC PESieve_help(void);
33
34#ifdef __cplusplus
35typedef pesieve::t_report PEsieve_report;
36typedef pesieve::t_params PEsieve_params;
37typedef pesieve::t_report_type PEsieve_rtype;
38#else
39typedef t_report PEsieve_report;
40typedef t_params PEsieve_params;
41typedef t_report_type PEsieve_rtype;
42#endif
43
45PEsieve_report PESIEVE_API_FUNC PESieve_scan(IN const PEsieve_params *args);
46
48PEsieve_report PESIEVE_API_FUNC PESieve_scan_ex(IN const PEsieve_params *args, IN const PEsieve_rtype rtype, OUT char* json_buf, IN size_t json_buf_size, OUT size_t *buf_needed_size);
49
50#ifdef __cplusplus
51};
52#endif
pesieve.t_params
Definition pesieve.py:110
pesieve.t_report_type
Definition pesieve.py:98
pesieve.t_report
Definition pesieve.py:136
PEsieve_rtype
t_report_type PEsieve_rtype
Definition pe_sieve_api.h:41
PESieve_version
const DWORD PESIEVE_API PESieve_version
PE-sieve version in a DWORD form.
PEsieve_params
t_params PEsieve_params
Definition pe_sieve_api.h:40
PESieve_scan
PEsieve_report PESIEVE_API_FUNC PESieve_scan(IN const PEsieve_params *args)
Performs a PE-sieve scan with a supplied set of parameters (defined as a structure t_params)....
Definition pe_sieve_api.cpp:72
PESieve_help
void PESIEVE_API_FUNC PESieve_help(void)
Shows a MessageBox with the informations about PE-sieve.
Definition pe_sieve_api.cpp:77
PESieve_scan_ex
PEsieve_report PESIEVE_API_FUNC PESieve_scan_ex(IN const PEsieve_params *args, IN const PEsieve_rtype rtype, OUT char *json_buf, IN size_t json_buf_size, OUT size_t *buf_needed_size)
Performs a PE-sieve scan with a supplied set of parameters (defined as a structure t_params)....
PEsieve_report
t_report PEsieve_report
Definition pe_sieve_api.h:39
PESIEVE_API
#define PESIEVE_API
Definition pe_sieve_api.h:13
PESIEVE_API_FUNC
#define PESIEVE_API_FUNC
Definition pe_sieve_api.h:21
pe_sieve_types.h
The types used by PE-sieve API.
t_report
struct report t_report
Final summary about the scanned process.
t_params
struct params t_params
Input parameters for PE-sieve, defining the configuration.
t_report_type
t_report_type
Definition pe_sieve_types.h:110
Generated by doxygen 1.17.0