PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Go to the source code of this file.
Classes | |
class | pesieve.t_output_filter |
class | pesieve.t_shellc_mode |
class | pesieve.t_obfusc_mode |
class | pesieve.t_imprec_mode |
class | pesieve.t_dump_mode |
class | pesieve.t_iat_scan_mode |
class | pesieve.t_dotnet_policy |
class | pesieve.t_data_scan_mode |
class | pesieve.t_json_level |
class | pesieve.t_report_type |
class | pesieve.PARAM_STRING |
class | pesieve.t_params |
class | pesieve.t_report |
Namespaces | |
namespace | pesieve |
Variables | |
int | pesieve.PESIEVE_MIN_VER = 0x030800 |
int | pesieve.PESIEVE_MAX_VER = 0x030800 |
int | pesieve.ERROR_SCAN_FAILURE = -1 |
int | pesieve.MAX_PATH = 260 |
pesieve.lib = None | |
pesieve.PESieve_version = None | |