PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Classes | Namespaces | Functions | Variables
pesieve.py File Reference

Go to the source code of this file.

Classes

class  pesieve.t_output_filter
 
class  pesieve.t_shellc_mode
 
class  pesieve.t_obfusc_mode
 
class  pesieve.t_imprec_mode
 
class  pesieve.t_dump_mode
 
class  pesieve.t_iat_scan_mode
 
class  pesieve.t_dotnet_policy
 
class  pesieve.t_data_scan_mode
 
class  pesieve.t_json_level
 
class  pesieve.t_report_type
 
class  pesieve.PARAM_STRING
 
class  pesieve.t_params
 
class  pesieve.t_report
 

Namespaces

namespace  pesieve
 

Functions

 pesieve.version_to_str (version_val)
 
 pesieve.init ()
 
 pesieve.PESieve_help ()
 
t_report pesieve.PESieve_scan (t_params params)
 
(t_report, str, intpesieve.PESieve_scan_ex (t_params params, t_report_type rtype, int buf_size)
 

Variables

int pesieve.PESIEVE_MIN_VER = 0x030800
 
int pesieve.PESIEVE_MAX_VER = 0x030800
 
int pesieve.ERROR_SCAN_FAILURE = -1
 
int pesieve.MAX_PATH = 260
 
 pesieve.lib = None
 
 pesieve.PESieve_version = None
 
Generated by doxygen 1.10.0