PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
process_feature_scanner.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include <map>
5
6#include <peconv.h>
7#include "scan_report.h"
8
9namespace pesieve {
10
31
32}; //namespace pesieve
pesieve::ModuleScanReport
A base class of all the reports detailing on the output of the performed module's scan.
Definition module_scan_report.h:26
pesieve::ProcessFeatureScanner
A base class for all the scanners checking appropriate process' features.
Definition process_feature_scanner.h:12
pesieve::ProcessFeatureScanner::scanRemote
virtual ModuleScanReport * scanRemote()=0
pesieve::ProcessFeatureScanner::ProcessFeatureScanner
ProcessFeatureScanner(HANDLE _processHandle)
Definition process_feature_scanner.h:15
pesieve::fill_iat
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)
Definition iat_finder.h:31
scan_report.h
Generated by doxygen 1.10.0