PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
process_feature_scanner.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include <map>
5
6#include <peconv.h>
7#include "scan_report.h"
8
9namespace pesieve {
10
12 class ProcessFeatureScanner {
13
14 public:
15 ProcessFeatureScanner(HANDLE _processHandle)
16 : processHandle(_processHandle)
17 {
18 }
19
20 virtual ~ProcessFeatureScanner() {}
21
26 virtual ModuleScanReport* scanRemote() = 0;
27
28 protected:
29 HANDLE processHandle;
30 };
31
32}; //namespace pesieve
pesieve::ModuleScanReport
A base class of all the reports detailing on the output of the performed module's scan.
Definition module_scan_report.h:56
pesieve::ProcessFeatureScanner::scanRemote
virtual ModuleScanReport * scanRemote()=0
pesieve::ProcessFeatureScanner::ProcessFeatureScanner
ProcessFeatureScanner(HANDLE _processHandle)
Definition process_feature_scanner.h:15
scan_report.h
Generated by doxygen 1.13.2