PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
process_privilege.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4
5namespace pesieve {
6 namespace util {
7
15
16 bool set_debug_privilege();
17
18 process_integrity_t get_integrity_level(HANDLE hProcess);
19
20 bool is_DEP_enabled(HANDLE hProcess);
21 };
22};
pesieve::util::get_integrity_level
process_integrity_t get_integrity_level(HANDLE hProcess)
Definition process_privilege.cpp:159
pesieve::util::is_DEP_enabled
bool is_DEP_enabled(HANDLE hProcess)
Definition process_privilege.cpp:210
pesieve::fill_iat
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)
Definition iat_finder.h:31
Generated by doxygen 1.10.0