PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Go to the source code of this file.
Classes | |
struct | pesieve::util::PSS_VA_CLONE_INFORMATION |
struct | pesieve::util::T_CLIENT_ID |
struct | pesieve::util::T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION |
struct | pesieve::util::t_refl_args |
Namespaces | |
namespace | pesieve |
namespace | pesieve::util |
Macros | |
#define | RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED 0x00000001 |
#define | RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES 0x00000002 |
#define | RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE 0x00000004 |
#define | HPSS HANDLE |
#define HPSS HANDLE |
Definition at line 17 of file process_reflection.cpp.
#define RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED 0x00000001 |
Definition at line 5 of file process_reflection.cpp.
#define RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES 0x00000002 |
Definition at line 9 of file process_reflection.cpp.
#define RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE 0x00000004 |
Definition at line 13 of file process_reflection.cpp.