 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Go to the source code of this file.
Classes | |
| struct | pesieve::util::PSS_VA_CLONE_INFORMATION |
| struct | pesieve::util::T_CLIENT_ID |
| struct | pesieve::util::T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION |
| struct | pesieve::util::t_refl_args |
Namespaces | |
| namespace | pesieve |
| namespace | pesieve::util |
Macros | |
| #define | RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED 0x00000001 |
| #define | RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES 0x00000002 |
| #define | RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE 0x00000004 |
| #define | HPSS HANDLE |
Functions | |
| pesieve::util::NTSTATUS (NTAPI *_RtlCreateProcessReflection)(HANDLE ProcessHandle | |
| pesieve::util::DWORD (__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle | |
| bool | pesieve::util::load_PssCaptureFreeSnapshot () |
| bool | pesieve::util::load_RtlCreateProcessReflection () |
| DWORD WINAPI | pesieve::util::refl_creator (LPVOID lpParam) |
| HANDLE | pesieve::util::make_process_reflection1 (HANDLE orig_hndl) |
| HPSS | pesieve::util::make_process_snapshot (HANDLE orig_hndl) |
| bool | pesieve::util::release_process_snapshot (HANDLE procHndl, HPSS snapshot) |
| HANDLE | pesieve::util::make_process_reflection2 (HPSS snapshot) |
Variables | |
| ULONG | pesieve::util::Flags |
| ULONG PVOID | pesieve::util::StartRoutine |
| ULONG PVOID PVOID | pesieve::util::StartContext |
| ULONG PVOID PVOID HANDLE | pesieve::util::EventHandle |
| ULONG PVOID PVOID HANDLE T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION * | pesieve::util::ReflectionInformation = NULL |
| PSS_CAPTURE_FLAGS | pesieve::util::CaptureFlags |
| PSS_CAPTURE_FLAGS DWORD | pesieve::util::ThreadContextFlags |
| PSS_CAPTURE_FLAGS DWORD HPSS * | pesieve::util::SnapshotHandle = NULL |
| PSS_QUERY_INFORMATION_CLASS | pesieve::util::InformationClass |
| PSS_QUERY_INFORMATION_CLASS void * | pesieve::util::Buffer |
| PSS_QUERY_INFORMATION_CLASS void DWORD | pesieve::util::BufferLength = NULL |
| #define HPSS HANDLE |
Definition at line 17 of file process_reflection.cpp.
| #define RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED 0x00000001 |
Definition at line 5 of file process_reflection.cpp.
| #define RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES 0x00000002 |
Definition at line 9 of file process_reflection.cpp.
| #define RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE 0x00000004 |
Definition at line 13 of file process_reflection.cpp.
1.12.0