 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <windows.h>Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
| namespace | pesieve::util |
Macros | |
| #define | USE_PROCESS_SNAPSHOT |
| #define | USE_RTL_PROCESS_REFLECTION |
Functions | |
| bool | pesieve::util::can_make_process_reflection () |
| HANDLE | pesieve::util::make_process_reflection (HANDLE orig_hndl) |
| bool | pesieve::util::release_process_reflection (HANDLE *reflection_hndl) |
Variables | |
| const DWORD | pesieve::util::reflection_access1 = PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE |
| const DWORD | pesieve::util::reflection_access2 = PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE | PROCESS_CREATE_PROCESS |
| const DWORD | pesieve::util::reflection_access = reflection_access2 |
| #define USE_PROCESS_SNAPSHOT |
Definition at line 5 of file process_reflection.h.
| #define USE_RTL_PROCESS_REFLECTION |
Definition at line 6 of file process_reflection.h.
1.12.0