PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Namespaces | Functions
process_util.h File Reference
#include <windows.h>

Go to the source code of this file.

Namespaces

namespace  pesieve
 
namespace  pesieve::util
 

Functions

BOOL pesieve::util::is_process_wow64 (IN HANDLE processHandle, OUT BOOL *isProcWow64)
 
bool pesieve::util::is_process_64bit (IN HANDLE process)
 
BOOL pesieve::util::wow64_disable_fs_redirection (OUT PVOID *OldValue)
 
BOOL pesieve::util::wow64_revert_fs_redirection (IN PVOID OldValue)
 
BOOL pesieve::util::wow64_get_thread_context (IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)
 
Generated by doxygen 1.10.0