 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <windows.h>Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
| namespace | pesieve::util |
Functions | |
| BOOL | pesieve::util::is_process_wow64 (IN HANDLE processHandle, OUT BOOL *isProcWow64) |
| bool | pesieve::util::is_process_64bit (IN HANDLE process) |
| bool | pesieve::util::is_current_wow64 () |
| BOOL | pesieve::util::wow64_disable_fs_redirection (OUT PVOID *OldValue) |
| BOOL | pesieve::util::wow64_revert_fs_redirection (IN PVOID OldValue) |
| BOOL | pesieve::util::wow64_get_thread_context (IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext) |
1.13.2