PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
process_util.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4
5namespace pesieve {
6 namespace util {
7
8 BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL* isProcWow64);
9 bool is_process_64bit(IN HANDLE process);
10
11 bool is_current_wow64();
12
13 BOOL wow64_disable_fs_redirection(OUT PVOID* OldValue);
14 BOOL wow64_revert_fs_redirection(IN PVOID OldValue);
15
16 BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext);
17 };
18};
pesieve::util::is_process_64bit
bool is_process_64bit(IN HANDLE process)
Definition process_util.cpp:47
pesieve::util::wow64_disable_fs_redirection
BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)
Definition process_util.cpp:104
pesieve::util::is_process_wow64
BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)
Definition process_util.cpp:27
pesieve::util::lpContext
IN OUT PWOW64_CONTEXT lpContext
Definition process_util.cpp:11
pesieve::util::is_current_wow64
bool is_current_wow64()
Definition process_util.cpp:73
pesieve::util::BOOL
BOOL(CALLBACK *_MiniDumpWriteDump)(HANDLE hProcess
pesieve::util::wow64_get_thread_context
BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)
Definition process_util.cpp:86
pesieve::util::wow64_revert_fs_redirection
BOOL wow64_revert_fs_redirection(IN PVOID OldValue)
Definition process_util.cpp:121
Generated by doxygen 1.12.0