13 stream <<
"---" << std::endl;
15 stream <<
"---" << std::endl;
16 stream <<
"SUMMARY: \n" << std::endl;
30 stream <<
"Other: " << std::dec << other <<
"\n";
The report aggregating the results of the performed dumps.
The report aggregating the results of the performed scan.
The final report about the actions performed on the process: scanning and dumping.
std::string scan_report_to_string(const ProcessScanReport &report)
std::string dump_report_to_json(const ProcessDumpReport &process_report, const pesieve::t_json_level &jdetails, size_t start_level=0)
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)
std::string scan_report_to_json(const ProcessScanReport &process_report, ProcessScanReport::t_report_filter filter, const pesieve::t_json_level &jdetails, size_t start_level=0)
std::string report_to_json(const pesieve::ReportEx &report, const t_report_type rtype, ProcessScanReport::t_report_filter filter, const pesieve::t_json_level &jdetails, size_t start_level=0)
@ REPORT_ALL
output all available reports
@ REPORT_DUMPED
output the dumps report
@ REPORT_NONE
do not output a report
@ REPORT_SCANNED
output the scan report
Final summary about the scanned process.
DWORD implanted
all implants: shellcodes + PEs
DWORD errors
the number of elements that could not be scanned because of errors. If errors == ERROR_SCAN_FAILURE,...
DWORD implanted_shc
implanted shellcodes
DWORD scanned
number of all scanned modules
DWORD patched
detected modifications in the code
DWORD suspicious
general summary of suspicious
DWORD iat_hooked
detected IAT hooks
DWORD hdr_mod
PE header is modified (but not replaced)
DWORD unreachable_file
cannot read the file corresponding to the module in memory
DWORD implanted_pe
the full PE was probably loaded manually
DWORD skipped
some of the modules must be skipped (i.e. dotNET managed code have different characteristics and this...
DWORD replaced
PE file replaced in memory (probably hollowed)
DWORD other
other indicators
DWORD pid
pid of the process that was scanned