 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include "results_dumper.h"#include <windows.h>#include <psapi.h>#include <fstream>#include "../utils/format_util.h"#include "../utils/workingset_enum.h"#include "pe_reconstructor.h"#include "imp_rec/imp_reconstructor.h"#include "../scanners/iat_scanner.h"#include "../scanners/code_scanner.h"Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
Macros | |
| #define | DIR_SEPARATOR "\\" |
| #define | DEFAULT_BASE 0x10000000 |
Functions | |
| std::string | pesieve::get_payload_ext (const ArtefactScanReport &artefactRepot) |
| std::string | pesieve::get_dump_mode_name (peconv::t_pe_dump_mode dump_mode) |
| std::string | pesieve::get_imprec_res_name (const ImpReconstructor::t_imprec_res &res) |
| peconv::t_pe_dump_mode | pesieve::convert_to_peconv_dump_mode (const pesieve::t_dump_mode dump_mode) |
| bool | pesieve::make_dump_dir (const std::string &directory) |
| std::string | pesieve::get_module_file_name (HANDLE processHandle, const ModuleScanReport &mod) |
| #define DEFAULT_BASE 0x10000000 |
Definition at line 16 of file results_dumper.cpp.
| #define DIR_SEPARATOR "\\" |
Definition at line 15 of file results_dumper.cpp.
1.13.2