pe-sieve/scanned__modules_8h_source.html

#pragma once


#include <windows.h>


#include <map>

#include <string>

#include <iostream>


#include "module_scan_report.h"


namespace pesieve {


    class ScannedModule {


    public:


        ULONGLONG getStart() const

        {

            return start;

        }


        ULONGLONG getEnd() const

        {

            return moduleSize + start;

        }


        size_t getSize()

        {

            return moduleSize;

        }


        bool isSuspicious() const

        {

            return this->is_suspicious;

        }


        std::string getModName() const

        {

            return this->moduleName;

        }


    protected:


        ScannedModule(ULONGLONG _start, size_t _moduleSize)

            : start(_start), moduleSize(_moduleSize),

            is_suspicious(false)

        {

        }


        ~ScannedModule()

        {

        }


        bool operator<(ScannedModule other) const

        {

            return this->start < other.start;

        }


        void setSuspicious(bool _is_suspicious) {

            this->is_suspicious = _is_suspicious;

        }


        bool resize(size_t newSize)

        {

            if (moduleSize < newSize) {

                //std::cout << "Resizing module from: " << std::hex << moduleSize << " to: " << newSize << "\n";

                moduleSize = newSize;

                return true;

            }

            return false;

        }


        const ULONGLONG start;


    private:

        size_t moduleSize;

        bool is_suspicious;

        std::string moduleName;


        friend class ModulesInfo;

    };


    class ModulesInfo {


    public:


        ModulesInfo(DWORD _pid)

            : process_id(_pid)

        {

        }


        ~ModulesInfo()

        {

            deleteAll();

        }


        bool appendToModulesList(ModuleScanReport *report);


        size_t count() { return modulesMap.size(); }


        size_t getScannedSize(ULONGLONG start_address) const;

        ScannedModule* findModuleContaining(ULONGLONG address, size_t size = 0) const;

        ScannedModule* getModuleAt(ULONGLONG address) const;


    protected:

        bool appendModule(ScannedModule* module);

        void deleteAll();


    private:

        std::map<ULONGLONG, ScannedModule*> modulesMap;

        const DWORD process_id;

    };


}; //namespace pesieve


pesieve::ModuleScanReport
A base class of all the reports detailing on the output of the performed module's scan.
Definition module_scan_report.h:56

pesieve::ModulesInfo::findModuleContaining
ScannedModule * findModuleContaining(ULONGLONG address, size_t size=0) const
Definition scanned_modules.cpp:53

pesieve::ModulesInfo::getScannedSize
size_t getScannedSize(ULONGLONG start_address) const
Definition scanned_modules.cpp:83

pesieve::ModulesInfo::ModulesInfo
ModulesInfo(DWORD _pid)
Definition scanned_modules.h:87

pesieve::ModulesInfo::deleteAll
void deleteAll()
Definition scanned_modules.cpp:73

pesieve::ModulesInfo::~ModulesInfo
~ModulesInfo()
Definition scanned_modules.h:92

pesieve::ModulesInfo::appendToModulesList
bool appendToModulesList(ModuleScanReport *report)
Definition scanned_modules.cpp:24

pesieve::ModulesInfo::count
size_t count()
Definition scanned_modules.h:99

pesieve::ModulesInfo::appendModule
bool appendModule(ScannedModule *module)
Definition scanned_modules.cpp:10

pesieve::ModulesInfo::getModuleAt
ScannedModule * getModuleAt(ULONGLONG address) const
Definition scanned_modules.cpp:103

pesieve::ScannedModule
Represents a basic info about the scanned module, such as its base offset, size, and the status.
Definition scanned_modules.h:14

pesieve::ScannedModule::getModName
std::string getModName() const
Definition scanned_modules.h:38

pesieve::ScannedModule::isSuspicious
bool isSuspicious() const
Definition scanned_modules.h:33

pesieve::ScannedModule::start
const ULONGLONG start
Definition scanned_modules.h:73

pesieve::ScannedModule::getStart
ULONGLONG getStart() const
Definition scanned_modules.h:18

pesieve::ScannedModule::setSuspicious
void setSuspicious(bool _is_suspicious)
Definition scanned_modules.h:59

pesieve::ScannedModule::operator<
bool operator<(ScannedModule other) const
Definition scanned_modules.h:54

pesieve::ScannedModule::~ScannedModule
~ScannedModule()
Definition scanned_modules.h:50

pesieve::ScannedModule::getEnd
ULONGLONG getEnd() const
Definition scanned_modules.h:23

pesieve::ScannedModule::getSize
size_t getSize()
Definition scanned_modules.h:28

pesieve::ScannedModule::resize
bool resize(size_t newSize)
Definition scanned_modules.h:63

pesieve::ScannedModule::ScannedModule
ScannedModule(ULONGLONG _start, size_t _moduleSize)
Definition scanned_modules.h:44

pesieve::ScannedModule::ModulesInfo
friend class ModulesInfo
Definition scanned_modules.h:80

module_scan_report.h

pesieve
Definition pesieve.py:1

report
Final summary about the scanned process.
Definition pe_sieve_types.h:151