 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include "scanner.h"#include <sstream>#include <fstream>#include <string>#include <locale>#include <codecvt>#include <tlhelp32.h>#include "../utils/format_util.h"#include "../utils/path_converter.h"#include "../utils/workingset_enum.h"#include "../utils/modules_enum.h"#include "../utils/process_privilege.h"#include "../utils/process_util.h"#include "headers_scanner.h"#include "code_scanner.h"#include "iat_scanner.h"#include "workingset_scanner.h"#include "mapping_scanner.h"#include "hook_targets_resolver.h"#include "thread_scanner.h"Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
| namespace | pesieve::util |
Functions | |
| bool | pesieve::validate_param_str (PARAM_STRING &strparam) |
| void | pesieve::util::print_scantime (std::stringstream &stream, size_t timeInMs) |
| void | pesieve::print_scan_time (const char *scanned_element, size_t total_time) |
| bool | pesieve::is_running (HANDLE processHandle) |
| bool | set_non_suspicious (const std::set< ModuleScanReport * > &scan_reports, bool dnet_modules_only) |
|
inline |
Definition at line 172 of file scanner.cpp.
1.13.2