 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <iostream>#include <string>#include <vector>#include "stats.h"#include "multi_stats.h"#include "stats_util.h"Go to the source code of this file.
Classes | |
| class | pesieve::RuleMatcher |
| struct | pesieve::AreaInfo |
| struct | pesieve::RuleMatchersSet |
Namespaces | |
| namespace | pesieve |
| namespace | pesieve::stats |
Macros | |
| #define | CODE_RULE "possible_code" |
Functions | |
| size_t | pesieve::stats::fillCodeStrings (OUT std::set< std::string > &codeStrings) |
| size_t | pesieve::stats::fetchPeakValues (IN const ChunkStats &currArea, IN double stdDev, int devCount, OUT std::set< BYTE > &peaks) |
| size_t | pesieve::stats::valuesNotBelowMean (IN const ChunkStats &currArea, double mean) |
| double | pesieve::stats::getPrintableRatio (IN const AreaMultiStats &stats) |
| #define CODE_RULE "possible_code" |
Definition at line 11 of file stats_analyzer.h.
1.13.2