PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::_ctx_details Struct Reference

A custom structure keeping a fragment of a thread context. More...

#include <thread_scanner.h>

Public Member Functions

 _ctx_details (bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)
 
void init (bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)
 

Public Attributes

bool is64b
 
ULONGLONG rip
 
ULONGLONG rsp
 
ULONGLONG rbp
 
ULONGLONG last_ret
 
ULONGLONG ret_on_stack
 
bool is_ret_as_syscall
 
bool is_ret_in_frame
 
bool is_managed
 
size_t stackFramesCount
 
std::set< ULONGLONG > shcCandidates
 

Detailed Description

A custom structure keeping a fragment of a thread context.

Definition at line 97 of file thread_scanner.h.

Constructor & Destructor Documentation

◆ _ctx_details()

pesieve::_ctx_details::_ctx_details ( bool _is64b = false,
ULONGLONG _rip = 0,
ULONGLONG _rsp = 0,
ULONGLONG _rbp = 0,
ULONGLONG _ret_addr = 0 )
inline

Definition at line 110 of file thread_scanner.h.

Member Function Documentation

◆ init()

void pesieve::_ctx_details::init ( bool _is64b = false,
ULONGLONG _rip = 0,
ULONGLONG _rsp = 0,
ULONGLONG _rbp = 0,
ULONGLONG _ret_addr = 0 )
inline

Definition at line 117 of file thread_scanner.h.

Member Data Documentation

◆ is64b

bool pesieve::_ctx_details::is64b

Definition at line 98 of file thread_scanner.h.

◆ is_managed

bool pesieve::_ctx_details::is_managed

Definition at line 106 of file thread_scanner.h.

◆ is_ret_as_syscall

bool pesieve::_ctx_details::is_ret_as_syscall

Definition at line 104 of file thread_scanner.h.

◆ is_ret_in_frame

bool pesieve::_ctx_details::is_ret_in_frame

Definition at line 105 of file thread_scanner.h.

◆ last_ret

ULONGLONG pesieve::_ctx_details::last_ret

Definition at line 102 of file thread_scanner.h.

◆ rbp

ULONGLONG pesieve::_ctx_details::rbp

Definition at line 101 of file thread_scanner.h.

◆ ret_on_stack

ULONGLONG pesieve::_ctx_details::ret_on_stack

Definition at line 103 of file thread_scanner.h.

◆ rip

ULONGLONG pesieve::_ctx_details::rip

Definition at line 99 of file thread_scanner.h.

◆ rsp

ULONGLONG pesieve::_ctx_details::rsp

Definition at line 100 of file thread_scanner.h.

◆ shcCandidates

std::set<ULONGLONG> pesieve::_ctx_details::shcCandidates

Definition at line 108 of file thread_scanner.h.

◆ stackFramesCount

size_t pesieve::_ctx_details::stackFramesCount

Definition at line 107 of file thread_scanner.h.

The documentation for this struct was generated from the following file:
Generated by doxygen 1.12.0