PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
Public Member Functions | Public Attributes | List of all members
pesieve::_ctx_details Struct Reference

A custom structure keeping a fragment of a thread context. More...

#include <thread_scanner.h>

Public Member Functions

 _ctx_details (bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)
 
void init (bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)
 

Public Attributes

bool is64b
 
ULONGLONG rip
 
ULONGLONG rsp
 
ULONGLONG rbp
 
ULONGLONG last_ret
 
ULONGLONG ret_on_stack
 
bool is_ret_as_syscall
 
bool is_ret_in_frame
 
bool is_managed
 
std::vector< ULONGLONG > callStack
 

Detailed Description

A custom structure keeping a fragment of a thread context.

Definition at line 40 of file thread_scanner.h.

Constructor & Destructor Documentation

◆ _ctx_details()

pesieve::_ctx_details::_ctx_details ( bool _is64b = false,
ULONGLONG _rip = 0,
ULONGLONG _rsp = 0,
ULONGLONG _rbp = 0,
ULONGLONG _ret_addr = 0 )
inline

Definition at line 52 of file thread_scanner.h.

Member Function Documentation

◆ init()

void pesieve::_ctx_details::init ( bool _is64b = false,
ULONGLONG _rip = 0,
ULONGLONG _rsp = 0,
ULONGLONG _rbp = 0,
ULONGLONG _ret_addr = 0 )
inline

Definition at line 58 of file thread_scanner.h.

Member Data Documentation

◆ callStack

std::vector<ULONGLONG> pesieve::_ctx_details::callStack

Definition at line 50 of file thread_scanner.h.

◆ is64b

bool pesieve::_ctx_details::is64b

Definition at line 41 of file thread_scanner.h.

◆ is_managed

bool pesieve::_ctx_details::is_managed

Definition at line 49 of file thread_scanner.h.

◆ is_ret_as_syscall

bool pesieve::_ctx_details::is_ret_as_syscall

Definition at line 47 of file thread_scanner.h.

◆ is_ret_in_frame

bool pesieve::_ctx_details::is_ret_in_frame

Definition at line 48 of file thread_scanner.h.

◆ last_ret

ULONGLONG pesieve::_ctx_details::last_ret

Definition at line 45 of file thread_scanner.h.

◆ rbp

ULONGLONG pesieve::_ctx_details::rbp

Definition at line 44 of file thread_scanner.h.

◆ ret_on_stack

ULONGLONG pesieve::_ctx_details::ret_on_stack

Definition at line 46 of file thread_scanner.h.

◆ rip

ULONGLONG pesieve::_ctx_details::rip

Definition at line 42 of file thread_scanner.h.

◆ rsp

ULONGLONG pesieve::_ctx_details::rsp

Definition at line 43 of file thread_scanner.h.

The documentation for this struct was generated from the following file:
Generated by doxygen 1.13.2