PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Attributes | List of all members
pesieve::_thread_ctx Struct Reference

A custom structure keeping a fragment of a thread context. More...

#include <thread_scanner.h>

Public Attributes

bool is64b
 
ULONGLONG rip
 
ULONGLONG rsp
 
ULONGLONG rbp
 
ULONGLONG ret_addr
 
bool is_managed
 

Detailed Description

A custom structure keeping a fragment of a thread context.

Definition at line 78 of file thread_scanner.h.

Member Data Documentation

◆ is64b

bool pesieve::_thread_ctx::is64b

Definition at line 79 of file thread_scanner.h.

◆ is_managed

bool pesieve::_thread_ctx::is_managed

Definition at line 84 of file thread_scanner.h.

◆ rbp

ULONGLONG pesieve::_thread_ctx::rbp

Definition at line 82 of file thread_scanner.h.

◆ ret_addr

ULONGLONG pesieve::_thread_ctx::ret_addr

Definition at line 83 of file thread_scanner.h.

◆ rip

ULONGLONG pesieve::_thread_ctx::rip

Definition at line 80 of file thread_scanner.h.

◆ rsp

ULONGLONG pesieve::_thread_ctx::rsp

Definition at line 81 of file thread_scanner.h.

The documentation for this struct was generated from the following file:
Generated by doxygen 1.10.0