PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A custom structure keeping a fragment of a thread context. More...
#include <thread_scanner.h>
Public Attributes | |
bool | is64b |
ULONGLONG | rip |
ULONGLONG | rsp |
ULONGLONG | rbp |
ULONGLONG | ret_addr |
bool | is_managed |
A custom structure keeping a fragment of a thread context.
Definition at line 78 of file thread_scanner.h.
bool pesieve::_thread_ctx::is64b |
Definition at line 79 of file thread_scanner.h.
bool pesieve::_thread_ctx::is_managed |
Definition at line 84 of file thread_scanner.h.
ULONGLONG pesieve::_thread_ctx::rbp |
Definition at line 82 of file thread_scanner.h.
ULONGLONG pesieve::_thread_ctx::ret_addr |
Definition at line 83 of file thread_scanner.h.
ULONGLONG pesieve::_thread_ctx::rip |
Definition at line 80 of file thread_scanner.h.
ULONGLONG pesieve::_thread_ctx::rsp |
Definition at line 81 of file thread_scanner.h.