PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <stats_analyzer.h>
Public Member Functions | |
AreaInfo () | |
AreaInfo (const AreaInfo &p1) | |
bool | hasMatchAt (const std::string &ruleName) |
bool | hasAnyMatch () |
virtual const bool | toJSON (std::stringstream &outs, size_t level) |
virtual const void | fieldsToJSON (std::stringstream &outs, size_t level) |
Public Attributes | |
std::vector< std::string > | matchedRules |
Definition at line 69 of file stats_analyzer.h.
|
inline |
Definition at line 71 of file stats_analyzer.h.
Definition at line 76 of file stats_analyzer.h.
|
inline |
std::vector<std::string> pesieve::AreaInfo::matchedRules |
Definition at line 120 of file stats_analyzer.h.