 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <syscall_extractor.h>
Public Member Functions | |
| SyscallTable () | |
| bool | isReady () |
| std::string | getSyscallName (DWORD id) |
Static Public Member Functions | |
| static bool | isSyscallDll (const std::string &libName) |
| static bool | isSyscallFunc (const std::string &funcName, bool NtOnly=false) |
| static bool | isSameSyscallFunc (const std::string &func1, const std::string &func2) |
Public Attributes | |
| std::map< DWORD, std::string > | syscallToName |
Definition at line 13 of file syscall_extractor.h.
|
inline |
|
inline |
Definition at line 94 of file syscall_extractor.h.
|
inline |
Definition at line 89 of file syscall_extractor.h.
|
inlinestatic |
Definition at line 51 of file syscall_extractor.h.
|
inlinestatic |
Definition at line 15 of file syscall_extractor.h.
|
inlinestatic |
Definition at line 26 of file syscall_extractor.h.
| std::map<DWORD, std::string> pesieve::SyscallTable::syscallToName |
Definition at line 103 of file syscall_extractor.h.
1.17.0
