 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include "syscall_extractor.h"#include <windows.h>#include <peconv.h>#include <iostream>#include "process_util.h"Go to the source code of this file.
Namespaces | |
| namespace | pesieve |
| namespace | pesieve::util |
Functions | |
| bool | pesieve::util::isSyscallFunc (const std::string &funcName) |
| size_t | pesieve::util::extract_syscalls (BYTE *pe_buf, size_t pe_size, std::map< DWORD, std::string > &syscallToName, size_t startID=0) |
| size_t | pesieve::util::extract_from_dll (IN const std::string &path, size_t startSyscallID, OUT std::map< DWORD, std::string > &syscallToName) |
1.12.0