thread_scanner.cpp File Reference

#include "thread_scanner.h"
#include <peconv.h>
#include "mempage_data.h"
#include "../utils/process_util.h"
#include "../utils/ntddk.h"
#include "../stats/stats.h"
#include "../utils/process_symbols.h"
#include "../utils/syscall_extractor.h"
#include "../utils/artefacts_util.h"

Go to the source code of this file.

Namespaces
namespace	pesieve

Macros
#define	ENTROPY_THRESHOLD   3.0
#define	ENTROPY_ENC_THRESHOLD   6.0

Functions
bool	pesieve::is_thread_running (HANDLE hThread)
bool	get_page_details (HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &page_info)
size_t	enum_callstack (IN ProcessSymbolsManager *symbols, const pesieve::ctx_details &cDetails, IN HANDLE hThread, IN LPVOID ctx, DWORD MachineType, std::vector< ULONGLONG > &callStack)
template<typename PTR_T>
bool	pesieve::read_return_ptr (IN HANDLE hProcess, IN OUT ctx_details &cDetails)
bool	should_scan_context (const util::thread_info &info)

Variables
pesieve::SyscallTable	g_SyscallTable

Macro Definition Documentation

ENTROPY_ENC_THRESHOLD

#define ENTROPY_ENC_THRESHOLD   6.0

Definition at line 14 of file thread_scanner.cpp.

ENTROPY_THRESHOLD

#define ENTROPY_THRESHOLD   3.0

Definition at line 13 of file thread_scanner.cpp.

Function Documentation

enum_callstack()

size_t enum_callstack	(	IN ProcessSymbolsManager *	symbols,
		const pesieve::ctx_details &	cDetails,
		IN HANDLE	hThread,
		IN LPVOID	ctx,
		DWORD	MachineType,
		std::vector< ULONGLONG > &	callStack )

Definition at line 334 of file thread_scanner.cpp.

get_page_details()

bool get_page_details	(	HANDLE	processHandle,
		LPVOID	start_va,
		MEMORY_BASIC_INFORMATION &	page_info )

Definition at line 43 of file thread_scanner.cpp.

should_scan_context()

bool should_scan_context

(

const util::thread_info &

info

)

Definition at line 644 of file thread_scanner.cpp.

Here is the call graph for this function:

Variable Documentation

g_SyscallTable

pesieve::SyscallTable g_SyscallTable

extern

Definition at line 24 of file pe_sieve.cpp.