thread_scanner.cpp File Reference

#include "thread_scanner.h"
#include <peconv.h>
#include "mempage_data.h"
#include "../utils/process_util.h"
#include "../utils/ntddk.h"
#include "../stats/stats.h"
#include "../utils/process_symbols.h"
#include "../utils/syscall_extractor.h"
#include "../utils/artefacts_util.h"

Go to the source code of this file.

Classes
struct	_t_stack_enum_params

Namespaces
namespace	pesieve

Macros
#define	ENTROPY_TRESHOLD   3.0

Typedefs
typedef struct _t_stack_enum_params	t_stack_enum_params

Functions
bool	pesieve::is_thread_running (HANDLE hThread)
bool	get_page_details (HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &page_info)
DWORD WINAPI	enum_stack_thread (LPVOID lpParam)
template<typename PTR_T>
bool	pesieve::read_return_ptr (IN HANDLE hProcess, IN OUT ctx_details &cDetails)
bool	should_scan_context (const util::thread_info &info)

Variables
pesieve::SyscallTable	g_SyscallTable

Macro Definition Documentation

ENTROPY_TRESHOLD

#define ENTROPY_TRESHOLD   3.0

Definition at line 13 of file thread_scanner.cpp.

Typedef Documentation

t_stack_enum_params

typedef struct _t_stack_enum_params t_stack_enum_params

Function Documentation

enum_stack_thread()

DWORD WINAPI enum_stack_thread

(

LPVOID

lpParam

)

Definition at line 71 of file thread_scanner.cpp.

get_page_details()

bool get_page_details	(	HANDLE	processHandle,
		LPVOID	start_va,
		MEMORY_BASIC_INFORMATION &	page_info )

Definition at line 58 of file thread_scanner.cpp.

should_scan_context()

bool should_scan_context

(

const util::thread_info &

info

)

Definition at line 642 of file thread_scanner.cpp.

Here is the call graph for this function:

Variable Documentation

g_SyscallTable

pesieve::SyscallTable g_SyscallTable

extern

Definition at line 24 of file pe_sieve.cpp.