PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
threads_util.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include <map>
5
6#define INVALID_SYSCALL (-1)
7
8namespace pesieve {
9 namespace util {
10
11 typedef struct _thread_info_ext
12 {
13 ULONGLONG sys_start_addr;
14 DWORD state;
15 DWORD wait_reason;
16 DWORD wait_time;
17
18 _thread_info_ext()
19 {
20 this->sys_start_addr = 0;
21 this->state = 0;
22 this->wait_reason = 0;
23 this->wait_time = 0;
24 }
25
26 _thread_info_ext(const _thread_info_ext& other)
27 {
28 this->sys_start_addr = other.sys_start_addr;
29 this->state = other.state;
30 this->wait_reason = other.wait_reason;
31 this->wait_time = other.wait_time;
32 }
33
34 } thread_info_ext;
35
36 typedef struct _thread_info
37 {
38 DWORD tid;
39 ULONGLONG start_addr;
40 DWORD last_syscall;
41 bool is_extended;
42 bool is_filled;
43 thread_info_ext ext;
44
45 _thread_info(DWORD _tid = 0)
46 : tid(_tid),
47 start_addr(0), last_syscall(INVALID_SYSCALL),
48 is_extended(false), is_filled(false)
49 {
50 }
51
52 _thread_info(const _thread_info& other)
53 {
54 this->tid = other.tid;
55 this->start_addr = other.start_addr;
56 this->last_syscall = other.last_syscall;
57 this->is_extended = other.is_extended;
58 this->ext = other.ext;
59 this->is_filled = other.is_filled;
60 }
61
62 } thread_info;
63
64 size_t query_threads_details(IN OUT std::map<DWORD, thread_info>& threads_info);
65
66 bool fetch_threads_info(IN DWORD pid, OUT std::map<DWORD, thread_info>& threads_info);
67
68 bool fetch_threads_by_snapshot(IN DWORD pid, OUT std::map<DWORD, thread_info>& threads_info);
69
70 }; // namespace util
71}; // namespace pesieve
pesieve::util::fetch_threads_by_snapshot
bool fetch_threads_by_snapshot(IN DWORD pid, OUT std::map< DWORD, thread_info > &threads_info)
Definition threads_util.cpp:143
pesieve::util::thread_info_ext
struct pesieve::util::_thread_info_ext thread_info_ext
pesieve::util::query_threads_details
size_t query_threads_details(IN OUT std::map< DWORD, thread_info > &threads_info)
pesieve::util::DWORD
DWORD(__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle
pesieve::util::thread_info
struct pesieve::util::_thread_info thread_info
pesieve::util::fetch_threads_info
bool fetch_threads_info(IN DWORD pid, OUT std::map< DWORD, thread_info > &threads_info)
Definition threads_util.cpp:73
pesieve::util::_thread_info_ext::sys_start_addr
ULONGLONG sys_start_addr
Definition threads_util.h:13
pesieve::util::_thread_info_ext::wait_reason
DWORD wait_reason
Definition threads_util.h:15
pesieve::util::_thread_info_ext::_thread_info_ext
_thread_info_ext()
Definition threads_util.h:18
pesieve::util::_thread_info_ext::_thread_info_ext
_thread_info_ext(const _thread_info_ext &other)
Definition threads_util.h:26
pesieve::util::_thread_info_ext::state
DWORD state
Definition threads_util.h:14
pesieve::util::_thread_info_ext::wait_time
DWORD wait_time
Definition threads_util.h:16
pesieve::util::_thread_info::is_filled
bool is_filled
Definition threads_util.h:42
pesieve::util::_thread_info::start_addr
ULONGLONG start_addr
Definition threads_util.h:39
pesieve::util::_thread_info::tid
DWORD tid
Definition threads_util.h:38
pesieve::util::_thread_info::_thread_info
_thread_info(const _thread_info &other)
Definition threads_util.h:52
pesieve::util::_thread_info::last_syscall
DWORD last_syscall
Definition threads_util.h:40
pesieve::util::_thread_info::is_extended
bool is_extended
Definition threads_util.h:41
pesieve::util::_thread_info::_thread_info
_thread_info(DWORD _tid=0)
Definition threads_util.h:45
pesieve::util::_thread_info::ext
thread_info_ext ext
Definition threads_util.h:43
INVALID_SYSCALL
#define INVALID_SYSCALL
Definition threads_util.h:6
Generated by doxygen 1.17.0