 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <windows.h>#include <psapi.h>#include <map>#include <peconv.h>#include "module_scan_report.h"#include "mempage_data.h"#include "scan_report.h"#include "../utils/format_util.h"#include "../utils/workingset_enum.h"#include "process_feature_scanner.h"#include "process_details.h"#include "../stats/multi_stats.h"#include "../stats/stats_analyzer.h"#include <sig_finder.h>Go to the source code of this file.
Classes | |
| class | pesieve::WorkingSetScanReport |
| A report from the working set scan, generated by WorkingSetScanner. More... | |
| class | pesieve::WorkingSetScanner |
| A scanner for detection of code implants in the process workingset. More... | |
Namespaces | |
| namespace | pesieve |
Macros | |
| #define | CALC_PAGE_STATS |
| #define CALC_PAGE_STATS |
Definition at line 17 of file workingset_scanner.h.
1.12.0