-
-
Save hasherezade/51f5e501947c3a690fa1b45e4d1e9b13 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include <pe_sieve_api.h> | |
| int main() | |
| { | |
| // Load PE-sieve.dll, and retrieve the function: | |
| HMODULE dll = LoadLibraryA("pe-sieve.dll"); | |
| FARPROC proc = GetProcAddress(dll, "PESieve_scan"); | |
| if (!proc) { | |
| std::cout << "Loading function failed!\n"; | |
| return -1; | |
| } | |
| auto _PESieve_scan_ex = reinterpret_cast<decltype(&PESieve_scan_ex)>(proc); | |
| auto _PESieve_scan = reinterpret_cast<decltype(&PESieve_scan)>(proc); | |
| // Set up the scan parameters | |
| PEsieve_params pp = { 0 }; | |
| pp.pid = GetCurrentProcessId(); // scan current process | |
| pp.threads = true; | |
| pp.shellcode = true; | |
| pp.quiet = false; | |
| char out_dir[] = "my_out_dir"; | |
| memcpy(pp.output_dir, out_dir, strlen(out_dir)); | |
| std::cout << "Size of the original struct: " << std::dec << sizeof(pp) << std::endl; | |
| const PEsieve_rtype rtype = pesieve::REPORT_ALL; | |
| // Perform the scan: | |
| std::cout << "Scanning:\n"; | |
| PEsieve_report report = _PESieve_scan(pp); | |
| std::cout << "Found suspicious: " << report.suspicious << "\n"; | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment