Skip to content

Commit

Permalink
Merge branch 'pattern_report2'
Browse files Browse the repository at this point in the history
  • Loading branch information
@hasherezade
hasherezade committed Feb 15, 2024
2 parents a89581e + b4be608 commit be95cd9
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 5 deletions.
4 changes: 2 additions & 2 deletions hh_ver_short.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@
#define HH_MAJOR_VERSION 0
#define HH_MINOR_VERSION 3
#define HH_MICRO_VERSION 8
#define HH_PATCH_VERSION 1
#define HH_PATCH_VERSION 2

#define HH_VERSION_STR "0.3.8.1"
#define HH_VERSION_STR "0.3.8.2"
1 change: 1 addition & 0 deletions main.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ t_pesieve_res deploy_scan(t_hh_params &hh_args)
void free_params(t_params& args)
{
free_strparam(args.modules_ignored);
free_strparam(args.pattern_file);
}

int main(int argc, char *argv[])
Expand Down
10 changes: 8 additions & 2 deletions params_info/params.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ using namespace pesieve;
#define PARAM_KILL "kill"
#define PARAM_UNIQUE_DIR "uniqd"
#define PARAM_DIR "dir"
#define PARAM_PATTERN "pattern"
#define PARAM_MINIDUMP "minidmp"
#define PARAM_LOG "log"
#define PARAM_JSON "json"
Expand Down Expand Up @@ -247,6 +248,9 @@ class HHParams : public Params
}
}

this->addParam(new StringParam(PARAM_PATTERN, false));
this->setInfo(PARAM_PATTERN, "Set additional shellcode patterns (file in the SIG format).");

//PARAM_DOTNET_POLICY
enumParam = new EnumParam(PARAM_DOTNET_POLICY, "dotnet_policy", false);
if (enumParam) {
Expand Down Expand Up @@ -308,7 +312,8 @@ class HHParams : public Params
this->addParamToGroup(PARAM_OBFUSCATED, str_group);
this->addParamToGroup(PARAM_THREADS, str_group);
this->addParamToGroup(PARAM_HOOKS, str_group);

this->addParamToGroup(PARAM_PATTERN, str_group);

str_group = "5. dump options";
this->addGroup(new ParamGroup(str_group));
this->addParamToGroup(PARAM_MINIDUMP, str_group);
Expand Down Expand Up @@ -372,7 +377,6 @@ class HHParams : public Params
copyVal<BoolParam>(PARAM_HOOKS, hooks);
ps.pesieve_args.no_hooks = hooks ? false : true;

copyVal<StringParam>(PARAM_DIR, ps.out_dir);
copyVal<BoolParam>(PARAM_UNIQUE_DIR, ps.unique_dir);
copyVal<BoolParam>(PARAM_SUSPEND, ps.suspend_suspicious);
copyVal<BoolParam>(PARAM_KILL, ps.kill_suspicious);
Expand Down Expand Up @@ -440,5 +444,7 @@ class HHParams : public Params
copyVal<EnumParam>(PARAM_DOTNET_POLICY, ps.dotnet_policy);
copyVal<EnumParam>(PARAM_DATA, ps.data);
copyVal<EnumParam>(PARAM_DUMP_MODE, ps.dump_mode);

fillStringParam(PARAM_PATTERN, ps.pattern_file);
}
};
2 changes: 1 addition & 1 deletion pe-sieve
Submodule pe-sieve updated 19 files
+1 −0 CMakeLists.txt
+1 −0 include/pe_sieve_types.h
+1 −0 main.cpp
+6 −0 params.h
+29 −1 pe_sieve.cpp
+1 −1 pe_sieve_ver_short.h
+6 −2 postprocessors/dump_report.cpp
+2 −1 postprocessors/dump_report.h
+1 −1 postprocessors/imp_rec/imp_reconstructor.h
+12 −1 postprocessors/results_dumper.cpp
+1 −0 scanners/mempage_data.h
+3 −1 scanners/scan_report.cpp
+52 −16 scanners/workingset_scanner.cpp
+14 −0 scanners/workingset_scanner.h
+1 −1 sig_finder
+175 −0 utils/artefacts_util - Copy.cpp
+88 −89 utils/artefacts_util.cpp
+18 −4 utils/artefacts_util.h
+80 −0 utils/code_patterns.h

0 comments on commit be95cd9

Please sign in to comment.