Skip to content

Commit

Permalink
[BUGFIX] Fixed mignore option (filtering out ignored modules)
Browse files Browse the repository at this point in the history
  • Loading branch information
hasherezade committed Jun 15, 2020
1 parent 2b66204 commit 443926a
Showing 1 changed file with 11 additions and 10 deletions.
21 changes: 11 additions & 10 deletions scanners/scanner.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,15 @@ size_t pesieve::ProcessScanner::scanModules(ProcessScanReport &pReport) //throw

//load module from file:
ModuleData modData(processHandle, hMods[counter]);
ModuleScanReport *mappingScanReport = this->scanForMappingMismatch(modData, pReport);
if (!modData.loadOriginal()) {
if (!args.quiet) {
std::cout << "[!][" << args.pid << "] Suspicious: could not read the module file!" << std::endl;
}
//make a report that finding original module was not possible
pReport.appendReport(new UnreachableModuleReport(processHandle, hMods[counter], 0, modData.szModName));
continue;
}

// Don't scan modules that are in the ignore list
std::string plainName = peconv::get_file_name(modData.szModName);
Expand All @@ -256,23 +265,15 @@ size_t pesieve::ProcessScanner::scanModules(ProcessScanReport &pReport) //throw
if (pReport.exportsMap && modData.loadOriginal()) {
pReport.exportsMap->add_to_lookup(modData.szModName, (HMODULE)modData.original_module, (ULONGLONG)modData.moduleHandle);
}
continue;
}

ModuleScanReport *mappingScanReport = this->scanForMappingMismatch(modData, pReport);

if (!modData.loadOriginal()) {
if (!args.quiet) {
std::cout << "[!][" << args.pid << "] Suspicious: could not read the module file!" << std::endl;
std::cout << "[*] Skipping ignored: " << std::hex << (ULONGLONG)modData.moduleHandle << " : " << modData.szModName << std::endl;
}
//make a report that finding original module was not possible
pReport.appendReport(new UnreachableModuleReport(processHandle, hMods[counter], 0, modData.szModName));
pReport.appendReport(new SkippedModuleReport(processHandle, modData.moduleHandle, modData.original_size, modData.szModName));
continue;
}
if (!args.quiet) {
std::cout << "[*] Scanning: " << modData.szModName << std::endl;
}

if (modData.isDotNet()) {
#ifdef _DEBUG
std::cout << "[*] Skipping a .NET module: " << modData.szModName << std::endl;
Expand Down

0 comments on commit 443926a

Please sign in to comment.