Add JSON report as a buffer accessible through the API

hasherezade / pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

https://hshrzd.wordpress.com/pe-sieve/

BSD 2-Clause "Simplified" License

2.97k stars 420 forks source link

Add JSON report as a buffer accessible through the API #105

Closed terrybr closed 1 year ago

terrybr commented 2 years ago

Hi,

It would be very useful if the scan results can be accessed through the API as a buffer.

Thank you! Terry

hasherezade commented 2 years ago

Hi! sure, I will add it soon!

hasherezade commented 1 year ago

@terrybr I added a new API function: PESieve_scan_ex - please check it out and let me know if this is what you expected.

For now it is just the scan report, but I will eventually combine the scan report and dump report in one (each in a separate section).

terrybr commented 1 year ago

@hasherezade The new API function works as expected! Thank you so much!

hasherezade commented 1 year ago

@terrybr - the new function (with some improvements) is included in the official release 0.3.5 - please check it out!