[go: up one dir, main page]
Skip to content

hasherezade/pesieve-go

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
go.mod
go.mod
 
 
pesieve.go
pesieve.go
 
 

Repository files navigation

pesieve-go

Golang bindings for PE-sieve.

Requires pe-sieve32.dll, pe-sieve64.dll (of a supported version) to be present in the project directory, or in a path pointed by the environment variable: PESIEVE_DIR.

API

Exposes the following wrappers for PE-sieve API:

PESieveVersion uint32
func PESieveHelp()
func PESieveScan(pp PEsieveParams) PEsieveReport 
func PESieveScanEx(pp PEsieveParams, rtype t_report_type, jsonMaxSize uint32) (PEsieveReport, string, uint32)

Demo

package main

import (
	"fmt"
	"syscall"
	"github.com/hasherezade/pesieve-go"
)

// Scan the current process
func ScanThis(myPid uint32) string {

	var mods = string("kernel32.dll")
	ignoredBuf := make([]byte, len(mods)+1)
	copy(ignoredBuf[:], mods)

	// Set up the scan parameters
	pp := pesieve.PEsieveParams{
		Pid:      myPid,
		Threads:  true,
		Shellcode: pesieve.SHELLC_PATTERNS,
		Quiet:    true,
		JsonLvl: pesieve.JSON_DETAILS2,
		ModulesIgnored : pesieve.PARAM_STRING { Buffer: ignoredBuf, Length: uint32(len(mods)) },
	}
	copy(pp.OutputDir[:], "MyDemoDir")

	const rtype = pesieve.REPORT_ALL
	const jsonMaxLen = 2000
	_, json, _ := pesieve.PESieveScanEx(pp, rtype, jsonMaxLen)
	return json
}


func main() {
	message := ScanThis( uint32(syscall.Getpid()) )
	fmt.Println(message)
}

About

Golang bindings for PE-sieve

Resources

Readme
Activity

Stars

40 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages