[FEATURE] Updated pe-sieve. Support the new rebase parameter

hasherezade · Nov 1, 2024 · 05eddc7 · 05eddc7
1 parent a0bf057
commit 05eddc7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/params_info/params.h b/params_info/params.h
@@ -35,6 +35,7 @@ using namespace pesieve;
 //dump options:
 #define PARAM_IMP_REC "imp"
 #define PARAM_DUMP_MODE "dmode"
+#define PARAM_REBASE "rebase"
 
 //output options:
 #define PARAM_QUIET "quiet"
@@ -211,6 +212,10 @@ class HHParams : public Params
         this->addParam(new BoolParam(PARAM_MINIDUMP, false));
         this->setInfo(PARAM_MINIDUMP, "Create a minidump of the full suspicious process.");
 
+        //PARAM_DUMP_MODE
+        this->addParam(new BoolParam(PARAM_REBASE, false));
+        this->setInfo(PARAM_REBASE, "Rebase the module to its original base (if known).");
+
         //PARAM_SHELLCODE
         enumParam = new EnumParam(PARAM_SHELLCODE, "shellc_mode", false);
         if (enumParam) {
@@ -329,6 +334,7 @@ class HHParams : public Params
         this->addParamToGroup(PARAM_MINIDUMP, str_group);
         this->addParamToGroup(PARAM_IMP_REC, str_group);
         this->addParamToGroup(PARAM_DUMP_MODE, str_group);
+        this->addParamToGroup(PARAM_REBASE, str_group);
 
         str_group = "3. scan exclusions";
         this->addGroup(new ParamGroup(str_group));
@@ -482,6 +488,7 @@ class HHParams : public Params
 
         fillStringParam(PARAM_MODULES_IGNORE, ps.modules_ignored);
 
+        copyVal<BoolParam>(PARAM_REBASE, ps.rebase);
         copyVal<BoolParam>(PARAM_QUIET, ps.quiet);
         copyVal<EnumParam>(PARAM_JSON_LVL, ps.json_lvl);
 

diff --git a/pe-sieve b/pe-sieve
+4 −3		include/pe_sieve_types.h
+7 −2		params.h
+1 −1		pe_sieve.cpp
+4 −0		postprocessors/dump_report.cpp
+2 −1		postprocessors/dump_report.h
+10 −3		postprocessors/results_dumper.cpp
+10 −1		postprocessors/results_dumper.h