dllmain.cpp File Reference

#include "PanoptesPE.h"

Go to the source code of this file.

Functions
BOOL APIENTRY	DllMain (HMODULE module, DWORD dllAction, LPVOID lpReserved)
	The main entry point for the DLL.
PANO_API int	PanoBind (int ContainerPort)
	Bind to the Panoptes Service by sending a hello message containing the extensibility type and the port of the container that the extensibility is running in.
PANO_API bool	PanoEntry (PeScan *data, MemScan *mem_data)
	The entry point for the PE extensibility.
PANO_API bool	PanoUnbind ()

Function Documentation

DllMain()

BOOL APIENTRY DllMain	(	HMODULE	module,
		DWORD	dllAction,
		LPVOID	lpReserved
	)

The main entry point for the DLL.

Parameters

module	The module handle
dllAction	The action to take
lpReserved	Reserved

Returns

Definition at line 8 of file dllmain.cpp.

{
    switch (dllAction)
    {
    case DLL_PROCESS_ATTACH:
        //DisableThreadLibraryCalls(module);
        break;
    case DLL_THREAD_ATTACH:
        // Code to run when a thread is created
        break;
    case DLL_THREAD_DETACH:
        // Code to run when a thread ends
        break;
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

PanoBind()

PANO_API int PanoBind

(

int

ContainerPort

)

Bind to the Panoptes Service by sending a hello message containing the extensibility type and the port of the container that the extensibility is running in.

Parameters

ContainerPort

The port of the container that the extensibility is running in

Returns

The container port

Definition at line 31 of file dllmain.cpp.

{
    PanoptesServiceClient client = PanoptesServiceClient();
    if (!client.Hello(ExtensibilityType::EXTENSIBILITY_TYPE_PE, ContainerPort)) {
        return 0;
    }
 
    return ContainerPort;
}

References EXTENSIBILITY_TYPE_PE, and PanoptesServiceClient::Hello().

PanoEntry()

PANO_API bool PanoEntry	(	PeScan *	data,
		MemScan *	mem_data
	)

The entry point for the PE extensibility.

Parameters

data	The information about the file to be scanned
mem_data	The information about the memory to be scanned

Returns

True if the scan was successful, false otherwise

Definition at line 45 of file dllmain.cpp.

{
    if (data->PePath.empty()) {
        return false;
    }
 
    PortableExecutable pe = PortableExecutable(data->PePath);
    try {
        std::vector<std::string> imports = pe.GetImports();
        std::vector<std::pair<std::string, double>> sections = pe.GetSections();
        bool isSigned = pe.CheckIfSigned();
 
        PortableExecutable::PEScanData peData;
        peData.imports = imports;
        for (auto section : sections) {
            peData.sections.push_back(section.first);
            peData.section_entropy.push_back(section.second);
        }
 
        peData.isSigned = isSigned;
 
        PanoptesServiceClient client = PanoptesServiceClient();
        if (!client.SendResults_PE(data->PePath, peData)) {
            return false;
        }
    }
    catch (const exception& e) {
        return false;
    }
 
    return true;
}

References PortableExecutable::CheckIfSigned(), PortableExecutable::GetImports(), PortableExecutable::GetSections(), PortableExecutable::PEScanData::imports, PortableExecutable::PEScanData::isSigned, PeScan::PePath, PortableExecutable::PEScanData::section_entropy, PortableExecutable::PEScanData::sections, and PanoptesServiceClient::SendResults_PE().

PanoUnbind()

PANO_API bool PanoUnbind

(

)

Definition at line 78 of file dllmain.cpp.

{
    HMODULE hModule = GetModuleHandleA("PanoptesPE.dll");
    if (hModule != NULL) {
        FreeLibraryAndExitThread(hModule, 0);
    }
    return true;
}