5. API
PE-sieve (DLL version) exposes a small API.
In order to use it in your projects you need to include the following headers:
Currently, 3 elements are exported:
Their definitions are in the header pe-sieve/include/pe_sieve_api.h:
#define PESIEVE_API_FUNC __cdecl
DWORD PESIEVE_API PESieve_version;
void PESIEVE_API_FUNC PESieve_help(void);
PEsieve_report PESIEVE_API_FUNC PESieve_scan(PEsieve_params args);📚 A complete, up-to date documentation is available here
header:
extern const DWORD PESIEVE_API PESieve_version;role : information
- PE-sieve version in a
DWORDform.
header:
void PESIEVE_API_FUNC PESieve_help(void);role: information
- Shows a MessageBox with the informations about PE-sieve.
header:
PEsieve_report PESIEVE_API_FUNC PESieve_scan(const PEsieve_params args);role : scan
- Performs a PE-sieve scan with a supplied set of parameters (defined as a structure
t_params). Returns a summary of the scan in a variable of typet_report.
header:
PEsieve_report PESIEVE_API_FUNC PESieve_scan_ex(IN const PEsieve_params args, IN const PEsieve_rtype rtype, OUT char* json_buf, IN size_t json_buf_size, OUT size_t *buf_needed_size);role : scan
-
PESieve_scan_exis an enriched version ofPESieve_scan, allowing to retrieve scan and dump JSON reports directly into the supplied memory buffer. - Performs a PE-sieve scan with a supplied set of parameters (defined as a structure
t_params). The JSON report (of the type defined by:PEsieve_rtype->t_report_type) will be filled into the supplied buffer. The maximal size of the buffer must be supplied injson_buf_size. The size that was actually needed to fit in the complete report will be returned inbuf_needed_size. If the whole report was not possible to fit in to the supplied buffer, it will be truncated. The function returns a summary of the scan in a variable of typePEsieve_report->t_report.