Giters

Neo23x0 / pe-sieve

a small tool for investigating inline hooks (and other in-memory code patches)

Home Page:https://hshrzd.wordpress.com/pe-sieve/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PE-sieve

Build status

PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
Detects inline hooks, hollowed processes etc.

uses library: https://github.com/hasherezade/libpeconv.git

Clone:

git clone https://github.com/hasherezade/pe-sieve.git
cd pe-sieve
git clone https://github.com/hasherezade/libpeconv.git

Compiled versions:

32bit: https://drive.google.com/uc?export=download&id=1TWRF1BtTEHMdd42CPZXpSmOxO9DFlovL
64bit: https://drive.google.com/uc?export=download&id=1-LvYrTMJpp4LVo_2fBN5urz2DTezEJvi

About

a small tool for investigating inline hooks (and other in-memory code patches)

https://hshrzd.wordpress.com/pe-sieve/

License:BSD 2-Clause "Simplified" License

Languages

Language:C++ 96.4%Language:CMake 3.3%Language:C 0.3%