Giters

REal0day / pe-sieve

Scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.

Home Page:https://hshrzd.wordpress.com/pe-sieve/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PE-sieve

Build status License

PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
Detects inline hooks, hollowed processes etc.

uses library: https://github.com/hasherezade/libpeconv.git

Clone:

Use recursive clone to get the repo together with the submodule:

git clone --recursive https://github.com/hasherezade/pe-sieve.git

Latest builds*:

*those builds are available for testing and they may be ahead of the official release:

About

Scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.

https://hshrzd.wordpress.com/pe-sieve/

License:BSD 2-Clause "Simplified" License

Languages

Language:C 54.0%Language:C++ 44.8%Language:CMake 1.2%