-
Hi,i've used the pe-sieve (version 0.3.4) to scan the process,but some results of patches are not correct.
For example:
```
1e0105;addr_replaced_31->cccccccc;4
```
```json
{
"rva" : …
-
Hi,
I created few projects recently that could be useful for wider community:
https://github.com/op7ic/unix_collector -> A live forensic collection script for UNIX-like systems.
https://github.…
op7ic updated
2 years ago
-
python format_convertor.py --input_directory={input_directory} --output_file={output_file}
should be
python format_convertor.py --input_dir={input_directory} --output_file={output_file}
Than…
-
Hi there, Ron here.
Jak sie masz?
Great work hasherezade.. girl power.
### scan own working set
When your pe-sieve (static lib) is used to scan the process it is embedded in (current process), t…
-
Example - a virtual table (not patched):
The same table, patched:
!…
-
*…
-
**Sample:**
+ [ ce9f47913b5d50a6f0cc5f1b6c730956cdcc851e731d30ee11c18376a16e95ee ](https://www.virustotal.com/gui/file/ce9f47913b5d50a6f0cc5f1b6c730956cdcc851e731d30ee11c18376a16e95ee/detection)
C…
-
Hello hasherezade,
I believe there's a bug in libpeconv where a malware that doesn't have any relocation blocks returns the status: -1 in pe-sieve (with /jlvl 2) and thus is not processed.
I f…
-
Add pe-sieve check:
https://github.com/hasherezade/pe-sieve/releases
lprat updated
3 years ago