Does it detect process hollowing

hasherezade / libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

https://hasherezade.github.io/libpeconv

BSD 2-Clause "Simplified" License

1.07k stars 176 forks source link

Does it detect process hollowing #6

Closed DefenderLab closed 5 years ago

hasherezade commented 5 years ago

No, libpeconv is not meant for any detection. As mentioned in the description it is "a library to load, manipulate, dump PE files". If you are looking for some tool for detection of process hollowing, check my another project, PE-sieve: https://github.com/hasherezade/pe-sieve