Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
BSD 2-Clause "Simplified" License
3.06k
stars
425
forks
source link
Patch analyze bug? #102
Closed
luciouskami closed 2 years ago
Hi,i've used the pe-sieve (version 0.3.4) to scan the process,but some results of patches are not correct. For example:
Both the hook type and the rva are not correct,the correct rva maybe