The pointer to the function at GuardCFCheckFunctionPointer is overwritten. PE-sieve detects this as a patch, creating unnecessary noise.
This type of patches should be filtered out by default.
Test case:
Normaliz.dll
(i.e. in the process: explorer.exe)
on Windows 8.1 64bit
Details:
The pointer to the function is located in the scanned section (.text):
Detected patch:
The pointer to the function at GuardCFCheckFunctionPointer is overwritten. PE-sieve detects this as a patch, creating unnecessary noise. This type of patches should be filtered out by default.
Test case:
Details:
The pointer to the function is located in the scanned section (.text):
Detected patch:
