Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
BSD 2-Clause "Simplified" License
2.97k
stars
420
forks
source link
Broken detection of ASProtect #66
Closed
hasherezade closed 3 years ago
Since the release > 0.2.3 detection of ASProtect got broken. Testcase:
The reason is, the code section is not set as executable:
and mistakenly the scan is omitted.