issues
search
hasherezade
/
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://hshrzd.wordpress.com/pe-sieve/
BSD 2-Clause "Simplified" License
3.01k
stars
421
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Query on supported architectures
#129
sridhard
opened
1 week ago
1
add `this->` to enhance readability of thread_scanner.cpp
#127
ya0guang
closed
4 months ago
1
fix a bug in results_dumper.cpp
#126
ya0guang
closed
4 months ago
1
Exe crashes after dump
#125
ghost
opened
5 months ago
6
help
#124
wzmooo
opened
5 months ago
3
Need help with PeSieve
#123
WiltedDeath
opened
8 months ago
4
can I add my own list of process, like malware in the laptop
#122
fasteddys
closed
7 months ago
1
Problem with VirtualQueryEx
#120
helloobaby
closed
11 months ago
2
Disk and memory PE headers comparision
#119
rabbitstack
closed
1 year ago
1
some question about source code
#117
helloobaby
closed
1 year ago
2
Include cmath in entropy.h
#116
jpohls1
closed
1 year ago
1
Rust Bindings
#114
0x4ndy
opened
1 year ago
5
[Question] How can I dump a specific module(dll) of an running process?
#111
JerryYOJ
closed
1 year ago
5
fix clang compile issues
#109
secDre4mer
closed
1 year ago
0
Undetected 64 bit shellcode
#108
hasherezade
closed
1 year ago
0
found Chrome.exe as suspicios
#106
xblack199
closed
1 year ago
5
Add JSON report as a buffer accessible through the API
#105
terrybr
closed
1 year ago
4
pe-sieve 0.3.4 API doesn't detect "Implanted" and "Implanted PE" + feature request.
#104
terrybr
closed
1 year ago
11
Process overwriting
#103
MariasStory
closed
2 years ago
1
Patch analyze bug?
#102
luciouskami
closed
2 years ago
3
Incremented buffer size for ignored files
#99
ladislav-zezula
closed
2 years ago
15
KERNEL32.VirtualProtectStub IAT hook Does not detect
#98
maskelihileci
closed
2 years ago
2
Overeager imports reconstruction
#97
hasherezade
closed
2 years ago
1
Error in appending a new Import Table
#96
hasherezade
closed
2 years ago
2
leak?
#95
core-c
closed
2 years ago
8
Lower down the number of disk operations
#94
AndyWatterman
opened
2 years ago
4
Not scanning .NET data
#93
hasherezade
closed
2 years ago
0
Blind spot in the IAT hooks scan
#92
hasherezade
closed
2 years ago
0
Do not include calls to own exports in the Import Table reconstruction
#91
hasherezade
closed
2 years ago
1
Improve detecting when to realign the payload
#90
hasherezade
closed
2 years ago
1
Improve recognizing when to rebuild import table from scratch
#89
hasherezade
closed
2 years ago
1
Recognize Virtual Table hooks
#88
hasherezade
closed
2 years ago
9
When i open pe-sieve the program runs but it says on the end: press any key to continue, and it closes, what is that?
#87
Robi1969
closed
2 years ago
2
Incomplete dump: unable to read inaccessible pages
#86
hasherezade
closed
3 years ago
1
Error reconstructing PE from the found artifacts (64 bit PE)
#85
hasherezade
opened
3 years ago
1
Crash on import reconstruction
#84
hasherezade
closed
3 years ago
1
[BUGFIX] Add missing header include for MinGW
#83
secDre4mer
closed
3 years ago
2
using UPX are scanned that hdr_modified
#82
muse117
closed
3 years ago
2
IAT hooking: detecting replaced function within the same DLL
#77
hasherezade
closed
2 years ago
0
Update process_privilege.cpp
#75
JohnLaTwC
closed
3 years ago
2
enhacement
#74
noamlima
closed
3 years ago
1
Broken detection of ASPack
#73
hasherezade
closed
3 years ago
1
Updates from Source Repo
#72
CerebralMischief
closed
3 years ago
1
Linking with libpe-sieve.a fails (MinGW)
#71
hillu
opened
4 years ago
8
Remove the displayed strings in the quiet mode
#69
hasherezade
opened
4 years ago
0
Issues with querying virtual memory of vmmem
#68
Jack-McDowell
closed
4 years ago
12
Fix target setting for PESIEVE_AS_STATIC_LIB
#67
hillu
closed
4 years ago
7
Broken detection of ASProtect
#66
hasherezade
closed
4 years ago
1
Broken hexadecimal PID
#65
hasherezade
closed
4 years ago
1
Lots of compiler warnings
#64
FuccDucc
closed
2 years ago
2
Next