Detects code differentials between executables in disk and the corresponding processes/modules in memory
pip install ctypes
pip install winappdbg
pip install pywin32
pip install pypiwin32
pip install pefile
pip install capstone
python windows_memory_patches.py
The script needs Administrator/SYSTEM privileges in order to analyze all the processes in memory