/pe-sieve

Scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.

Primary LanguageCBSD 2-Clause "Simplified" LicenseBSD-2-Clause

PE-sieve

Build status License

PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
Detects inline hooks, hollowed processes etc.

uses library: https://github.com/hasherezade/libpeconv.git

Clone:

Use recursive clone to get the repo together with the submodule:

git clone --recursive https://github.com/hasherezade/pe-sieve.git

Latest builds*:

*those builds are available for testing and they may be ahead of the official release: