Detects code differentials between executables in disk and the corresponding processes/modules in memory
pip install -r requirements.txt
python windows_memory_patches.py
The script needs Administrator/SYSTEM privileges in order to analyze all the processes in memory.
At the moment, it doesn't check WoW64 processes at all.