hasherezade/pe-sieve

Issues

• x64 build version 0.4.0.1 silently crashes

  #132 opened 22 days ago by greenozon
  4

• Import reconstruction misses some entries

  #131 opened a month ago by hasherezade
  1

• ModuleData not properly initialized

  #130 opened 4 months ago by Ph3r0X1337
  3

• Query on supported architectures

  #129 opened 7 months ago by sridhard
  1

• Exe crashes after dump

  #125 opened a year ago by Yehh22
  6

• help

  #124 opened a year ago by wzmooo
  3

• can I add my own list of process, like malware in the laptop

  #122 opened a year ago by fasteddys
  1

• Need help with PeSieve

  #123 opened a year ago by WiltedDeath
  4

• Rust Bindings

  #114 opened 2 years ago by 0x4ndy
  5

• Problem with VirtualQueryEx

  #120 opened 2 years ago by helloobaby
  2

• Disk and memory PE headers comparision

  #119 opened 2 years ago by rabbitstack
  1

• some question about source code

  #117 opened 2 years ago by helloobaby
  2

• Linking with libpe-sieve.a fails (MinGW)

  #71 opened 5 years ago by hillu
  8

• found Chrome.exe as suspicios

  #106 opened 2 years ago by xblack199
  5

• [Question] How can I dump a specific module(dll) of an running process?

  #111 opened 2 years ago by JerryYOJ
  5

• Undetected 64 bit shellcode

  #108 opened 2 years ago by hasherezade
  0

• pe-sieve 0.3.4 API doesn't detect "Implanted" and "Implanted PE" + feature request.

  #104 opened 2 years ago by terrybr
  11

• Add JSON report as a buffer accessible through the API

  #105 opened 2 years ago by terrybr
  4

• Lots of compiler warnings

  #64 opened 3 years ago by FuccDucc
  2

• When i open pe-sieve the program runs but it says on the end: press any key to continue, and it closes, what is that?

  #87 opened 3 years ago by Robi1969
  2

• Process overwriting

  #103 opened 3 years ago by MariasStory
  1

• Patch analyze bug?

  #102 opened 3 years ago by luciouskami
  3

• leak?

  #95 opened 3 years ago by core-c
  8

• KERNEL32.VirtualProtectStub IAT hook Does not detect

  #98 opened 3 years ago by maskelihileci
  2

• IAT hooking: detecting replaced function within the same DLL

  #77 opened 3 years ago by hasherezade
  0

• Blind spot in the IAT hooks scan

  #92 opened 3 years ago by hasherezade
  0

• Recognize Virtual Table hooks

  #88 opened 4 years ago by hasherezade
  9

• Lower down the number of disk operations

  #94 opened 3 years ago by AndyWatterman
  4

• Error in appending a new Import Table

  #96 opened 3 years ago by hasherezade
  2

• Overeager imports reconstruction

  #97 opened 3 years ago by hasherezade
  1

• Not scanning .NET data

  #93 opened 4 years ago by hasherezade
  0

• Do not include calls to own exports in the Import Table reconstruction

  #91 opened 4 years ago by hasherezade
  1

• Improve detecting when to realign the payload

  #90 opened 4 years ago by hasherezade
  1

• Improve recognizing when to rebuild import table from scratch

  #89 opened 4 years ago by hasherezade
  1

• Incomplete dump: unable to read inaccessible pages

  #86 opened 4 years ago by hasherezade
  1

• Error reconstructing PE from the found artifacts (64 bit PE)

  #85 opened 4 years ago by hasherezade
  1

• Crash on import reconstruction

  #84 opened 4 years ago by hasherezade
  1

• using UPX are scanned that hdr_modified

  #82 opened 4 years ago by muse117
  2

• enhacement

  #74 opened 4 years ago by noamlima
  1

• Broken detection of ASPack

  #73 opened 4 years ago by hasherezade
  1

• Broken detection of ASProtect

  #66 opened 5 years ago by hasherezade
  1

• Remove the displayed strings in the quiet mode

  #69 opened 5 years ago by hasherezade
  0

• Issues with querying virtual memory of vmmem

  #68 opened 5 years ago by Jack-McDowell
  12

• Broken hexadecimal PID

  #65 opened 5 years ago by hasherezade
  1

• Could not read the remote PE

  #58 opened 5 years ago by bartblaze
  4

• Detect IAT patching

  #57 opened 5 years ago by hasherezade
  1

• Path parsing mismatch resulting in false positive

  #51 opened 5 years ago by Jack-McDowell
  8

• Offset of the original Import Table is replaced pointing to its part

  #56 opened 5 years ago by hasherezade
  1

• We miss you on youtube... please come back.

  #55 opened 5 years ago by pedroflor
  1

• Silent mode still outputting information

  #52 opened 5 years ago by Jack-McDowell
  0