Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more

@hasherezade hasherezade released this Dec 30, 2019 · 2 commits to master since this release

pesieve_04

FEATURE

  • Detect Module Overloading (Issue #47 )
  • Allow for supplying PID in a hexadecimal form (Issue #49)
  • In a report: present the allocation type in form of a string (i.e. "MEM_IMAGE") instead of number

BUGFIX

  • Added fixing Entry Points of .NET modules (Issue #48 )
  • Fixed a bug causing false positives during patches detection (invalid identification of non-executable sections as executable)
  • Fixed a bug causing not dumping of some of the detected modules (invalid offset calculation during dump: Issue #45)
  • Improved detection of PEs embedded in a shellcode (Issue #44 )
  • More precise validation of found PE artefacts
Assets 6
You can’t perform that action at this time.