Stay up to date on releases
Create your free account today to subscribe to this repository for notifications about new releases, and build software alongside 40 million developers on GitHub.
Sign up for free See pricing for teams and enterprises
hasherezade
released this
FEATURE
- Detect Module Overloading (Issue #47 )
- Allow for supplying PID in a hexadecimal form (Issue #49)
- In a report: present the allocation type in form of a string (i.e. "MEM_IMAGE") instead of number
BUGFIX
- Added fixing Entry Points of .NET modules (Issue #48 )
- Fixed a bug causing false positives during patches detection (invalid identification of non-executable sections as executable)
- Fixed a bug causing not dumping of some of the detected modules (invalid offset calculation during dump: Issue #45)
- Improved detection of PEs embedded in a shellcode (Issue #44 )
- More precise validation of found PE artefacts
