Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
-
Updated
Jun 14, 2024 - C++
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
WinDBG Anti-RootKit Extension
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
Tool to extract contents from the memory of Windows systems.
Add a description, image, and links to the memory-forensics topic page so that developers can more easily learn about it.
To associate your repository with the memory-forensics topic, visit your repo's landing page and select "manage topics."