Skip to content

v0.2.4
Compare
Choose a tag to compare
@hasherezade hasherezade released this 30 Dec 19:00
· 956 commits to master since this release
v0.2.4
8fc22fd

pesieve_04

FEATURE

  • Detect Module Overloading (Issue #47 )
  • Allow for supplying PID in a hexadecimal form (Issue #49)
  • In a report: present the allocation type in form of a string (i.e. "MEM_IMAGE") instead of number

BUGFIX

  • Added fixing Entry Points of .NET modules (Issue #48 )
  • Fixed a bug causing false positives during patches detection (invalid identification of non-executable sections as executable)
  • Fixed a bug causing not dumping of some of the detected modules (invalid offset calculation during dump: Issue #45)
  • Improved detection of PEs embedded in a shellcode (Issue #44 )
  • More precise validation of found PE artefacts
Assets 6
Loading