Skip to content

v0.3.0

Compare
Choose a tag to compare
@hasherezade hasherezade released this 11 Aug 16:45
· 496 commits to master since this release

FEATURE

  • supported force-read of inaccessible pages (PAGE_NOACCESS) when running in the reflection mode (/refl):
    • automatic if the inaccessible page is within the PE module
    • on-demand if the inaccessible page is somewhere else in the workingset (depending on the selected /data mode)
  • added more options for scanning non-executable pages (/data)
  • added one more mode of IAT hooks scan (/iat), allowing to filter out hooks that lead to any system DLL
  • in hook resolving function: recognize and parse one more jump type
  • in shellcode detection: added one more pattern

BUGFIX

  • Fixed error in printing JSON reports of some of the scan types (missing headers)

REFACT

  • refactoring and optimization of the function resolving hooks
  • removed not needed flags for process reflection creation (optimization)

See also HollowsHunter: https://github.com/hasherezade/hollows_hunter/releases/tag/v0.3.0