v0.3.0
FEATURE
- supported force-read of inaccessible pages (
PAGE_NOACCESS
) when running in the reflection mode (/refl
):- automatic if the inaccessible page is within the PE module
- on-demand if the inaccessible page is somewhere else in the workingset (depending on the selected
/data
mode)
- added more options for scanning non-executable pages (
/data
) - added one more mode of IAT hooks scan (
/iat
), allowing to filter out hooks that lead to any system DLL - in hook resolving function: recognize and parse one more jump type
- in shellcode detection: added one more pattern
BUGFIX
- Fixed error in printing JSON reports of some of the scan types (missing headers)
REFACT
- refactoring and optimization of the function resolving hooks
- removed not needed flags for process reflection creation (optimization)
See also HollowsHunter: https://github.com/hasherezade/hollows_hunter/releases/tag/v0.3.0