Home

Welcome to the PE-sieve wiki!

Start by reading the FAQ - Frequently Asked Questions

Table of Contents

1. FAQ
2. How to build
   • How to add PE sieve to your Visual Studio project
3. Default features
   • Investigating hooks and patches
   • Payload reconstruction: PE header
   • JSON reports
4. Additional features
   • Create a process reflection before the full scan (/refl)
   • Ignore modules (/mignore)
   • Scan non executable memory (/data)
   • Detect IAT Hooks (/iat)
   • Detect obfuscated/encrypted areas (/obfusc)
   • Detect shellcodes by (hardcoded) patterns, and statistics (/shellc)
   • Detect shellcode by custom patterns (/pattern)
   • Detect shellcode by scanning threads' callstack (/threads)
   • Import table reconstruction (/imp)
   • Create a MiniDump of the full process (/minidmp)
   • Change dump mode (/dmode)
   • Rebase the dump to the default base (/rebase)
5. API
6. Docs 📚
7. Videos 🎬
8. References