Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
-
Updated
Dec 14, 2024 - C++
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
Dynamic unpacker based on PE-sieve
A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
A ready-made template for a new project based on libPeConv library
Add a description, image, and links to the libpeconv topic page so that developers can more easily learn about it.
To associate your repository with the libpeconv topic, visit your repo's landing page and select "manage topics."