hollows_hunter is a process scanner detecting and dumping hollowed PE modules. it Uses PE-sieve (DLL version): PE-sieve is n open source tool based on libpeconv. It scans a given process, searching for manually loaded or modified modules. When found, it dumps the modified/suspicious PE along with a report in JSON format, detailing about the found indicator.
Dependencies:
+ Visual C++
Use and Download:
git clone --recursive https://github.com/hasherezade/hollows_hunter.git cd hollows_hunter Open Visual C++ 2017 x86/x64 Native Tools Command Prompt At the developer command prompt, enter cl /EHsc main.cpp to compile your program. Download stable here: https://github.com/hasherezade/hollows_hunter/releases
Source: https://github.com/hasherezade
Click to Open Code Editor