PE-sieve 0.3.9
PE-sieve is an Open Source app that can scan running processes on your computer to detect memory code modifications. This functionality can be beneficial for finding malware running on your computer.
PE-sieve isn't exactly a name that rolls off the tongue, possibly for a good reason. Pc-sieve is for advanced users, especially those with command-prompt knowledge, target ID's, and processes.
Pe-sieve will take any process you specify and look for in-memory implants in the executable and DLL files, including modified PEs, shellcodes, inline hooks, patches, and more.
Double-click on the portable executable; there is a short description and a list of switches.
To scan a process, open the Command Prompt or PowerShell as admin. Find the process and target Id and use the included help to type in what you need. Typically, you will start with pe-sieve32 or pe-sieve64, and the target id is required, for example, /PID 3807. In other words, your basic entry will be something similar to "pe-sieve64 /PID 3807." From here, again, be sure to check for all the other available switches.
Further information and videos are available on the home page.
Similar:
How to Identify Processes or Services on Your Computer
How to Save a Text File of All Running Processes With TaskList
How to Restore or Verify Default Services in Windows 7, 8, 10, and 11
How-To Customize Process Information Viewed in Task Manager
PE-sieve 0.3.9
PE-sieve is an Open Source app that can scan running processes on your computer to detect memory code modifications. This functionality can be beneficial for finding malware running on your computer.