PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade. The tool, based on libpeconv (also developed by hasherezade), scans a given process and searching for the modules containing in-memory code modifications. When found, it dumps the modified PE. Currently PE-sieve can detect …
Article Link: https://andreafortuna.org/cybersecurity/pe-sieve-a-command-line-tool-for-investigating-inline-hooks/