PE-sieve is an Open Source app that can scan running processes on your computer to detect memory code modifications. This functionality can be especially useful for finding malware running on your computer.
PE-sieve isn't exactly a name that rolls off the tongue and possibly for a good reason. Pc-sieve is for advanced users, especially those with command-prompt knowledge, target ID's, and processes.
Pe-sieve will take any process you specify and look for in-memory implants in the executable and DLL files, including modified PE's, shellcodes, inline hooks, patches, and more.
Double-click on the portable executable, and there is a short description as well as a list of switches.
To scan a process, open the Command Prompt or PowerShell as admin. Find the process and target Id and use the included help to type in what you need. Typically, you will start with pe-sieve32 or pe-sieve64, and the target id is required, for example, /PID 3807. In other words, your basic entry will be something similar to "pe-sieve64 /PID 3807." From here, again, be sure to check for all the other available switches.
Further information and videos are available on the home page.
Like it? Love it? Leave a comment below. Please note that comments requesting support or pointing out listing errors will be deleted. Visit our Support Forums for help or drop an email to mgnews @ majorgeeks.com to report mistakes. Thank you!comments powered by Disqus