FEATURE
- Improved thread scan. Rewritten scanning callstack for anomalies.
- New parameter:
/rebase- allows to rebase the dumped module to its original base (or to the default one, if the original is not known) - New parameter:
/report- allowing to define what type of results from the scan should result in filing a report (possibility to obtain a detailed report about all the scans that were performed, not only which of them detected suspicious indicators) - More details about the detected patches: identify breakpoints, padding, etc.
- Updated Python bindings
REFACT
- Dumping optimization: dump the same memory region only once, even if it was detected by multiple scanning filters
- Other improvements, and bugfixes
See also: HollowsHunter v0.4.0 with the latest PE-sieve
