Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Converts a DLL into EXE

Dynamic unpacker based on PE-sieve

A ready-made template for a project based on libpeconv.

A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.

A ready-made template for a new project based on libPeConv library