PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE. Detects inline hooks, hollowed processes, Process Doppelgänging etc. Can be used for unpacking malware.
Share your experience with using LiveDump and PE-sieve.
For example, how are they different and which one is better?
What are some alternatives?
When comparing LiveDump and PE-sieve, you can also consider the following products
Process Dump
- Dumps memory components from specific processes or from all processes currently running. Supports creation and use of a clean-hash database, so that dumping of all the clean files such as kernel32.dll can be skipped.