Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

📦 Uses: PE-sieve (the library version).

❓ PE-sieve FAQ - Frequently Asked Questions

📖 Read Wiki

Clone

Use recursive clone to get the repo together with all the submodules:

git clone --recursive https://github.com/hasherezade/hollows_hunter.git

Builds

Download the latest release, or read more.

Available also via Chocolatey