v0.3.0

Updated PE-sieve (v0.3.0):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.0

FEATURE

• added an icon
• added support for new PE-sieve modes (i.e. scanning inaccessible pages)

v0.2.9.8

Updated PE-sieve (v0.2.9.8):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.9.8

Changes in HollowsHunter (in addition to the changes in PE-sieve):

FEATURE

• Added a possibility to exclude processes from the scan by their names: /pignore (Issue #10)
• Removed unused parameter : /mfilter
• Display names of all the processes - including the inaccessible ones
• If /ptimes used without a value given, assume 0 (means: scan all the processes created after HH started)

REFACT

• Refactored process enumeration

v0.2.9.6

Updated PE-sieve (v0.2.9.6):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.9.6

v0.2.9.5

Updated PE-sieve (v0.2.9.5):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.9.5

Changes in HollowsHunter (in addition to the changes in PE-sieve):

FEATURE

• Added parameter ptimes: allowing to limit scan to the processes created a defined number of seconds before HollowsHunter started. (Issue #9 )
• Improved parameters accessibility: grouped into more categories, sorted.
• Display hints for misspelled parameters
• Added parameter jlvl allowing to regulate the level of details included in the JSON report. Allow to list hooks/patches in the scan_report.

v0.2.9

Updated PE-sieve (v0.2.9):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.9

v0.2.8.6

Updated PE-sieve (v0.2.8.6):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.8.6

BUGFIX:

• Fixed error in scanning workingset of some applications

v0.2.8.5

Updated PE-sieve (v0.2.8.5):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.8.5

Including:

• Fixed broken detection of ASPack
• Various fixes improving accuracy of the scan

v0.2.8.3

Updated PE-sieve (v0.2.8.3):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.8.3

Including:

• Fixed PE-sieve hanging during the IAT scan of some PEs
• added one more .NET policy (in /dnet parameter)

v0.2.8

Updated PE-sieve (v0.2.8):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.8

Changes in HollowsHunter (in addition to the changes in PE-sieve):

FEATURE

• Detailed info about a single parameter can be requested by: /<parameter> ?
• Support the new modes in the /data parameter
• Support the new parameter /dnet allowing to set treating .NET modules different than native ones
• New colors of logo if run via Powershell
• Alert if the scanner has different bitness than the OS
• Display if the scanned process is 32 bit when scanning on 64 bit OS
• Alert about partially scanned processes (64 bit scanned by the 32 bit scanner)

BUGFIX

• Fixed switching back to the original console color after printing in color

REFACT

• Refactored parsing of the parameters
• Internal refactoring and cleanup of the scanner

v0.2.7.1

Updated PE-sieve (v0.2.7.1):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.7.1
with the following changes:

FEATURE

• Scan virtual caves

BUGFIX

• Fixed /mginore option (filtering out selected modules from the scan)
• Fixed wrong calculation of a patch size

The builds are available in two version: with PE-sieve as a DLL (.zip), and with PE-sieve compiled statically (.exe)