Skip to content
/ drvscan Public
forked from ekknod/drvscan

minimal utility, currently it can scan PCI devices / drivers / processes

1 star 56 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

z0d0dOr/drvscan

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
Client
Client
 
 
Driver
Driver
 
 
README.md
README.md
 
 

Repository files navigation

drvscan

handy tool for scanning memory changes in executable pages

--scan                    scan target process memory changes
   --diff      (optional) the amount of bytes that have to be different before logging the patch
   --usecache  (optional) if option is selected, we use local dumps instead of original disk files
   --savecache (optional) dump target process modules to disk, these can be used later with --usecache
   --pid       (optional) target process id

--pcileech                scan pcileech-fpga cards from the system (4.11 and lower)

--scanthreads             scan system threads
   --attachpid (optional) check if thread is attached to target process id

--scanefi                 scan efi runtime services

Example (verifying module integrity by using cache):

- make sure Windows is not infected
- drvscan.exe --savecache --pid 4
- reboot your computer
- load malware
- drvscan.exe --scan --usecache --pid 4

all malware patches should be now visible at your selected process

About

minimal utility, currently it can scan PCI devices / drivers / processes

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • C++ 100.0%