4.1. Detect shellcodes (shellc)

Option: `/shellc`

By default, PE-sieve detects only implanted PE files (they don't need to be 100% valid PE, but they must follow some of the patterns typical for PE file).

Sometimes it is not enough, and we want to detect also a shellcode. This option allows to enable it. The memory regions where the shellcode was detected will be dumped with an .shc extension.

PE-sieve Wiki, by hasherezade

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

4.1. Detect shellcodes (shellc)

Option: `/shellc`

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally

4.1. Detect shellcodes (shellc)

Option: /shellc

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally

Option: `/shellc`