-
Notifications
You must be signed in to change notification settings - Fork 434
4.8. Create Process Reflection (refl)
hasherezade edited this page Aug 12, 2021
·
11 revisions
PE-sieve scans the process without interfering in its execution. During the normal scan the process is still running. It may cause concurrency issues (i.e. some memory within the process being de-allocated before the scan is finished).
To prevent the concurrency issues, you can use the option refl:
/refl
It creates a suspended copy of the process to be scanned.
The benefit of using a process reflection rather than a raw process, is also that it gives an ability to manipulate selected elements without affecting the original process. It allows, for example, to force access to the pages that are otherwise set as inaccessible.
WARNING: it doesn't work on old versions of Windows (below Windows 7).
Detailed explanation given in 🎞️ the video.