PE-sieve

To boost the security level of your computer and keep an eye out for malware agents attempting to infiltrate into your system, you can add PE-Sieve to your collection of portable software.

It's a tiny command-line tool capable of scanning active PE processes to detect in-memory code modifications, which could mean that unauthorized changes were made by third parties trying to lower your PC's defenses. It requires no installation and has two executable files available for x86 and x64 Windows, so make sure to get the one that matches your system's architecture type.

The syntax is "/pid <target-pid>", where you can specify the ID of the running process you want to scan. PE-Sieve begins to scan all files linked to the process and shows a summary of the results when it's done, such as total scanned, hooked, modified and suspicious items.

This report is also saved in a JSON file that gets automatically created in a subfolder placed in the same directory as PE-Sieve. The subfolder's name matches the PID, so you can easily tell reports apart after running multiple scans on different processes.

Optional commands can be used for recovering imports (/imp, keeping in mind that it may slow down scans), filtering scanned modules by 32-bit (/mfilter 1) or 64-bit (/mfilter 2), and filtering the dumped output (/ofilter), among others.

The console program worked smoothly on Windows 10 in our tests, carrying out scanning operations quickly while remaining light on system resources consumption.

Taking everything into account, PE-Sieve can be really helpful in boosting the security level of your system by scanning currently running processes for possible malware changes. It's free and open-source, so you can take a look at its code and use it for your own projects if you're a software developer.