Skip to content
/ ProcessVision Public

ProcessVision is a next-generation, signature-less process memory inspection and threat detection tool written in Rust. It is designed for blue teams, incident responders, and malware analysts to detect sophisticated in-memory threats.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ismailtsdln/ProcessVision

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
src
src
 
 
tests
tests
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

ProcessVision 🛡️

ProcessVision is a next-generation, signature-less process memory inspection and threat detection tool written in Rust. It is designed for blue teams, incident responders, and malware analysts to detect sophisticated in-memory threats.

ProcessVision Banner Rust License

✨ Features

  • Advanced Memory Analysis: Detects RWX regions, W^X violations, and executable memory in private/heap regions.
  • PE Integrity Engine: Scans for manually mapped PEs, suspicious section names (packers), and malformed headers (anti-forensics).
  • Shellcode Heuristics: Detects high-entropy payloads and common instruction patterns (PEB access, direct syscalls).
  • Hook & Integrity Detection: Identifies potential API redirections and IAT/EAT hooking via indirect jump patterns.
  • Detection Correlation: Automatically strengthens confidence scores when multiple engines flag the same region.
  • Modern CLI: Feature-rich terminal interface with progress indicators, colored finding cards, and filtered scan modes.

🚀 Installation

Prerequisites

  • OS: Windows (Targeting WinAPI)
  • Rust: Latest stable toolchain

Build from source

git clone https://github.com/ismailtsdln/ProcessVision.git
cd ProcessVision
cargo build --release

The binary will be located at ./target/release/processvision.exe.

🛠️ Usage

Scan all processes

processvision scan-all

Scan with filters (Name & Confidence)

processvision scan-all --name chrome --min-confidence 70

Deep scan a specific process

processvision scan-pid 1234

🔍 Detection Engines

Engine Technique Focus
MemoryRegion Unbacked Executable Memory RWX, W^X violations, Guard pages
PeAnalysis Manual Mapping / Hollowing Section audit, Header integrity
Shellcode Shellcode Heuristics High entropy, Syscall stubs, PEB access
HookEngine API/IAT Hooking Indirect jumps, inline hooks
ThreadEngine Suspicious Execution Private execution entry points

🛡️ Safety & Reliability

  • Non-Destructive: ProcessVision never modifies the target process. It only queries and reads memory.
  • Rust Powered: Leverage's Rust's memory safety to avoid common security pitfalls.
  • Structured Errors: Robust handling of UAC (Access Denied) and protected process errors.

🤝 Contribution

Contributions are welcome! If you have ideas for new detection engines or UI improvements, please open an issue or submit a pull request.

⚖️ License

Distributed under the MIT License. See LICENSE for more information.

Created by Ismail Tasdelen

About

ProcessVision is a next-generation, signature-less process memory inspection and threat detection tool written in Rust. It is designed for blue teams, incident responders, and malware analysts to detect sophisticated in-memory threats.

Topics

malware malware-analysis threat-detection memory-inspection

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages