handy tool for scanning memory changes in executable pages

--scan                 scan target process memory changes  
--diff      (optional) the amount of bytes that have to be different before logging the patch  
--usecache             if option is selected, we use local dumps instead of original disk files  
--savecache            dump target process modules to disk, these can be used later with --usecache  
--pid                  target process id  
--pcileech             scan pcileech-fpga cards from the system (works 4.11 and earlier)

Example (verifying module integrity by using cache):

- make sure Windows is not infected
- drvscan.exe --savecache --pid 4
- reboot your computer
- load malware
- drvscan.exe --scan --usecache --pid 4

all malware patches should be now visible at your selected process