SearchCodeCaving - PE Code Cave Scanner

A lightweight C++ utility to scan for "Code Caves" in executable sections of PE files (.exe, .dll).

Features

Automatically parses PE file structures (DOS Header, NT Headers, Section Table).
Scans only executable sections (marked with IMAGE_SCN_MEM_EXECUTE, e.g., .text).
Identifies regions composed of continuous 0x00 or 0x90 (NOP) bytes.
Provides detailed information including File Offset, RVA (Relative Virtual Address), and Cave Size.

Compile using g++:

g++ main.cpp -o SearchCodeCaving.exe -static

Run via command line:

.\SearchCodeCaving.exe <file_path> [min_cave_size]

file_path: Path to the PE file you want to analyze.
min_cave_size: (Optional) Minimum size of the cave in bytes to be displayed. Defaults to 16.

.\SearchCodeCaving.exe test.exe 20

This will scan test.exe for all code caves that are at least 20 bytes long.

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
img		img
README.md		README.md
README_zh.md		README_zh.md
main.cpp		main.cpp