OldSchoolHack

Registrieren / Anmelden Deutsch

CrySearch Memory Scanner v3.0

  • Kategorie: Tools
  • Entwickler:
  • Hochgeladen von: System
  • Hinzugefügt am:
  • System: Windows
Download (2.61 MB)

VirusTotal Ergebnis: 2/60

virustotal

Beschreibung

v3.0:
- Slight performance optimizations by eliminating heap allocations;
- Added a configurable warning (advanced tab, settings window) for when OriginalFirstThunk is zero: e.g. the application is packed;
- Revised the memory scanner for performance and I/O usage:
- Changed the disk storage scheme from plain value array to using a bitset and more complex data structure on disk;
- Major changes for code size and speed;
- Changes resulted in improved search performance, especially for larger scans.
- Added a window to view all committed memory page in the target process, with the possiblity to free them (Allocate memory window);
- Fixed race condition issue in the caching of search results for the user interface, keeping more results in memory than intended;
- Improvements and changes to dumper plugins:
- Added a first version of a dumper that dumps a module by enumerating the pages inside the process base address plus size range (needs to be perfected);
- Added a signature to dumped files; the signature is placed in the NumberOfSymbols and PointerToSymbolTable fields in the PE header.
- Added option (settings window, advanced tab) to show architecture of process in open process window (intrusive, turned off by default);
- Added feature for brute-forcing process IDs (PID) to find possibly hidden processes. Available from Tools window:
- Tries PIDs from 0 to 65535, and colors processes that were not found in the regular process list red;
- Allows opening of brute-forced processes from right clicking.
- Fixed a bug where CrySearch fails to retrieve the module list on opening a process that results in an infinite loop;
- Some general code improvements that resulted in decreased executable file size;
- Refactored hotkey system and added hotkey that toggles freeze/thaw on all address table entries;
- Fixed bugs in thread hijacking method for DLL injection where:
- If the opened process never communicates back that injection has finished, the injection process would enter an infinite loop;
- The first thread was always selected for hijacking. A thread is randomly selected now instead for better compatibility.
- Slightly adjusted the CPU information in the about window: sorted chronologically, added CPU brand string and removed VMX;
- Fixed bug with routine override functions where deleting a used plugin from the plugin directory and opening the settings window subsequently would crash CrySearch;
- Fixed bug where type would be changed incorrectly in the change dialog of an address table entry;
- Removed the scan thread priority setting from the settings window;
- Changes in the address table:
- Removed the frozen parameter from persistent address table storage;
- Fixed bug where freezing an address table entry would revert after a few minutes of playing.

Download CrySearch Memory Scanner v3.0
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
v3.2:
- Changed the Unknowncheats forum link in about dialog to the CrySearch website (Um Links zu sehen, musst du dich registrieren);
- Changes to the disassembler:
- Fixed bug where not all contents of some memory page would be disassembled by Capstone;
- Removed memory page selection control in favor of scrolling from page to page using up and down buttons;
- Reverted back to one background thread, threadpools and multiple threads are not necessary.
- Fixed bugs in memory scanner, resulting in certain ranges of memory not being searched at all;
- Added description of address table entry to memory dissection window where applicable;
- Added code cave scanner that identifies nop, int3 and zero sleds, accessible from the Tools menu.

  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems;
  25. Scanning for code caves of variable sizes in accessible memory pages.


Screenshots:
/hackdata/screenshot/thumb/4ec2054623ee89adb0c121fdc46732a7.jpg

Download:
CrySearch Memory Scanner - v3.2
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
v3.0:
- Slight performance optimizations by eliminating heap allocations;
- Added a configurable warning (advanced tab, settings window) for when OriginalFirstThunk is zero: e.g. the application is packed;
- Revised the memory scanner for performance and I/O usage:
- Changed the disk storage scheme from plain value array to using a bitset and more complex data structure on disk;
- Major changes for code size and speed;
- Changes resulted in improved search performance, especially for larger scans.
- Added a window to view all committed memory page in the target process, with the possiblity to free them (Allocate memory window);
- Fixed race condition issue in the caching of search results for the user interface, keeping more results in memory than intended;
- Improvements and changes to dumper plugins:
- Added a first version of a dumper that dumps a module by enumerating the pages inside the process base address plus size range (needs to be perfected);
- Added a signature to dumped files; the signature is placed in the NumberOfSymbols and PointerToSymbolTable fields in the PE header.
- Added option (settings window, advanced tab) to show architecture of process in open process window (intrusive, turned off by default);
- Added feature for brute-forcing process IDs (PID) to find possibly hidden processes. Available from Tools window:
- Tries PIDs from 0 to 65535, and colors processes that were not found in the regular process list red;
- Allows opening of brute-forced processes from right clicking.
- Fixed a bug where CrySearch fails to retrieve the module list on opening a process that results in an infinite loop;
- Some general code improvements that resulted in decreased executable file size;
- Refactored hotkey system and added hotkey that toggles freeze/thaw on all address table entries;
- Fixed bugs in thread hijacking method for DLL injection where:
- If the opened process never communicates back that injection has finished, the injection process would enter an infinite loop;
- The first thread was always selected for hijacking. A thread is randomly selected now instead for better compatibility.
- Slightly adjusted the CPU information in the about window: sorted chronologically, added CPU brand string and removed VMX;
- Fixed bug with routine override functions where deleting a used plugin from the plugin directory and opening the settings window subsequently would crash CrySearch;
- Fixed bug where type would be changed incorrectly in the change dialog of an address table entry;
- Removed the scan thread priority setting from the settings window;
- Changes in the address table:
- Removed the frozen parameter from persistent address table storage;
- Fixed bug where freezing an address table entry would revert after a few minutes of playing.

Screenshots:
/hackdata/screenshot/thumb/8cabe4f93e42b93f8f57298fa8e942f6.jpg

Download:
CrySearch Memory Scanner v3.0
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.


Screenshots:
/hackdata/screenshot/thumb/4ec2054623ee89adb0c121fdc46732a7.jpg

Download:
CrySearch Memory Scanner v2.11
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.10
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.05
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.



v2.04:
    - Added feature to NOP out selected rows using right-click menu in the disassembly window;
    - Fixed a bug in the PE window where the image base of an x64 process would be truncated to 32-bits;
    - Fixed a bug where freezing and thawing addresses in the address table would not work properly anymore;
    - Added the possibility to edit multiple selected address table entries at the same time, only by right-clicking and excluding editing the address;
    - Reduced the timeout for retrieving window icons in the open process window;
    - Improved the disassembler window:
        - Added an option to go back to the entrypoint in the toolstrip and the right-click menu;
        - Added resolving of intermodular function calls to functions in the import address table;
        - Added heavy parallellism to the disassembler, greatly increasing processing speeds.
    - Added a threshold to the amount of rows that can be selected for signature or byte array generation. This threshold is set to 256;
    - Partially added masking for signature generation in the disassembly window.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.04
post
Cheatengine++
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.




Download:
CrySearch Memory Scanner v2.03
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.02
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.01