OldSchoolHack

Registrieren / Anmelden Deutsch

CrySearch Memory Scanner v1.09

  • Kategorie: Tools
  • Entwickler:
  • Hochgeladen von: KN4CK3R
  • Hinzugefügt am:
  • System: Windows
Download (2.01 MB)

VirusTotal Ergebnis: 0/51

virustotal

Beschreibung

Welcome to the release thread of CrySearch. CrySearch is a project I have been working on by myself, for almost half a year now. It mainly is a project of which I desired to learn as much as possible. CrySearch does not contain any copypasta, because I like to write everything myself, preferrably as optimized as possible. CrySearch is a Cheat Engine-like application, but because my taste and feel is different, my application works in quite a different way, with quite a lot of features that are not included in Cheat Engine. I designed the user interface in a way that the toolbar should provide program flow for the user. Cheat Engine's user interface is very populated and the actual disassembling tools are particularly hidden away in the memory viewer. I tend to differ from this approach.
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Creating, saving and reusing address tables containing scan results.
  5. Changing values at memory addresses and freeze them;
  6. Viewing PE (Portable Executable) information about the opened process;
  7. Viewing and dumping sections;
  8. Viewing threads, change priority, suspend, resume and create threads remotely;
  9. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  10. Allocating memory blocks remotely;
  11. Generating code snippets from address tables;
  12. Hotkeys to automate actions that do not require user input;
  13. Viewing import address table of loaded process and its modules;
  14. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  15. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  16. Viewing and closing handles in the loaded process;
  17. Disassembling executable pages in a process to provide memory view and program flow control;
  18. Walking heaps in the opened process as side feature of the disassembler;
  19. Debugging executable code and data to find out what the flow of a program is.

Download CrySearch Memory Scanner v1.09
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
v3.2:
- Changed the Unknowncheats forum link in about dialog to the CrySearch website (Um Links zu sehen, musst du dich registrieren);
- Changes to the disassembler:
- Fixed bug where not all contents of some memory page would be disassembled by Capstone;
- Removed memory page selection control in favor of scrolling from page to page using up and down buttons;
- Reverted back to one background thread, threadpools and multiple threads are not necessary.
- Fixed bugs in memory scanner, resulting in certain ranges of memory not being searched at all;
- Added description of address table entry to memory dissection window where applicable;
- Added code cave scanner that identifies nop, int3 and zero sleds, accessible from the Tools menu.

  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems;
  25. Scanning for code caves of variable sizes in accessible memory pages.


Screenshots:
/hackdata/screenshot/thumb/4ec2054623ee89adb0c121fdc46732a7.jpg

Download:
CrySearch Memory Scanner - v3.2
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
v3.0:
- Slight performance optimizations by eliminating heap allocations;
- Added a configurable warning (advanced tab, settings window) for when OriginalFirstThunk is zero: e.g. the application is packed;
- Revised the memory scanner for performance and I/O usage:
- Changed the disk storage scheme from plain value array to using a bitset and more complex data structure on disk;
- Major changes for code size and speed;
- Changes resulted in improved search performance, especially for larger scans.
- Added a window to view all committed memory page in the target process, with the possiblity to free them (Allocate memory window);
- Fixed race condition issue in the caching of search results for the user interface, keeping more results in memory than intended;
- Improvements and changes to dumper plugins:
- Added a first version of a dumper that dumps a module by enumerating the pages inside the process base address plus size range (needs to be perfected);
- Added a signature to dumped files; the signature is placed in the NumberOfSymbols and PointerToSymbolTable fields in the PE header.
- Added option (settings window, advanced tab) to show architecture of process in open process window (intrusive, turned off by default);
- Added feature for brute-forcing process IDs (PID) to find possibly hidden processes. Available from Tools window:
- Tries PIDs from 0 to 65535, and colors processes that were not found in the regular process list red;
- Allows opening of brute-forced processes from right clicking.
- Fixed a bug where CrySearch fails to retrieve the module list on opening a process that results in an infinite loop;
- Some general code improvements that resulted in decreased executable file size;
- Refactored hotkey system and added hotkey that toggles freeze/thaw on all address table entries;
- Fixed bugs in thread hijacking method for DLL injection where:
- If the opened process never communicates back that injection has finished, the injection process would enter an infinite loop;
- The first thread was always selected for hijacking. A thread is randomly selected now instead for better compatibility.
- Slightly adjusted the CPU information in the about window: sorted chronologically, added CPU brand string and removed VMX;
- Fixed bug with routine override functions where deleting a used plugin from the plugin directory and opening the settings window subsequently would crash CrySearch;
- Fixed bug where type would be changed incorrectly in the change dialog of an address table entry;
- Removed the scan thread priority setting from the settings window;
- Changes in the address table:
- Removed the frozen parameter from persistent address table storage;
- Fixed bug where freezing an address table entry would revert after a few minutes of playing.

Screenshots:
/hackdata/screenshot/thumb/8cabe4f93e42b93f8f57298fa8e942f6.jpg

Download:
CrySearch Memory Scanner v3.0
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.


Screenshots:
/hackdata/screenshot/thumb/4ec2054623ee89adb0c121fdc46732a7.jpg

Download:
CrySearch Memory Scanner v2.11
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.10
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.05
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
Features
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.



v2.04:
    - Added feature to NOP out selected rows using right-click menu in the disassembly window;
    - Fixed a bug in the PE window where the image base of an x64 process would be truncated to 32-bits;
    - Fixed a bug where freezing and thawing addresses in the address table would not work properly anymore;
    - Added the possibility to edit multiple selected address table entries at the same time, only by right-clicking and excluding editing the address;
    - Reduced the timeout for retrieving window icons in the open process window;
    - Improved the disassembler window:
        - Added an option to go back to the entrypoint in the toolstrip and the right-click menu;
        - Added resolving of intermodular function calls to functions in the import address table;
        - Added heavy parallellism to the disassembler, greatly increasing processing speeds.
    - Added a threshold to the amount of rows that can be selected for signature or byte array generation. This threshold is set to 256;
    - Partially added masking for signature generation in the disassembly window.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.04
post
Cheatengine++
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems.




Download:
CrySearch Memory Scanner v2.03
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.02
post
Kategorie: Tools
Entwickler: evolution536

Beschreibung:
  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table.


Screenshots:
/hackdata/screenshot/thumb/3f4b8162b50cdb588899fd80d35cb3fa.jpg

Download:
CrySearch Memory Scanner v2.01