OldSchoolHack

Register / Login English
deutschDeutsch
englishEnglish
New Posts Advanced Search

CrySearch Memory Scanner

icon Thread: [Release] CrySearch Memory Scanner

Join Date: Aug 2007

Posts: 1957

 Kategorie: Tools
Entwickler: evolution536

Beschreibung:
v3.2:
- Changed the Unknowncheats forum link in about dialog to the CrySearch website (Only registered and activated users can see links.);
- Changes to the disassembler:
- Fixed bug where not all contents of some memory page would be disassembled by Capstone;
- Removed memory page selection control in favor of scrolling from page to page using up and down buttons;
- Reverted back to one background thread, threadpools and multiple threads are not necessary.
- Fixed bugs in memory scanner, resulting in certain ranges of memory not being searched at all;
- Added description of address table entry to memory dissection window where applicable;
- Added code cave scanner that identifies nop, int3 and zero sleds, accessible from the Tools menu.

  1. Accessing processes remotely, also system processes when running as Administrator;
  2. Memory scanning for primitive types, strings and byte sequences;
  3. Filtering scan results (a.k.a. Next scan);
  4. Supports relative addresses and offsets;
  5. Creating, saving and reusing address tables containing scan results.
  6. Changing values at memory addresses and freeze them;
  7. Viewing PE (Portable Executable) information about the opened process;
  8. Viewing and dumping sections;
  9. Viewing threads, change priority, suspend, resume and create threads remotely;
  10. Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
  11. Allocating memory blocks remotely;
  12. Generating code snippets from address tables;
  13. Hotkeys to automate actions that do not require user input;
  14. Viewing import address table of loaded process and its modules;
  15. Settings hooks on the IAT of a process and its modules and restoring export addresses;
  16. Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
  17. Viewing and closing handles in the loaded process;
  18. Disassembling executable pages in a process to provide memory view and program flow control;
  19. Walking heaps in the opened process as side feature of the disassembler;
  20. Debugging executable code and data to find out what the flow of a program is;
  21. Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
  22. Generate signatures and byte-arrays from selected disassembly;
  23. Create memory dissections of specific parts of the process' memory and save them to the address table;
  24. A read-only operation mode which eliminates all writing operations on a process, which is useful for evading anti-cheating systems;
  25. Scanning for code caves of variable sizes in accessible memory pages.


Screenshots:
/hackdata/screenshot/thumb/4ec2054623ee89adb0c121fdc46732a7.jpg

Download:
CrySearch Memory Scanner - v3.2

System is offline