English
|
Thema: [Release] CrySearch Memory Scanner | |
|
Anmeldungsdatum: Aug 2007 Beiträge: 1959 |
Kategorie: Tools Entwickler: evolution536 Beschreibung: v3.0: - Slight performance optimizations by eliminating heap allocations; - Added a configurable warning (advanced tab, settings window) for when OriginalFirstThunk is zero: e.g. the application is packed; - Revised the memory scanner for performance and I/O usage: - Changed the disk storage scheme from plain value array to using a bitset and more complex data structure on disk; - Major changes for code size and speed; - Changes resulted in improved search performance, especially for larger scans. - Added a window to view all committed memory page in the target process, with the possiblity to free them (Allocate memory window); - Fixed race condition issue in the caching of search results for the user interface, keeping more results in memory than intended; - Improvements and changes to dumper plugins: - Added a first version of a dumper that dumps a module by enumerating the pages inside the process base address plus size range (needs to be perfected); - Added a signature to dumped files; the signature is placed in the NumberOfSymbols and PointerToSymbolTable fields in the PE header. - Added option (settings window, advanced tab) to show architecture of process in open process window (intrusive, turned off by default); - Added feature for brute-forcing process IDs (PID) to find possibly hidden processes. Available from Tools window: - Tries PIDs from 0 to 65535, and colors processes that were not found in the regular process list red; - Allows opening of brute-forced processes from right clicking. - Fixed a bug where CrySearch fails to retrieve the module list on opening a process that results in an infinite loop; - Some general code improvements that resulted in decreased executable file size; - Refactored hotkey system and added hotkey that toggles freeze/thaw on all address table entries; - Fixed bugs in thread hijacking method for DLL injection where: - If the opened process never communicates back that injection has finished, the injection process would enter an infinite loop; - The first thread was always selected for hijacking. A thread is randomly selected now instead for better compatibility. - Slightly adjusted the CPU information in the about window: sorted chronologically, added CPU brand string and removed VMX; - Fixed bug with routine override functions where deleting a used plugin from the plugin directory and opening the settings window subsequently would crash CrySearch; - Fixed bug where type would be changed incorrectly in the change dialog of an address table entry; - Removed the scan thread priority setting from the settings window; - Changes in the address table: - Removed the frozen parameter from persistent address table storage; - Fixed bug where freezing an address table entry would revert after a few minutes of playing. Screenshots:  Download: CrySearch Memory Scanner v3.0 |
|
| System ist offline | ||
