Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-08-2024, 23:39
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
MemoryHacker

MemoryHacker is a tool which can search for values on the target process!
You can use to search/write in the memory of a process.
Can be used for finding information for creating trainers/memory hacking.

First Select a process then do a right mouse click on it and choose "Memory hack",
A new dialog with options will come,
with search type: Full search or Custom search (Customize button),
Customize dialog contains list with Start Address/End Address
in order to perform search only on these ranges.
You can pick up a Module or a memory block.

Type combo specifies the type of variables to search
can be: byte, word, dword, qword, bytes, ASCII string, UNICODE string, float or double.

Base combo specifies the base of "Value to search",
decimal = base 10 and hexadecimal = base 16.

First time you enter "Value to search" and click on "Search" button
in order to find addresses and they will be added to list (Address/Value)

"New value" textbox is used only when you press "Patch" button,
holds the new value to be set!

They are three more options when you right click on list(Address/Value)
"Copy Selected", "Remove Selected" and "Patch Selected".

Read button will read current values of list (Address/Value).

"Remove Not Found" button will read current values of list (Address/Value)
and will remove from list (Address/Value) the ones which
are not equal with "Value to search".

"Patch" button will patch all values of list (Address/Value)
with "New value".

Let me know about any bug or if you have any suggestion.
Source code (Visual C++ 6.0) released.

In MemoryHacker_fixed1:
- now "Remove Not Found" remove addresses for which read fails (probable due to memory being set free)
- Added "Suspend process", "Resume process" and "Get process state" in main dialog
Attached Files
File Type: rar MemoryHacker_fixed1_src.rar (506.2 KB, 26 views)
File Type: rar MemoryHacker_Exe_fixed1.rar (19.7 KB, 25 views)
Reply With Quote
The Following 14 Users Say Thank You to CodeCracker For This Useful Post:
bolo2002 (09-10-2024), darkBLACK (09-28-2024), Doit (09-11-2024), Gyrus (09-09-2024), herpsswd (09-18-2024), MarcElBichon (09-09-2024), niculaita (09-13-2024), Shub-Nigurrath (09-09-2024), tonyweb (09-09-2024), Trit0n (09-12-2024), uranus64 (09-09-2024), user_hidden (09-09-2024), Zeokat (09-09-2024), zeuscane (09-10-2024)
  #2  
Old 09-12-2024, 20:22
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 232
Rept. Given: 57
Rept. Rcvd 89 Times in 49 Posts
Thanks Given: 87
Thanks Rcvd at 135 Times in 56 Posts
Trit0n Reputation: 89
Very good and simple tool.
I have never seen anything so simple.
Tip:
if you can't find all the processes in the list.
then use the tool “PowerRun”
(Runs the program as “TrustedInstaller or Nt Authority/system”)
https://www.sordum.org/9416/powerrun-v1-7-run-with-highest-privileges/
(Also applies to all other memory tools such as Winhex, 010Editor and many more)

Last edited by Trit0n; 09-12-2024 at 22:48.
Reply With Quote
The Following 2 Users Say Thank You to Trit0n For This Useful Post:
Doit (09-13-2024), niculaita (09-13-2024)
  #3  
Old 09-28-2024, 00:30
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
MemoryHacker fixed2

MemoryHacker_fixed2:
- Fixed buffer overflow posted by jackyjask
- Fixed conversion of MemoryBlock protection to string
- in "Inspect Memory" dialog added "Split string len"; and also added vertical scroll
Attached Files
File Type: rar MemoryHacker_Src_(fixed2).rar (508.0 KB, 28 views)
File Type: rar MemoryHacker_Exe(fixed2).rar (20.6 KB, 25 views)
Reply With Quote
The Following 3 Users Gave Reputation+1 to CodeCracker For This Useful Post:
Fyyre (10-01-2024), MarcElBichon (09-28-2024), yoza (09-28-2024)
The Following 10 Users Say Thank You to CodeCracker For This Useful Post:
besoeso (09-29-2024), bolo2002 (09-29-2024), darkBLACK (09-28-2024), Doit (09-28-2024), Fyyre (10-01-2024), niculaita (09-28-2024), tonyweb (09-29-2024), uranus64 (09-28-2024), user_hidden (09-28-2024), zeuscane (09-29-2024)
  #4  
Old 09-28-2024, 13:14
yoza's Avatar
yoza yoza is offline
Moderator
 
Join Date: Aug 2015
Location: Himalaya
Posts: 256
Rept. Given: 99
Rept. Rcvd 255 Times in 90 Posts
Thanks Given: 374
Thanks Rcvd at 1,632 Times in 219 Posts
yoza Reputation: 200-299 yoza Reputation: 200-299 yoza Reputation: 200-299
Awesome.. as always !
Reply With Quote
The Following 2 Users Say Thank You to yoza For This Useful Post:
bolo2002 (09-29-2024), tonyweb (09-29-2024)
  #5  
Old 09-30-2024, 21:44
Mavrick Mavrick is offline
Friend
 
Join Date: Sep 2023
Posts: 7
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
Mavrick Reputation: 0
Quote:
Originally Posted by yoza View Post
Awesome.. as always !
A thank you post from a mod. What irony!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 13:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )