Feature-rich C99 library for memory scanning purposes, designed for Windows running machines, meant to work on both 32-bit and 64-bit portable executables. Has a modern C++ wrapper.

memscan

Feature-rich C99 library for memory scanning purposes, designed for Windows running machines, meant to work on both 32-bit and 64-bit portable executables.

memscan has a modern C++ wrapper which abstracts the C contents in an user-friendly way. To look at the C example, press here, and, for the C++ example, press here.

Features

  • 🚶 Follow system


    It is an internal concept which is exposed to every of the following memscan features.


    • It expects a base address, bounds and a find sequence.
    • Find sequences can be made of:
      • A bytecode-style string:
        • Example: "AA BB CC DD EE FF"
          • This is converted back to a byte array with a size at run-time.
      • OR, byte array and it's size
        • Example: {0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, 6
      • And, universally:
        • N-th match:
          • Sequences may repeat within the specified range, so you can choose which match you want to select,
          • Matches start at 0, implying the first match.
        • Direction:
          • You can go either backwards, or forwards, within the specified bounds, starting from the base address.
    • Invalid inputs will be reflected in the return with the status variable. This carries to the user-level return.
  • 🔎 Multi-paradigm pattern-scanning

    • It expects bounds, a pattern sequence and, optionally, a find sequence.
    • Pattern sequences can be made of:
      • A bytecode-style string:
        • Example: "AA BB CC DD EE FF"
      • OR, a byte array and it's size
        • Example: {0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, 6
      • Both of the aforementioned can contain a preset symbol to signal that a mismatch at said position is allowed. It is set here.
      • And, universally:
        • N-th match:
          • Sequences may repeat within the specified range, so you can choose which match you want to select,
          • Matches start at 0, implying the first match.
    • Refer to Follow system to see find sequences.
    • Every combination of the aforementioned is possible in the user-level API.
    • The result of this process carries an address depending on the success of the process and a status. For documentation on the status, refer to this file.
  • Cross-reference resolver

    • It expects bounds, either a base address or content, prompt to whether there should be an endianness swap, N-th match, based on which method you choose and, optionally, a find sequence.
    • Refer to Follow system to see find sequences.
    • Can resolve references from a given input, or, resolve references at the address where they're represented:
      • An example for resolving references from a given input is inputting the following: 0xAABBCCDD.
        • We assume this is a pointer which we can resolve. When represented in memory, it'll have it's endianness swapped, so it'll look like 0xDDCCBBAA, therefore, we will ask for an endianness swap,
        • Then, for some reason, want to find the first instance where the contents at the pointer is referenced, so, we will input 0 for the N-th match.
      • We can also input the address where a pointer is referenced by choosing the right method:
        • If the contents at our address look like this sequence: 8B 4D ? ? ? ?:
          • We'll have to add '2' to the address (to skip over the 8B 4D bytes),
          • Then, we'll have to prompt an endianness swap,
          • Then, for some reason, want to find the first instance where the contents at the address' pointer is referenced so, we will input 0 for the N-th match.
    • Refer to Follow system to see find sequences.
    • The result of this process carries an address depending on the success of the process and a status. For documentation on the status, refer to this file.
  • 🗒️ String resolver


    This component was built off the cross-reference resolver system.


    • It expects bounds, a (compile-time) string, it's size, N-th match and, optionally, a find sequence.
    • Refer to Follow system to see find sequences.
    • The result of this process carries an address depending on the success of the process and a status. For documentation on the status, refer to this file.
      • If the process was succesful, the address will be a pointer to the N-th match of the string.
  • 🤷 Scalable

    • This project is designed to operate under any reasonable circumstance. This can be used alongside DLL-injection, or on copied memory buffers.

📚 Internal documentation

  • The user-level API has up-to-date, Doxygen-compliant documentation, which, in most IDEs, should be displayed on hover.
  • There's also implementation documentation which you can see here.

📈 Progression

  • To do:
    • ⚔️ C++ wrapper
    • 🦾 CMake package
    • 🧪 Standard tests
    • 🤝 Multi-platform support

⚖️ License

I couldn't care less.

Owner
cristei
For inquiries, preferably, contact me on Twitter, or, by e-mail. 16.
cristei
Similar Resources

A cheatsheet of modern C++ language and library features.

C++20/17/14/11 Overview Many of these descriptions and examples come from various resources (see Acknowledgements section), summarized in my own words

Nov 24, 2022

Modern, header-only, compact and cross platform C++ network/sockets library

cpp-net-lib Modern, header-only, compact and cross-platform C++ network/sockets library. Don't mind the crappy name, I suck at naming things. Why? I n

Jul 20, 2022

Welcome to my dungeon. Here, I keep all my configuration files in case I have a stroke and lose all my memory. You're very welcome to explore and use anything in this repository. Have fun!

Fr1nge's Dotfiles Welcome to my dungeon. Here, I keep all my configuration files in case I have a stroke an d lose all my memory. You're very welcome

Oct 28, 2022

chap analyzes un-instrumented core files for leaks, memory growth, and corruption

chap analyzes un-instrumented core files for leaks, memory growth, and corruption

chap analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It is sufficiently reliable that it can be used in automation t

Nov 1, 2022

A Simple 32-bit OS lab tutorial.

A Simple 32-bit OS lab tutorial.

一个支点撬动操作系统大山 项目名称:逸仙OS简明教程 ( YatSenOS Volume First ) 所属机构:中山大学操作系统实验课程组 写在前面 本项目已经成功用于2021年中山大学春季操作系统实验课程,课程的地址是https://gitee.com/nelsoncheung/sysu-20

Nov 19, 2022

A comprehensive catalog of modern and classic books on C++ programming language

A comprehensive catalog of modern and classic books on C++ programming language

A comprehensive catalog of modern and classic books on C++ programming language

Nov 15, 2022

A modern dynamically typed programming language that gets compiled to bytecode and is run in a virtual machine called SVM (Strawbry Virtual Machine).

Strawbry A bytecode programming language. Here is what I want Strawbry to look like: var a = 1 var b = 2 var c = a + b print(c) func sqrt(x) { re

Jan 5, 2022

Homework repo of Modern Cpp for CV (2020Spring) at UniBonn

Modern C++ Course For CV (2020) source file can be found here. Homework Assignments Homework # Title Homework sheet Files and Data MyStatus Homework_1

Oct 8, 2022

🐛 Pangea Software's Bugdom for modern systems

🐛 Pangea Software's Bugdom for modern systems

Bugdom This is Bugdom running on modern macOS, Windows and Linux! This version, at https://github.com/jorio/Bugdom, is approved by Pangea Software. Ge

Nov 12, 2022
A demonstration of implementing, and using, a "type safe", extensible, and lazy iterator interface in pure C99.

c-iterators A demonstration of implementing, and using, a "type safe", extensible, and lazy iterator interface in pure C99. The iterable is generic on

Nov 11, 2022
Collection of C99 dynamic array implementations

darc darc stands for Dynamic ARray Collection. This repo hosts 3 type-generic C99 implementations : mga (Macro Generated Array) type-safe 0-cost abstr

May 5, 2022
Hello, I am creating this file to make everyone understand the basis of C++ language which is actually the advanced version of C but better than C because of its OOPs feature.

Hello-in-C++ ?? ?? FOR BEGINNERS IN C++ Hello, I am creating this file to make everyone understand the basics of C++ language which is actually the ad

Dec 27, 2021
C++98 library that encapsulates memory-mapped-files for POSIX or Windows

Memory-Mapped File C++ Library Tutorial and Reference Purpose This is a library, for the C++98 language and its successive versions, to handle files a

Nov 3, 2022
Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.
Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.

Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.

Nov 11, 2022
Colang - Programming language and compiler —WORK IN PROGRESS—

Co programming language Building Initial setup: ./init.sh will install the following into deps/: ckit build tool and rbase library ckit-jemalloc memor

Sep 15, 2022
A single file C++ header-only minizip wrapper library

cpp-zipper A single file C++ header-only minizip wrapper library This code is based on 'Making MiniZip Easier to Use' by John Schember. https://nachti

Nov 4, 2022
This repository contains notes and starter code for Bit manipulation and mathematics session for DSA bootcamp organized by Codeflows.

Bitmanipulation_maths This repository contains notes and starter code for Bit manipulation and mathematics session for DSA bootcamp organized by Codef

Jun 15, 2022
Starting with OpenCV and Qt on MacOS is a bit of difficult if you haven't installed and used libraries in XCode.
Starting with OpenCV and Qt on MacOS is a bit of difficult if you haven't installed and used libraries in XCode.

OpenCV and Qt on MacOS Introduction Starting with OpenCV and Qt on MacOS is a bit of difficult if you haven't installed and used libraries in XCode. T

Oct 20, 2022
🔌 A C++ RAII Pipewire-API Wrapper

A C++ RAII PipeWire-API Wrapper Description Rohrkabel is a RAII wrapper around the pipewire-api that aims to simplify work with it, at the moment Rohr

Oct 26, 2022