OldSchoolHack

Register / Login English

CrySearch Memory Scanner

icon Thread: [Release] CrySearch Memory Scanner

Join Date: Aug 2007

Posts: 1957

Kategorie: Tools
Entwickler: evolution536

Beschreibung:
v3.0:
- Slight performance optimizations by eliminating heap allocations;
- Added a configurable warning (advanced tab, settings window) for when OriginalFirstThunk is zero: e.g. the application is packed;
- Revised the memory scanner for performance and I/O usage:
- Changed the disk storage scheme from plain value array to using a bitset and more complex data structure on disk;
- Major changes for code size and speed;
- Changes resulted in improved search performance, especially for larger scans.
- Added a window to view all committed memory page in the target process, with the possiblity to free them (Allocate memory window);
- Fixed race condition issue in the caching of search results for the user interface, keeping more results in memory than intended;
- Improvements and changes to dumper plugins:
- Added a first version of a dumper that dumps a module by enumerating the pages inside the process base address plus size range (needs to be perfected);
- Added a signature to dumped files; the signature is placed in the NumberOfSymbols and PointerToSymbolTable fields in the PE header.
- Added option (settings window, advanced tab) to show architecture of process in open process window (intrusive, turned off by default);
- Added feature for brute-forcing process IDs (PID) to find possibly hidden processes. Available from Tools window:
- Tries PIDs from 0 to 65535, and colors processes that were not found in the regular process list red;
- Allows opening of brute-forced processes from right clicking.
- Fixed a bug where CrySearch fails to retrieve the module list on opening a process that results in an infinite loop;
- Some general code improvements that resulted in decreased executable file size;
- Refactored hotkey system and added hotkey that toggles freeze/thaw on all address table entries;
- Fixed bugs in thread hijacking method for DLL injection where:
- If the opened process never communicates back that injection has finished, the injection process would enter an infinite loop;
- The first thread was always selected for hijacking. A thread is randomly selected now instead for better compatibility.
- Slightly adjusted the CPU information in the about window: sorted chronologically, added CPU brand string and removed VMX;
- Fixed bug with routine override functions where deleting a used plugin from the plugin directory and opening the settings window subsequently would crash CrySearch;
- Fixed bug where type would be changed incorrectly in the change dialog of an address table entry;
- Removed the scan thread priority setting from the settings window;
- Changes in the address table:
- Removed the frozen parameter from persistent address table storage;
- Fixed bug where freezing an address table entry would revert after a few minutes of playing.

Screenshots:
/hackdata/screenshot/thumb/8cabe4f93e42b93f8f57298fa8e942f6.jpg

Download:
CrySearch Memory Scanner v3.0