Anmeldungsdatum: Aug 2007
Beiträge: 8643
Benutzer-Bewertung:
|
Kategorie: Tools Entwickler: evolution536
Beschreibung: Features
- Accessing processes remotely, also system processes when running as Administrator;
- Memory scanning for primitive types, strings and byte sequences;
- Filtering scan results (a.k.a. Next scan);
- Supports relative addresses and offsets;
- Creating, saving and reusing address tables containing scan results.
- Changing values at memory addresses and freeze them;
- Viewing PE (Portable Executable) information about the opened process;
- Viewing and dumping sections;
- Viewing threads, change priority, suspend, resume and create threads remotely;
- Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
- Allocating memory blocks remotely;
- Generating code snippets from address tables;
- Hotkeys to automate actions that do not require user input;
- Viewing import address table of loaded process and its modules;
- Settings hooks on the IAT of a process and its modules and restoring export addresses;
- Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
- Viewing and closing handles in the loaded process;
- Disassembling executable pages in a process to provide memory view and program flow control;
- Walking heaps in the opened process as side feature of the disassembler;
- Debugging executable code and data to find out what the flow of a program is;
- Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
- Generate signatures and byte-arrays from selected disassembly;
- Create memory dissections of specific parts of the process' memory and save them to the address table.
Screenshots:
Download: CrySearch Memory Scanner v1.16
|