Anmeldungsdatum: Aug 2007
Beiträge: 1957
|
Kategorie: Tools Entwickler: evolution536
Beschreibung: Features
- Accessing processes remotely, also system processes when running as Administrator;
- Memory scanning for primitive types, strings and byte sequences;
- Filtering scan results (a.k.a. Next scan);
- Supports relative addresses and offsets;
- Creating, saving and reusing address tables containing scan results.
- Changing values at memory addresses and freeze them;
- Viewing PE (Portable Executable) information about the opened process;
- Viewing and dumping sections;
- Viewing threads, change priority, suspend, resume and create threads remotely;
- Viewing, injecting, ejecting, dumping and hiding modules, and restore PE headers from a file on the disk;
- Allocating memory blocks remotely;
- Generating code snippets from address tables;
- Hotkeys to automate actions that do not require user input;
- Viewing import address table of loaded process and its modules;
- Settings hooks on the IAT of a process and its modules and restoring export addresses;
- Viewing PEB and TEB's for loaded process and its threads, including manipulation of certain associated information;
- Viewing and closing handles in the loaded process;
- Disassembling executable pages in a process to provide memory view and program flow control;
- Walking heaps in the opened process as side feature of the disassembler;
- Debugging executable code and data to find out what the flow of a program is;
- Plugin system featuring CrySearch extensions to be written in MASM, C or C++;
- Generate signatures and byte-arrays from selected disassembly;
- Create memory dissections of specific parts of the process' memory and save them to the address table.
FAQ Q: What OS's does CrySearch support? A: Windows XP and higher. CrySearch is coded on Windows 8.1, and also tested on Windows XP. However, due to limitations of the OS, some features might not work on Windows XP. Q: I have an issue that is not described in the FAQ. What do I have to do? A: Refer to CrySearch's Wiki page linked on top of the first post. If you still haven't found a solution to your issue, feel free to post a message. If you do so, please write down your issue as detailed as possible. Q: Why does the CrySearch user interface have some parts contain oversized buttons and largely spaced text? A: When you set your windows font size to 125% or 150% the text will outgrow the controls. Q: I just updated CrySearch and it crashes in random places. What can I do? A: Some settings CrySearch saves to the xml file it creates may have changed. The structure of the XML file is not correct. This results in undefined behavior. Delete the XML file and restart CrySearch.
Screenshots:
Download: CrySearch Memory Scanner v1.17
|