Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
img
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

MemScan

Scan/manipulate the memory of a process with a given PID

Overview

  1. Discover memory regions in use by a process with VirtualQueryEx given a PID
  2. Read memory into a local structure with ReadProcessMemory
  3. Modify the content of the memory locally
  4. Write the modified memory back into the process with WriteProcessMemory

Unique String

Compiling w/Linux Subsystem

To create Windows executables in the linux subsystem, you need to install mingw cross-compiler:

sudo apt-get install mingw-w64

Then you can create 32-bit Windows executables using the makefile with:

make 32bit

And 64-bit Windows executables with:

make 64bit

Usage

Program takes the name of the exe (i.e. "slack.exe") running the process you'd like to examine and the search string.

.\memscan.exe [Process Name] [Search String]

Note: memscan.exe must be compiled as a 64bit executable to examine 64 bit processes

About

Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory

Topics

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.