Skip to content
/ MemScan-1.0 Public

Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory

49 stars 19 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

landhb/MemScan-1.0

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
img
img
 
 
tools
tools
 
 
README.md
README.md
 
 
makefile
makefile
 
 
memblock.h
memblock.h
 
 
memread.c
memread.c
 
 
memscan.c
memscan.c
 
 
memwrite.c
memwrite.c
 
 

Repository files navigation

MemScan

Scan/manipulate the memory of a process with a given PID

Overview

  1. Discover memory regions in use by a process with VirtualQueryEx given a PID
  2. Read memory into a local structure with ReadProcessMemory
  3. Modify the content of the memory locally
  4. Write the modified memory back into the process with WriteProcessMemory

Unique String

Compiling w/Linux Subsystem

To create Windows executables in the linux subsystem, you need to install mingw cross-compiler:

sudo apt-get install mingw-w64

Then you can create 32-bit Windows executables using the makefile with:

make 32bit

And 64-bit Windows executables with:

make 64bit

Usage

Program takes the name of the exe (i.e. "slack.exe") running the process you'd like to examine and the search string.

.\memscan.exe [Process Name] [Search String]

Note: memscan.exe must be compiled as a 64bit executable to examine 64 bit processes

About

Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory

Topics

windows winapi memory-hacking

Resources

Readme
Activity

Stars

49 stars

Watchers

2 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages