Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
img
tools
README.md
makefile
memblock.h
memread.c
memscan.c
memwrite.c

README.md

MemScan

Scan/manipulate the memory of a process with a given PID

Overview

  1. Discover memory regions in use by a process with VirtualQueryEx given a PID
  2. Read memory into a local structure with ReadProcessMemory
  3. Modify the content of the memory locally
  4. Write the modified memory back into the process with WriteProcessMemory

Unique String

Compiling w/Linux Subsystem

To create Windows executables in the linux subsystem, you need to install mingw cross-compiler:

sudo apt-get install mingw-w64

Then you can create 32-bit Windows executables using the makefile with:

make 32bit

And 64-bit Windows executables with:

make 64bit

Usage

Program takes the name of the exe (i.e. "slack.exe") running the process you'd like to examine and the search string.

.\memscan.exe [Process Name] [Search String]

Note: memscan.exe must be compiled as a 64bit executable to examine 64 bit processes