|
MemoryHacker
2 Attachment(s)
MemoryHacker is a tool which can search for values on the target process!
You can use to search/write in the memory of a process. Can be used for finding information for creating trainers/memory hacking. First Select a process then do a right mouse click on it and choose "Memory hack", A new dialog with options will come, with search type: Full search or Custom search (Customize button), Customize dialog contains list with Start Address/End Address in order to perform search only on these ranges. You can pick up a Module or a memory block. Type combo specifies the type of variables to search can be: byte, word, dword, qword, bytes, ASCII string, UNICODE string, float or double. Base combo specifies the base of "Value to search", decimal = base 10 and hexadecimal = base 16. First time you enter "Value to search" and click on "Search" button in order to find addresses and they will be added to list (Address/Value) "New value" textbox is used only when you press "Patch" button, holds the new value to be set! They are three more options when you right click on list(Address/Value) "Copy Selected", "Remove Selected" and "Patch Selected". Read button will read current values of list (Address/Value). "Remove Not Found" button will read current values of list (Address/Value) and will remove from list (Address/Value) the ones which are not equal with "Value to search". "Patch" button will patch all values of list (Address/Value) with "New value". Let me know about any bug or if you have any suggestion. Source code (Visual C++ 6.0) released. In MemoryHacker_fixed1: - now "Remove Not Found" remove addresses for which read fails (probable due to memory being set free) - Added "Suspend process", "Resume process" and "Get process state" in main dialog |
Very good and simple tool.
I have never seen anything so simple:). Tip: if you can't find all the processes in the list. then use the tool “PowerRun” (Runs the program as “TrustedInstaller or Nt Authority/system”) https://www.sordum.org/9416/powerrun-v1-7-run-with-highest-privileges/ (Also applies to all other memory tools such as Winhex, 010Editor and many more);) |
MemoryHacker fixed2
MemoryHacker_fixed2:
- Fixed buffer overflow posted by jackyjask - Fixed conversion of MemoryBlock protection to string - in "Inspect Memory" dialog added "Split string len"; and also added vertical scroll |
Awesome.. as always !
|
Quote:
|
MemoryHacker_fixed4
MemoryHacker_fixed4.rar:
- Fixed signed/unsigned mismatch, from now if search value start with '+' or '-' char it will considered signed else unsigned. src&exe attached. |
MemoryHacker_fixed5
1 Attachment(s)
MemoryHacker_fixed5:
- Fixed crush while pressing Esc key on dialogs. |
Here is MemoryHacker64: ported MemoryHacker to 64 bits.
Source code Visual Studio Community 2017 included. Download link: https://workupload.com/file/pLkj4dWe9hX Currently is beta. Still needs testings; in special testing if write function works ok. |
MemoryHacker_fixed6 MemoryHacker 64 bit final
2 Attachment(s)
MemoryHacker_fixed6: 32 bits and MemoryHacker 64 bit released as final (non beta):
- bug fix Replace VirtualProtect with VirtualProtectEx now patches of non Writable access should work fine. |
MemoryHacker64_fixed2
1 Attachment(s)
I know I said it is the final version, but actually there was a bug on Memory Hack ->"Copy Selected" - it causes program to crush.
|
Still crashes when trying to dump on Windows 11
|
Quote:
|
MemoryHacker_fixed7_32Bits
1 Attachment(s)
New:
There was a bug on Memory Hack ->"Copy Selected" - it causes program to crush. The bug was fixed now for 32 bits version. |
my fork
1 Attachment(s)
I found this relatively old tool quite nice and handy for quick tasks, so I decided to give it a modern twist. I moved it to Win11, fixed several memory bugs, improved the code here and there and added a couple of handy features (like hex view on search matches).
Distro with changelog attached best Shub |
Nice @Shub-Nigurrath really improvements, many thanks.
Do you have any idea why MemoryHacker_Shub-fork.zip\x32\MemoryHacker.exe crushes sometimes ? May be one of my old bug. "Inspect Memory" is really great, it will be great if we can switch from ASCII view to UNICODE view, plus it will also great if we can patch memory in both hex view mode and ASCII/UNICODE mode. The last thing I was working at this program was on Patch (x64 version), for some reasons VirtualProtectExA returns GetLastError 87 on some addresses; I am searching 123 dword decimal and patch addresses of Winrar 64 bits. It will be also great if I could add Dll Module Names on Memory Block. |
1 Attachment(s)
The intermittent x32 crashes were due to unsafe modeless-dialogue copying, where some windows were assigned through a custom operator=() that only copied m_hWnd. I removed that pattern, and the dialogue classes are now non-copyable, so the same bug cannot silently return in the future.
|
Thank you.
It will be great if "Hex" option from Inspect Memory will show both Hex and ASCII or UNICODE, something like "Hex&Ascii" and also "Hex&Unicode". "Inspect Memory" Patch button now show this error: https://ibb.co/xqWMYhmR "Inspect Memory" -> "Inspect Memory" button now does nothing, nothing happens when is pressed. |
1 Attachment(s)
OK, worked on that.
v1.2 fixes those issues and a couple of others you didn't spot (for example, the module selection). Now, double-clicking on the DLL or module selection does the job. |
Let me know if you are interest to develop it further.
For Ascii and Unicode will be great it will be two option checkboxes: case-sensitive (Where the case of letters matters) and case-intensive (Where the case of letters doesn't matter). I've notice that the 32 bits MemoryHacker still crushes sometimes. Do you know why Memory Block doesn't show low addresses? It start with 00D70000 address? On "Memory inspect" "Split string len" value doesn't seems to matter while pressing Inspect. On memory inspect chars ^^ ^^ will be great if it will not be there at all, like the space " ^^ ". Instead it will be much nicer if you will bold the target area. I don't know if you like the idea, let me know. Winrar 64 bits textbox is limited to entering 8 hexadecimal numbers while in 64 bits should be 16 hexadecimal numbers; in Customize dialog. "Get process state" doesn't look good; it is it too large. |
1 Attachment(s)
here is
Now changelog.md contains the list of additions I have made since the initial fork. For the moment, I'll freeze the project unless there are important bugs or excellent ideas :-P best Shub |
MemoryHacker_Shub-fork v1.2.2
1 Attachment(s)
MemoryHacker Shub-fork v1.2.2
For MemoryHacker Shub-fork v1.2.1 see CHANGELOG.md for full details of changes made by Shub-Nigurrath Read MemoryHackerReadMe.txt for how to use this tool. MemoryHacker by Shub-Nigurrath and CodeCracker v1.2.2: - Switched to VS Community 2017, Platform Toolset "Visual Studio 2017 - Windows XP (v141_xp) - Mirror interface changes - Now writes if MemoryHacker is 32 bits or 64 bits, now write "Administrator" if is runned as admninistrator - Now you can patch with any hex/Ascii/Unicode in Inspect Memory, but hex values lenght should be even (divisible by 2) Left to do: 1. Inspect Memory dialog interface looks strange 2. Memory Block doesn't show low addresses 3. Adding an manifest to program, I don't know how to do this For some reasons the 32 bits version gets compiled in Debug/Release folders while 64 bits versions gets compiled in x64 folder |
1 Attachment(s)
Hi all
I like clean things. I therefore did some additional tweaks. I am compiling with VS 2026 and needed to modify the vsproj, so it compiles automatically on any installation, adapting to what's installed on the machine. V 1.2.3 MemoryHacker 1.2.3 focuses on building reliability and finishing the remaining UI/configuration cleanup. The project now adapts to the toolchains actually installed on the system, builds cleanly in modern Visual Studio environments, embeds a proper application manifest, and keeps Win32/x64 outputs organised under x32 and x64 folders. On the app side, the Inspect Memory window now has a corrected layout, and the Memory Block view was widened so addresses display properly on both 32-bit and 64-bit builds. Windows XP buildability is still possible with v141_xp installed, but modern v145 builds should not be assumed to be XP-compatible. Hence, if you want to have it on XP, someone with an older version of Visual Studio needs to give it a compilation twist edited NEW v1.2.4 Fix memory problems. The main problems were unsafe parsing of remote PE headers in the modules view, fixed-size custom-range arrays that could overflow, an off-by-one bug when removing custom ranges, a fixed-size selected-index buffer that could corrupt heap memory when too many rows were selected, and suspend/resume code that assumed handles and ntdll exports were always valid. Best Shub |
v1.2.4 uploaded to the edited version of my previous post
|
Hi. I found new problems with v1.2.4/v1.2.3: it can't even see some processes for example WinStore.App.exe; they are 64 bits processes - original build I've created works fine.
|
1 Attachment(s)
v1.2.4 changed the process picker from a flat list into a parent/child tree, but only root nodes are expanded initially. Processes like WinStore.App.exe can be correctly enumerated yet buried under a collapsed parent, so they look missing .. that was an easy patch: I added an "Expand(treeItem, TVE_EXPAND)" in the opening
I also added two nice features: - add: search incremental case-insensitive, with next/prev buttons for process name, ctrl-f also supported. - add: drag & drop icon to select the process visually (like Process Explorer from sysinternals) - fix: a message "searching .. please wait" in the memory search dialog Attached the new version 1.2.5 |
Ah, I got it the process is under wininit.exe -> services.exe -> svchost.exe
my bad. |
| All times are GMT +8. The time now is 16:43. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX