GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Akaion → Jupiter

Akaion / Jupiter

Licence: mit
A Windows virtual memory editing library with support for pattern scanning.

Labels

reverse-engineeringmemory

Projects that are alternatives of or similar to Jupiter

Minject
Mono Framework Interaction / Injection Library for .NET (C++/CLI)
Stars: ✭ 42 (-73.08%)
Mutual labels:  memory, reverse-engineering
Mem
A collection of C++11 headers useful for reverse engineering
Stars: ✭ 56 (-64.1%)
Mutual labels:  memory, reverse-engineering
Dll hook Rs
Rust code to show how hooking in rust with a dll works.
Stars: ✭ 57 (-63.46%)
Mutual labels:  memory, reverse-engineering
Steamkit
SteamKit2 is a .NET library designed to interoperate with Valve's Steam network. It aims to provide a simple, yet extensible, interface to perform various actions on the network.
Stars: ✭ 1,926 (+1134.62%)
Mutual labels:  reverse-engineering
Ghidra Switch Loader
Nintendo Switch loader for Ghidra
Stars: ✭ 146 (-6.41%)
Mutual labels:  reverse-engineering
Legu unpacker 2019
Scripts to unpack APK protected by Legu
Stars: ✭ 150 (-3.85%)
Mutual labels:  reverse-engineering
Z3 and angr binary analysis workshop
Code and exercises for a workshop on z3 and angr
Stars: ✭ 154 (-1.28%)
Mutual labels:  reverse-engineering
Native Shim
A "shim" for loading native jni files for Android active debugging
Stars: ✭ 145 (-7.05%)
Mutual labels:  reverse-engineering
Rattle
evm binary static analysis
Stars: ✭ 152 (-2.56%)
Mutual labels:  reverse-engineering
Execution Trace Viewer
Tool for viewing and analyzing execution traces
Stars: ✭ 149 (-4.49%)
Mutual labels:  reverse-engineering
Memflow
physical memory introspection framework
Stars: ✭ 149 (-4.49%)
Mutual labels:  memory
Apiscout
This project aims at simplifying Windows API import recovery on arbitrary memory dumps
Stars: ✭ 146 (-6.41%)
Mutual labels:  reverse-engineering
Panda
Platform for Architecture-Neutral Dynamic Analysis
Stars: ✭ 1,993 (+1177.56%)
Mutual labels:  reverse-engineering
Android Analysis
Getting Genymotion & Burpsuite setup for Android Mobile App Analysis
Stars: ✭ 146 (-6.41%)
Mutual labels:  reverse-engineering
Mixplaintext
可对 Xcode 项目工程所有的 objective-c 文件内包含的明文进行加密混淆,提高逆向分析难度。
Stars: ✭ 152 (-2.56%)
Mutual labels:  reverse-engineering
Triton
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.
Stars: ✭ 1,934 (+1139.74%)
Mutual labels:  reverse-engineering
Dejavu
Quickly detect already witnessed data.
Stars: ✭ 151 (-3.21%)
Mutual labels:  memory
Mviewer
Reverse Engineer MView 3D File Format
Stars: ✭ 148 (-5.13%)
Mutual labels:  reverse-engineering
Droidreverse
reverse engineering tools for android(android 逆向工程工具集)
Stars: ✭ 1,839 (+1078.85%)
Mutual labels:  reverse-engineering
Validity90
Reverse engineering of Validity/Synaptics 138a:0090, 138a:0094, 138a:0097, 06cb:0081, 06cb:009a fingerprint readers protocol
Stars: ✭ 1,807 (+1058.33%)
Mutual labels:  reverse-engineering
View All Similar Projects ➔

Jupiter

A Windows virtual memory editing library with support for pattern scanning.

Features

  • Allocate memory
  • Free memory
  • Protect memory
  • Read memory
  • Write memory

Pattern Scanning Features

  • Support for wildcard bytes
  • A Bower-Moore-Horspool algorithm implementation for fast scanning, particularly for large patterns

Installation

  • Download and install Jupiter using NuGet

Usage

The example below describes a basic implementation of the library

using Jupiter;

using (var memoryModule = new MemoryModule(processName))
{
    // Allocate a region of virtual memory in the process

    var regionAddress = memoryModule.AllocateVirtualMemory(sizeof(int), MemoryProtection.ReadWrite);

    // Write a value into the newely allocated region

    memoryModule.WriteVirtualMemory(regionAddress, 25);

    // Scan for the value we just wrote into memory

    var patternAddresses = memoryModule.PatternScan(BitConverter.GetBytes(25));

    // Read the value back

    var value = memoryModule.ReadVirtualMemory<int>(regionAddress);

    // Free the region of virtual memory

    memoryModule.FreeVirtualMemory(regionAddress);
}

Overloads

You can use a process ID instead of a process name.

var memoryModule = new MemoryModule(processId)

You can specify an address in which you want to allocate a region of virtual memory.

var regionAddress = memoryModule.AllocateVirtualMemory(pointer, sizeof(int), MemoryProtection.ReadWrite);

You can read an array of bytes instead of a structure.

var bytes = memoryModule.ReadVirtualMemory(regionAddress, bytesToRead);

You can write an array of bytes instead of a structure.

memoryModule.WriteVirtualMemory(regionAddress, new byte[] {0x19, 0xF0, 0x00, 0x2A});

You can use a string with wildcards as the pattern for pattern scanning.

memoryModule.PatternScan("19 F0 ?? 2A");

You can specify a base address in which the pattern scanning should start at to allow quicker scans.

memoryModule.PatternScan(pointer, BitConverter.GetBytes(25));

Caveats

  • If no memory protection constant is specified when allocating virtual memory, ExecuteReadWrite will be used.

  • Pattern scanning with a small pattern may take a long time depending on the speed of your CPU.

Contributing

Pull requests are welcome.

For large changes, please open an issue first to discuss what you would like to contribute.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].