GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tobiohlala → PSMemory

tobiohlala / PSMemory

Licence: BSD-3-Clause license
Automation Capable Multi Search 64 Bit Windows Memory Scanner

Programming Languages

powershell
5483 projects

Labels

windowsautomationmemoryscanner64-bitcapable

Projects that are alternatives of or similar to PSMemory

memory signature
A small wrapper class providing an unified interface to search for various memory signatures
Stars: ✭ 69 (+176%)
Mutual labels:  memory, scanner
Sharlayan
Visit us on Discord! https://discord.gg/aCzSANp
Stars: ✭ 91 (+264%)
Mutual labels:  memory, scanner
moneta
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
Stars: ✭ 384 (+1436%)
Mutual labels:  memory, scanner
human-memory
Course materials for Dartmouth course: Human Memory (PSYC 51.09)
Stars: ✭ 239 (+856%)
Mutual labels:  memory
kvs
Lightweight key-value storage library for Browser, Node.js, and In-Memory.
Stars: ✭ 126 (+404%)
Mutual labels:  memory
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+416%)
Mutual labels:  scanner
BitPack
BitPack is a practical tool to efficiently save ultra-low precision/mixed-precision quantized models.
Stars: ✭ 36 (+44%)
Mutual labels:  memory
doc
Get usage and health data about your Node.js process.
Stars: ✭ 17 (-32%)
Mutual labels:  memory
Jira-Lens
Fast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (+640%)
Mutual labels:  scanner
OpenAmiga600RamExpansion
Open Hardware 1 MB Chip RAM Expansion for the Commodore Amiga 600 Computer
Stars: ✭ 48 (+92%)
Mutual labels:  memory
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+1812%)
Mutual labels:  scanner
vulnscan
A static binary vulnerability scanner
Stars: ✭ 47 (+88%)
Mutual labels:  scanner
nxdk-rdt
Remote Dev Tool is a tool to remote control an Xbox using memory access and RPC
Stars: ✭ 23 (-8%)
Mutual labels:  memory
mem usage ui
Measuring and graphing memory usage of local processes
Stars: ✭ 124 (+396%)
Mutual labels:  memory
sgCheckup
sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.
Stars: ✭ 77 (+208%)
Mutual labels:  scanner
total
Ruby Gem to get total memory size in the system
Stars: ✭ 15 (-40%)
Mutual labels:  memory
porteye
Detect alive host and open port .
Stars: ✭ 17 (-32%)
Mutual labels:  scanner
sslscanner
SSL Scanner written in Crystal
Stars: ✭ 18 (-28%)
Mutual labels:  scanner
flex-bison-indentation
An example of how to correctly parse python-like indentation-scoped files using flex (and bison).
Stars: ✭ 32 (+28%)
Mutual labels:  scanner
cpu monitor
ROS node that publishes all nodes' CPU and memory usage
Stars: ✭ 52 (+108%)
Mutual labels:  memory
View All Similar Projects ➔

logo

PowerShell Gallery powershell version supported windows versions Codacy Badge

PSMemory is a 64 bit windows memory scanner written in PowerShell hence fully automation capable.

Description

Cmdlets

Search-Memory

searches the virtual address space of a process for specific values returning references to the memory they reside in. Besides the value itself these references contain other related information such as the concrete memory address or the protection of the page the value was found in. A search can be specified by the -Values parameter in the form of a hashtable where the keys define data types and the corresponding values define the values of that data type to be searched for as a comma-separated list. Valid data types to be specified as keys for the search table are

  • Byte for 8 bit numerical values
  • Short for 16 bit numerical values
  • Int for 32 bit numerical values
  • Long for 64 bit numerical values
  • String for ASCII text of arbitrary length
  • Bytes for Unicode byte arrays of arbitrary length

Example: a search for two 32 bit numerical values 1234 and 5678 as well as the text Notepad within the memory of the process notepad saving the result in a variable notepad for further processing may look like

Get-Process notepad | Search-Memory -Values @{
    Int = 1234, 5678
    String = 'Notepad'
} -OutVariable notepad

Compare-Memory

compares those references' values as present in memory when the reference was created or last updated to the current in-memory value. With the -Changed and -Unchanged parameters each reference will be matched whose in-memory value has either changed in any way or stood the same. For numerical values exclusively there are additionally the -Increased and -Decreased parameters which track if the in-memory value did either become greater or lower. For everything else there is the -Filter parameter where a PowerShell ScriptBlock may be supplied with a custom comparison criteria.

Example: given the above search now keep only those references whose in-memory value is either exactly 42 or has increased and update the reference result variable

$notepad | Compare-Memory -Increased -Filter {$_.Value -eq 42} -OutVariable notepad

Update-Memory

updates the current in-memory value referenced by a reference. The new value to be written may be supplied by one of the data type parameters depending on what value of what size to write.

Example: after filtering the memory references above now update each remaining referenced in-memory value with a new 32 bit numerical value of 9876

$notepad | Update-Memory -Int 9876

Format-Memory

formats reference objects as returned by all the aforementioned Cmdlets into formatted and human readable output.

Example:

Get-Process notepad | Search-Memory -Values @{Int = 42} -OutVariable notepad | Format-Memory

or

$notepad | Compare-Memory -Increased -Filter {$_.Value -eq 42} | Format-Memory

Alternatively, you can use the alias fm.

Installation

Install from PowerShell Gallery

Install-Module -Name PSMemory

or

git clone https://github.com/tobiohlala/PSMemory
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].