GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Squalr → Squalr

Squalr / Squalr

Squalr Memory Editor - Game Hacking Tool Written in C#

Programming Languages

csharp
926 projects

Labels

windowsx86x86-64memory-hacking

Projects that are alternatives of or similar to Squalr

Unicorn
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, X86)
Stars: ✭ 4,934 (+664.96%)
Mutual labels:  x86, x86-64
Rop Tool
A tool to help you write binary exploits
Stars: ✭ 590 (-8.53%)
Mutual labels:  x86, x86-64
fasm
flat assembler 1 - reconstructed source history
Stars: ✭ 187 (-71.01%)
Mutual labels:  x86-64, x86
Capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Stars: ✭ 5,374 (+733.18%)
Mutual labels:  x86, x86-64
The holy book of x86
A simple guide to x86 architecture, assembly, memory management, paging, segmentation, SMM, BIOS....
Stars: ✭ 577 (-10.54%)
Mutual labels:  x86, x86-64
FEX
A fast usermode x86 and x86-64 emulator for Arm64
Stars: ✭ 650 (+0.78%)
Mutual labels:  x86-64, x86
Plasma
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Stars: ✭ 2,956 (+358.29%)
Mutual labels:  x86, x86-64
ria-jit
Lightweight and performant dynamic binary translation for RISC–V code on x86–64
Stars: ✭ 38 (-94.11%)
Mutual labels:  x86-64, x86
X86 Bare Metal Examples
Dozens of minimal operating systems to learn x86 system programming. Tested on Ubuntu 17.10 host in QEMU 2.10 and real hardware. Userland cheat at: https://github.com/cirosantilli/linux-kernel-module-cheat#userland-assembly ARM baremetal setup at: https://github.com/cirosantilli/linux-kernel-module-cheat#baremetal-setup 学习x86系统编程的数十个最小操作系统。 已在QE…
Stars: ✭ 3,985 (+517.83%)
Mutual labels:  x86, x86-64
Teamviewer permissions hook v1
A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
Stars: ✭ 297 (-53.95%)
Mutual labels:  x86, memory-hacking
SixtyFourBits
x64 Assembly Demo Framework
Stars: ✭ 21 (-96.74%)
Mutual labels:  x86-64, x86
Labeless
Labeless is a multipurpose IDA Pro plugin system for labels/comments synchronization with a debugger backend, with complex memory dumping and interactive Python scripting capabilities.
Stars: ✭ 378 (-41.4%)
Mutual labels:  x86, x86-64
fadec
A fast and lightweight decoder for x86 and x86-64 and encoder for x86-64.
Stars: ✭ 44 (-93.18%)
Mutual labels:  x86-64, x86
cult
CPU Ultimate Latency Test.
Stars: ✭ 67 (-89.61%)
Mutual labels:  x86-64, x86
binary-decompilation
Extracting high level semantic information from binary code
Stars: ✭ 55 (-91.47%)
Mutual labels:  x86-64, x86
Asmdb
Instructions database and utilities for X86/X64 and ARM (THUMB/A32/A64) architectures.
Stars: ✭ 258 (-60%)
Mutual labels:  x86, x86-64
OpenWRT-x86 64-Install
Create and deploy a LEGACY or EFI OpenWRT bootable image for x86_64 processors
Stars: ✭ 15 (-97.67%)
Mutual labels:  x86-64, x86
x86-Assembly-Reverse-Engineering
🛠 Knowledge about the topic of x86 assembly & disassembly 🛠
Stars: ✭ 27 (-95.81%)
Mutual labels:  x86-64, x86
Limine
x86/x86_64 BIOS Bootloader
Stars: ✭ 288 (-55.35%)
Mutual labels:  x86, x86-64
Toaruos
A completely-from-scratch hobby operating system: bootloader, kernel, drivers, C library, and userspace including a composited graphical UI, dynamic linker, syntax-highlighting text editor, network stack, etc.
Stars: ✭ 4,687 (+626.67%)
Mutual labels:  x86, x86-64
View All Similar Projects ➔

Squalr

License: GPL v3

Squalr Official Website

Join us on our Discord Channel

Squalr is performant Memory Editing software that allows users to create and share cheats in their windows desktop games. This includes memory scanning, pointers, x86/x64 assembly injection, and so on.

How does Squalr achieve fast memory scans in .NET? Multi-threading combined with single-core parallelism via SIMD instructions. See this article: SIMD in .NET. To take advantage of these gains, your CPU needs to have support for SSE, AVX, or AVX-512.

SqualrGUI

Documentation

You can find detailed documentation on the Wiki. There are three ways to use Squalr:

  • Front end GUI
  • Scripting API
  • Back end NuGet packages

Below is some brief documentation on the NuGet package APIs

Receiving Engine Output:

If using the NuGet packages, it is important to hook into the engine's output to receive logs of events. These are invaluable for diagnosing issues.

using Squalr.Engine.Logging;

...

// Receive logs from the engine
Logger.Subscribe(new EngineLogEvents());

...

class EngineLogEvents : ILoggerObserver
{
	public void OnLogEvent(LogLevel logLevel, string message, string innerMessage)
	{
		Console.WriteLine(message);
		Console.WriteLine(innerMessage);
	}
}

Attaching The Engine

using Squalr.Engine.OS;
...

IEnumerable<Process> processes = Processes.Default.GetProcesses();

// Pick a process. For this example, we are just grabbing the first one.
Process process = processes.FirstOrDefault();

Processes.Default.OpenedProcess = process;

Manipulating Memory:

using Squalr.Engine.Memory;

...

Reader.Default.Read<Int32>(address);
Writer.Default.Write<Int32>(address);
Allocator.Alloc(address, 256);
IEnumerable<NormalizedRegion> regions = Query.GetVirtualPages(requiredProtection, excludedProtection, allowedTypes, startAddress, endAddress);
IEnumerable<NormalizedModule> modules = Query.GetModules();

Assembling/Disassembling:

Squalr can assemble and disassemble x86/x64 instructions, leveraging NASM.

using Squalr.Engine.Architecture;
using Squalr.Engine.Architecture.Assemblers;

...

// Perform assembly
AssemblerResult result = Assembler.Default.Assemble(assembly: "mov eax, 5", isProcess32Bit: true, baseAddress: 0x10000);

Console.WriteLine(BitConverter.ToString(result.Bytes).Replace("-", " "));

// Disassemble the result (we will get the same instructions back)
Instruction[] instructions = Disassembler.Default.Disassemble(bytes: result.Bytes, isProcess32Bit: true, baseAddress: 0x10000);

Console.WriteLine(instructions[0].Mnemonic);

Scanning:

Squalr has an API for performing high performance memory scanning:

using Squalr.Engine.Scanning;
using Squalr.Engine.Scanning.Scanners;
using Squalr.Engine.Scanning.Scanners.Constraints;
using Squalr.Engine.Scanning.Snapshots;

...

DataType dataType = DataType.Int32;

// Collect values
TrackableTask<Snapshot> valueCollectorTask = ValueCollector.CollectValues(
	SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshotOrPrefilter, dataType));

// Perform manual scan on value collection complete
valueCollectorTask.CompletedCallback += ((completedValueCollection) =>
{
	Snapshot snapshot = completedValueCollection.Result;
	
	// Constraints
	ScanConstraintCollection scanConstraints = new ScanConstraintCollection();
	scanConstraints.AddConstraint(new ScanConstraint(ScanConstraint.ConstraintType.Equal, 25));

	TrackableTask<Snapshot> scanTask = ManualScanner.Scan(
		snapshot,
		allScanConstraints);

	SnapshotManager.SaveSnapshot(scanTask.Result);
});
	
	
for (UInt64 index = 0; index < snapshot.ElementCount; index++)
{
	SnapshotElementIndexer element = snapshot[index];

	Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue() : null;
	Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue() : null;
}

Debugging:

// Example: Tracing write events on a float
BreakpointSize size = Debugger.Default.SizeToBreakpointSize(sizeof(float));
CancellationTokenSource cancellationTokenSource = Debugger.Default.FindWhatWrites(0x10000, size, this.CodeTraceEvent);

...

// When finished, cancel the instruction collection
cancellationTokenSource.cancel();

...

private void CodeTraceEvent(CodeTraceInfo codeTraceInfo)
{
	Console.WriteLine(codeTraceInfo.Instruction.Address.ToString("X"));
	Console.WriteLine(codeTraceInfo.Instruction.Mnemonic);
}

Recommended Visual Studio Extensions

Reference Description
XAML Formatter XAML should be run through this formatter
StyleCop StyleCop to enforce code conventions. Note that we deviate on some standard conventions. We use the full type name for variables (ex Int32 rather than int). The reasoning is that this is a memory editor, so we prefer to use the type name that is most explicit to avoid coding mistakes.

Build

In order to compile Squalr, you should only need Visual Studio 2017. This should be up to date, we frequently update Squalr to use the latest version of the .NET framework. Here are the important 3rd party libraries that this project uses:

Library Description
EasyHook Managed/Unmanaged API Hooking
SharpDisasm Udis86 Assembler Ported to C#
CsScript C# Scripting Library
AvalonEdit Code Editing Library
SharpDX DirectX Wrapper
CLRMD .NET Application Inspection Library
AvalonDock Docking Library
LiveCharts WPF Charts

Planned Features

Library Description Purpose
AsmJit x86/x64 Assembler Replace FASM, improve scripting drastically
AsmJit x86/x64 Assembler Original C++ project. May port/interop this if the above version does not work (Neither may fully work, and something custom may be needed)
WpfHexEditorControl Hex Editor Hex editor / Memory Hex Editor
OpenTK OpenGL Wrapper Graphics Injection
SharpDX DirectX Wrapper Graphics Injection (Currently using SharpDX just for input)
SharpPCap Packet Capture Packet Editor
Packet.Net Packet Capture Packet Editor
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].