MemorySharp - C# based memory editing library targeting Windows applications ! menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    ZenLulz's Avatar Corporal CoreCoins Purchaser
    Reputation
    59
    Join Date
    Jan 2012
    Posts
    20
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    MemorySharp - C# based memory editing library targeting Windows applications !

    MemorySharp - C# based memory editing library targeting Windows applications !-memorysharp-logo120-png
    MemorySharp

    C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.

    Hey folks !

    I'm delighted to post something useful for this community where I learnt so many things/tricks about Memory Editing.

    Today I want to introduce my memory editing library I'm working on for now several months. The goal of this library is to provide a safe, powerful and easy to use API, keeping the remote process as clean as possible.

    Features

    MemorySharp is divided into several parts. Here is list the all the features available.

    • Process interactions
      • Check if the process is debugged
      • Gather information of the process
      • Interact with the PEB (Process Environment Block)
    • Memory interactions
      • Allocate and free a chunk of memory
      • Change the protection of allocated regions
      • Get an absolute/relative address from a pointer
      • Query the memory allocated
      • Read and write primitive and complex data types
    • Module interactions
      • Enumerate all modules loaded
      • Find functions inside a module
      • Get the main module
      • Inject and eject modules
    • Thread interactions
      • Create and terminate threads
      • Get the exit code of terminated threads
      • Get the main thread
      • Get the segments addresses
      • Get threads by identifier
      • Interact with the TEB (Thread Environment Block)
      • Join threads
      • Manage the context of threads
      • Query the state of threads
      • Suspend and resume threads
    • Window interactions
      • Enumerate the windows of the process
      • Enumerate the child windows of the process
      • Enumerate the child windows of another window
      • Flash the window (once or repeatedly)
      • Get a window by its class name
      • Get a window by its title (or a part of its title)
      • Get the attached thread of a window
      • Get the main window
      • Interact with the keyboard with a window (press and release keys, write texts) without activate it
      • Interact with the mouse with the window (clicks, movement)
      • Post and send message
      • Query the class name
      • Query and modify the title
      • Query and modify the size (height, width) and the position (X, Y)
    • Assembly interactions
      • Assemble mnemonics
      • Embed FASM compiler (Fasm.NET)
      • Execute remote codes (such as functions) with/without parameter(s) synchronously and asynchronously
      • Inject mnemonics
      • Support several calling conventions
    • Data types manipulations
      • Extract useful information from data types
      • Convert a byte array to a managed object
      • Convert a managed object to a byte array
      • Convert a pointer to a managed object
      • Store data in the remote process in safe (collected when unused)
    • Helpers available
      • ApplicationFinder: Find the right process to interact
      • HandleManipulator: Convert an handle to a process or a thread
      • Generic singleton: Implement a singleton on any of your class
      • Randomizer: Generate random numbers, strings and Guid
      • SerializationHelper: Serialize and deserialize managed object into XML
    Examples

    MemorySharp enable the developers to write memory injection with a nice syntax, without headaches.
    The examples are available on this webpage: Binarysharp :: Products - MemorySharp (don't want to post tons of code here).

    License

    After a talk with some developers and notably Cypher, I decided to release MemorySharp under the MIT license. You are free to use MemorySharp in any project (even commercial projects) as long as the copyright header is left intact.

    Links



    Credits
    I thank the entire Ownedcore community, which allows me to learn the art of the Memory Editing. Especially Apoc, who is a very inspirational person for me with his posts giving so well-written pieces of code without asking anything in return (this includes examples / offsets / guides /libraries), Cypher for his very critical mind about coding practices, Bananenbrot for giving nice advices in a lot of threads of the board, TOM_RUS for his very high-skilled eyes to read asm, making very comprehensive wrappers and Shynd, who gave me the idea of creating my own library. I certainly forget tons of people here.


    I also would love to get your feedback about it.

    Cheers,
    ZenLulz

    MemorySharp - C# based memory editing library targeting Windows applications !
  2. #2
    ~Unknown~'s Avatar Contributor
    Reputation
    193
    Join Date
    Jan 2009
    Posts
    211
    Thanks G/R
    0/5
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Looks great. I saw this on github awhile back and liked it a lot. My only feedback without looking through the code is a slight request: I wouldn't mind seeing a 64-bit capable FASM.net Sure there are plenty of ways to do it without FASM, but it would be nice. I also look forward to all the "coming soon" features.

  3. #3
    ZenLulz's Avatar Corporal CoreCoins Purchaser
    Reputation
    59
    Join Date
    Jan 2012
    Posts
    20
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey ~Unknown~ !

    Thanks for your post.

    Yeah, I plan to release a version of MemorySharp for 64-bit process and of course this will include Fasm.NET in 64-bit.
    I need to do some researches if I can embed an COFF object 32-bit within a .NET library in 64-bit, or find another nice alternative.

    Cheers

  4. #4
    Valediction's Avatar Active Member
    Reputation
    37
    Join Date
    Jul 2012
    Posts
    48
    Thanks G/R
    8/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good work.

  5. #5
    Jadd's Avatar 🐸 Premium Seller
    Reputation
    1511
    Join Date
    May 2008
    Posts
    2,432
    Thanks G/R
    81/333
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    This is really great work. Probably the best memory library I have seen so far. Much <3 for releasing under MIT license.

  6. #6
    ZenLulz's Avatar Corporal CoreCoins Purchaser
    Reputation
    59
    Join Date
    Jan 2012
    Posts
    20
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Jadd View Post
    This is really great work. Probably the best memory library I have seen so far. Much <3 for releasing under MIT license.
    I'm incredibly delighted to read this comment from you, Jadd.

  7. #7
    miceiken's Avatar Contributor Authenticator enabled
    Reputation
    208
    Join Date
    Dec 2007
    Posts
    401
    Thanks G/R
    7/8
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Checked it out on GitHub and I have agree with Jadd. It's a very thorough and nice library. I tip my hat to you sir.

  8. #8
    Seifer's Avatar Site Donator
    Reputation
    129
    Join Date
    Apr 2007
    Posts
    270
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Looks very good, makes my memory lib look feature-incomplete.

  9. #9
    ZenLulz's Avatar Corporal CoreCoins Purchaser
    Reputation
    59
    Join Date
    Jan 2012
    Posts
    20
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your kind comments !

    Some news here. I pushed my libraries on NuGet, allowing the developers to easily download/update them from Visual Studio. So, you can search for Binarysharp or the name of the library to install them.

    Also, I'm a bit unhappy about the strong coupling between MemorySharp and the API Win32. I decided to implement an abstraction layer to be able to simply swap the API used. I think this is a good starting point to make the library supports the AMD64 architecture. This is my focus for the next weeks, since the 64-bit applications are trendy.

    More about NuGet on the official post
    ZenLulz, Author of MemorySharp - A C# based memory editing library.

  10. #10
    Erke's Avatar Member
    Reputation
    2
    Join Date
    Apr 2012
    Posts
    17
    Thanks G/R
    2/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by ZenLulz View Post
    Thanks for your kind comments !

    Some news here. I pushed my libraries on NuGet, allowing the developers to easily download/update them from Visual Studio. So, you can search for Binarysharp or the name of the library to install them.

    Also, I'm a bit unhappy about the strong coupling between MemorySharp and the API Win32. I decided to implement an abstraction layer to be able to simply swap the API used. I think this is a good starting point to make the library supports the AMD64 architecture. This is my focus for the next weeks, since the 64-bit applications are trendy.

    More about NuGet on the official post
    Nice of you to leave some snippets in the link for us who arent very experienced with programming

  11. #11
    Apoc's Avatar Angry Penguin
    Reputation
    1387
    Join Date
    Jan 2008
    Posts
    2,750
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Very nice library!

    It is very nicely written, but also suffers from the same things I wrote GreyMagic specifically for.

    Using the Marshaler when you don't have to, makes things incredibly slow. If you want to steal the MarshalCache<T> and read/writer from GreyMagic, feel free. They're written to get around the incredibly slow nature of the Marshaler on basic datatypes. (Or, at least structures that don't require the marshaler.)

    There's a lot of optimizations that can be done to this library, but I'm sure you already know where those are.

    Just an FYI, I've finally given up on purely-managed memory libraries. I rewrote GreyMagic in C++/CLI with a few extra things (since we can step down to pure C level) and the speed difference is more than a magnitude faster. (10.8s to read a value 10mil times in the pure C# implementation, to 1.3s with the C++/CLI implementation)

  12. #12
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Doth my eyes deceive me? Apoc wrote something in something other than C#? He even writes websites in C#!

  13. #13
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1356
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Apoc View Post
    Very nice library!

    It is very nicely written, but also suffers from the same things I wrote GreyMagic specifically for.

    Using the Marshaler when you don't have to, makes things incredibly slow. If you want to steal the MarshalCache<T> and read/writer from GreyMagic, feel free. They're written to get around the incredibly slow nature of the Marshaler on basic datatypes. (Or, at least structures that don't require the marshaler.)

    There's a lot of optimizations that can be done to this library, but I'm sure you already know where those are.

    Just an FYI, I've finally given up on purely-managed memory libraries. I rewrote GreyMagic in C++/CLI with a few extra things (since we can step down to pure C level) and the speed difference is more than a magnitude faster. (10.8s to read a value 10mil times in the pure C# implementation, to 1.3s with the C++/CLI implementation)
    Apoc is turning to the dark side...

  14. #14
    BitHacker's Avatar Master Sergeant
    Reputation
    13
    Join Date
    May 2012
    Posts
    114
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I found this most interesting while reading the thread above:

    Data types manipulations

    Extract useful information from data types
    Convert a byte array to a managed object
    Convert a managed object to a byte array
    Convert a pointer to a managed object
    Store data in the remote process in safe (collected when unused)

    I will have to check that out on github. I'm interested, on how you do the conversions. I'm more of an, asm / c / c++ guy myself. So, It will take me a bit to read c#... Ahhhh so much bs code.... lol...
    Last edited by BitHacker; 09-24-2013 at 05:08 AM.

  15. #15
    ZenLulz's Avatar Corporal CoreCoins Purchaser
    Reputation
    59
    Join Date
    Jan 2012
    Posts
    20
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your feedback Apoc, makes me happy !

    I looked at your code to marshal a generic type and I must say this is really ingenious. This would be awesome if I implement that in MemorySharp
    I'm going to start playing with unsafe code in C# too. Since I wrote my Fasm wrapper in C++/CLI, I thought really fun to use pointers within the managed environment. Have fun with your rewrite of GreyMagic and I'm looking forward to have more details about some benchmarking results (ticks per read/write).

    Originally Posted by Cypher View Post
    Apoc is turning to the dark side...
    It could have been worse ... He could leave the managed world..!

    @BitHacker: Your points of interest are written in the classes MarshalType<T> and MarshalValue<T>.

    Cheers,
    ZenLulz
    ZenLulz, Author of MemorySharp - A C# based memory editing library.

Page 1 of 2 12 LastLast

Similar Threads

  1. [Release] SHInject - A small Memory Editing library for 3.3.5:12340
    By Blackplayer27 in forum WoW Memory Editing
    Replies: 4
    Last Post: 09-22-2020, 06:06 PM
  2. Java Memory Editing Lib for Windows
    By kyperbelt in forum WoW Memory Editing
    Replies: 10
    Last Post: 05-14-2016, 05:34 PM
  3. Memory editing/reading library for Go
    By Nikentic in forum Programming
    Replies: 0
    Last Post: 05-10-2016, 08:54 AM
  4. [source][C++]Blackbone - windows memory hacking library
    By DarthTon in forum WoW Memory Editing
    Replies: 15
    Last Post: 02-21-2015, 07:39 AM
  5. HadesMem - A Windows Memory Hacking Library for C++
    By Cypher in forum WoW Memory Editing
    Replies: 81
    Last Post: 02-10-2013, 03:24 PM
All times are GMT -5. The time now is 09:26 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search