{"id":2958,"date":"2018-10-08T20:32:51","date_gmt":"2018-10-08T15:02:51","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=2958"},"modified":"2018-10-08T20:32:51","modified_gmt":"2018-10-08T15:02:51","slug":"xenoscan-memory-scanner","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/xenoscan-memory-scanner\/","title":{"rendered":"XenoScan – Open source memory scanner written in C++"},"content":{"rendered":"

XenoScan<\/strong> is a memory scanner which can be used to scan the memory of processes to locate the specific locations of important values. These types of tools are typically used when hacking video games, as they allow one to locate the values representing the game’s state in memory.<\/p>\n

XenoScan is written in C++ with a Lua frontend, and I’ve been working on advanced functionality that goes beyond anything that has been in any other memory scanners I’ve seen. Notably, it has a way to enumerate and return all complex data structures (such as std::list and std::map) in the target’s memory space, and it can even scan for any class instances and group the discovered instances by their underlying types.<\/p>\n

Also Read<\/span>DbgShell \u2013 A PowerShell Front-End For The Windows Debugger Engine<\/a><\/strong><\/p>\n

XenoScan Sub-projects<\/strong><\/h2>\n

XenoLua<\/strong><\/h3>\n

XenoLua is a wrapper around Lua that provides a ton of functionality. Most notably, it provides a LuaVariant<\/code> class which wraps the functionality of converting between C<\/code>\/C++<\/code> and Lua<\/code> types. Additionally, it has helper functions for working with Lua in the LuaPrimitive<\/code> class.<\/p>\n

XenoScanEngine<\/strong><\/h3>\n

XenoScanEngine is the meat of the project. It contains the code for the scanning, data structure detection, and everything else.<\/p>\n

XenoScanLua<\/strong><\/h3>\n

XenoScanLua ties XenoScanEngine to XenoLua to provide a Lua-scriptable frontend for the scanner. Currently, this is the only entry-point to the scanner.<\/p>\n

Additionally, this project contains some test code that ensures everything is working properly. A test is a combination of a .cpp<\/span><\/code><\/span><\/strong>, a .h<\/strong><\/span><\/code><\/span>, and a .lua<\/span><\/code> file. For examples on how to use the scanner, you can check out the .lua<\/code> test files.<\/p>\n

Compiling<\/strong><\/h2>\n

XenoScan<\/em> uses CMake<\/em>, and has been tested with Visual Studio 2017. In theory, you should be able to build the code with any modernish compiler, as long as you use CMake to generate the project files. Before you can compile, you will need to make sure you’ve checked out the submodules. Once that’s done, you’ll also have to build the luajit<\/em> submodule so XenoScan<\/em> can link against the libraries.<\/p>\n

If you’re using Visual Studio, this should be easy. Simply run buildmsvc2017.bat<\/code> from a Developer Command Prompt for VS<\/em>. As an example, to build a project for Visual Studio 2017<\/em>, I run<\/p>\n

cd C:\\path\\to\\XenoScan\nbuildmsvc2017.bat\n<\/span><\/strong><\/code><\/pre>\n
Which would make a file named XenoScan.sln<\/code><\/span> appear in my build<\/code> directory (e.g. C:\\path\\to\\XenoScan\\build<\/span><\/code>).<\/p>\n
The main development of XenoScan is done on this version of Visual Studio.<\/p>\n
Platform<\/strong><\/h2>\n
The code is designed to be platform-agnostic. Theoretically, to compile on any other platform, you would need to<\/p>\n
    \n
  1. Create project\/make files for your target IDE\/compiler.<\/li>\n
  2. Remove the ScannerTargetWindows.cpp<\/span><\/code> and ScannerTargetWindows.h<\/code><\/span> files from the project.<\/li>\n
  3. Implement the ScannerTarget<\/span><\/code> interface for your platform.<\/li>\n
  4. Add your implementation to the project.<\/li>\n
  5. ???? profit<\/em><\/li>\n<\/ol>\n
    Features<\/strong><\/h2>\n
    Basic scanning functionality supports the following types:<\/strong><\/p>\n