Search...

Open source memory scanner written in C++: XenoScan

2018-08-21T18:36:14

ID N0WHERE:172910
Type n0where
Reporter N0where
Modified 2018-08-21T18:36:14

Description

_ XenoScan _ is a memory scanner which can be used to scan the memory of processes to locate the specific locations of important values. These types of tools are typically used when hacking video games, as they allow one to locate the values representing the game’s state in memory.

_ XenoScan _ is written in C++ with a Lua frontend, and I’ve been working on advanced functionality that goes beyond anything that has been in any other memory scanners I’ve seen. Notably, it has a way to enumerate and return all complex data structures (such as std::list and std::map) in the target’s memory space, and it can even scan for any class instances and group the discovered instances by their underlying types.

Sub-projects

XenoLua

_ XenoLua _ is a wrapper around Lua that provides a ton of functionality. Most notably, it provides a LuaVariant class which wraps the functionality of converting between C / C++ and Lua types. Additionally, it has helper functions for working with Lua in the LuaPrimitive class.

XenoScanEngine

_ XenoScanEngine _ is the meat of the project. It contains the code for the scanning, data structure detection, and everything else.

XenoScanLua

_ XenoScanLua _ ties _ XenoScanEngine _ to _ XenoLua _ to provide a Lua-scriptable frontend for the scanner. Currently, this is the only entry-point to the scanner.

Additionally, this project contains some test code that ensures everything is working properly. A test is a combination of a .cpp , a .h , and a .lua file. For examples on how to use the scanner, you can check out the .lua test files.

Compiling

_ XenoScan _ uses _ CMake _ , and has been tested with Visual Studio 2017. In theory, you should be able to build the code with any modernish compiler, as long as you use CMake to generate the project files. Before you can compile, you will need to make sure you’ve checked out the submodules. Once that’s done, you’ll also have to build the _ luajit _ submodule so _ XenoScan _ can link against the libraries.

If you’re using Visual Studio, this should be easy. Simply run buildmsvc2017.bat from a _ Developer Command Prompt for VS _ . As an example, to build a project for _ Visual Studio 2017 _ , I run

cd C:\path\to\XenoScan
buildmsvc2017.bat

Which would make a file named XenoScan.sln appear in my build directory (e.g. C:\path\to\XenoScan\build ).

The main development of XenoScan is done on this version of Visual Studio.

If you’re on another system or using another compiler or IDE, you’ll have to build _ luajit _ on your own and run _ CMake _ manually.

Platform

The code is designed to be platform-agnostic. Theoretically, to compile on any other platform, you would need to

Create project/make files for your target IDE/compiler.
Remove the ScannerTargetWindows.cpp and ScannerTargetWindows.h files from the project.
Implement the ScannerTarget interface for your platform.
Add your implementation to the project.
???? _ profit _

Features

Basic scanning functionality supports the following types:

Integral types*:
- int8_t
- uint8_t
- int16_t
- uint16_t
- int32_t
- uint32_t
- int64_t
- uint64_t
float
double
ascii strings
wide strings
Custom data structures (think C++ struct )
- Can consist of any combination integral and decimal types
_ Lua frontend may choke on 64-bit integers, but the scanner library supports them. _

Scanning supports the following types of matching:

Equal to
Greater than
Greater than or equal to
Less than
Less than or equal to
Ranges ( min <= check <= max )

Additionally, there is functionality to detect all instances of the following types:

std::map
std::list
Any class with a virtual-function table

JSON Vulners Source

Initial Source

{"id": "N0WHERE:172910", "bulletinFamily": "tools", "title": "Open source memory scanner written in C++: XenoScan", "description": "_ XenoScan _ is a memory scanner which can be used to scan the memory of processes to locate the specific locations of important values. These types of tools are typically used when hacking video games, as they allow one to locate the values representing the game\u2019s state in memory. \n\n_ XenoScan _ is written in C++ with a Lua frontend, and I\u2019ve been working on advanced functionality that goes beyond anything that has been in any other memory scanners I\u2019ve seen. Notably, it has a way to enumerate and return all complex data structures (such as std::list and std::map) in the target\u2019s memory space, and it can even scan for any class instances and group the discovered instances by their underlying types. \n\n## Sub-projects \n\n* * *\n\n### XenoLua \n\n_ XenoLua _ is a wrapper around Lua that provides a ton of functionality. Most notably, it provides a ` LuaVariant ` class which wraps the functionality of converting between ` C ` / ` C++ ` and ` Lua ` types. Additionally, it has helper functions for working with Lua in the ` LuaPrimitive ` class. \n\n### XenoScanEngine \n\n_ XenoScanEngine _ is the meat of the project. It contains the code for the scanning, data structure detection, and everything else. \n\n### XenoScanLua \n\n_ XenoScanLua _ ties _ XenoScanEngine _ to _ XenoLua _ to provide a Lua-scriptable frontend for the scanner. Currently, this is the only entry-point to the scanner. \n\nAdditionally, this project contains some test code that ensures everything is working properly. A test is a combination of a ` .cpp ` , a ` .h ` , and a ` .lua ` file. For examples on how to use the scanner, you can check out the ` .lua ` test files. \n\n## Compiling \n\n_ XenoScan _ uses _ CMake _ , and has been tested with Visual Studio 2017. In theory, you should be able to build the code with any modernish compiler, as long as you use CMake to generate the project files. Before you can compile, you will need to make sure you\u2019ve checked out the submodules. Once that\u2019s done, you\u2019ll also have to build the _ luajit _ submodule so _ XenoScan _ can link against the libraries. \n\nIf you\u2019re using Visual Studio, this should be easy. Simply run ` buildmsvc2017.bat ` from a _ Developer Command Prompt for VS _ . As an example, to build a project for _ Visual Studio 2017 _ , I run \n \n \n cd C:\\path\\to\\XenoScan\r\n buildmsvc2017.bat\r\n \n\nWhich would make a file named ` XenoScan.sln ` appear in my ` build ` directory (e.g. ` C:\\path\\to\\XenoScan\\build ` ). \n\nThe main development of XenoScan is done on this version of Visual Studio. \n\nIf you\u2019re on another system or using another compiler or IDE, you\u2019ll have to [ build _ luajit _ on your own ](<http://luajit.org/install.html>) and run _ CMake _ manually. \n\n## Platform \n\nThe code is designed to be platform-agnostic. Theoretically, to compile on any other platform, you would need to \n\n 1. Create project/make files for your target IDE/compiler. \n 2. Remove the ` ScannerTargetWindows.cpp ` and ` ScannerTargetWindows.h ` files from the project. \n 3. Implement the ` ScannerTarget ` interface for your platform. \n 4. Add your implementation to the project. \n 5. ???? _ profit _\n\n## Features \n\n* * *\n\n** Basic scanning functionality supports the following types: **\n\n * Integral types*: \n * ` int8_t `\n * ` uint8_t `\n * ` int16_t `\n * ` uint16_t `\n * ` int32_t `\n * ` uint32_t `\n * ` int64_t `\n * ` uint64_t `\n * ` float `\n * ` double `\n * ascii strings \n * wide strings \n * Custom data structures (think ` C++ ` ` struct ` ) \n * Can consist of any combination integral and decimal types \n\n* _ Lua frontend may choke on 64-bit integers, but the scanner library supports them. _\n\n** Scanning supports the following types of matching: **\n\n * Equal to \n * Greater than \n * Greater than or equal to \n * Less than \n * Less than or equal to \n * Ranges ( ` min <= check <= max ` ) \n\n** Additionally, there is functionality to detect all instances of the following types: **\n\n * ` std::map `\n * ` std::list `\n * Any class with a virtual-function table \n\n[ ![ Open source memory scanner written in C++: XenoScan Download](https://d21ic6tdqjqnyw.cloudfront.net/wp-content/uploads/2016/05/08082805/Download3-1024x154.png) ](<https://github.com/nickcano/XenoScan>)\n", "published": "2018-08-21T18:36:14", "modified": "2018-08-21T18:36:14", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://n0where.net/open-source-memory-scanner-written-in-c-xenoscan", "reporter": "N0where", "references": ["https://github.com/nickcano/XenoScan"], "cvelist": [], "type": "n0where", "lastseen": "2019-03-06T01:51:20", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [], "modified": "2019-03-06T01:51:20", "rev": 2}, "score": {"value": 0.3, "vector": "NONE", "modified": "2019-03-06T01:51:20", "rev": 2}, "vulnersScore": 0.3}, "toolHref": "https://github.com/nickcano/XenoScan", "scheme": null}