A comprehensive memory scanning library

Overview

scanflow

Crates.io Crates.io API Docs Build and test MIT licensed

A comprehensive memory scanning library

scanflow boasts a feature set similar to the likes of CheatEngine, with a simple command line interface. Utilizing memflow, scanflow works in a wide range of situations - from virtual machines, to dedicated DMA hardware. While it's focused around the CLI, it can also be used as a standalone library, easy to integrate to other memflow projects. With performance being at its forefront, scanflow should be able to achieve revolutionary memory scan speeds.

Setting up

  1. Install the CLI:
cargo install scanflow-cli
  1. Optionally enable ptrace for the binary (for use with qemu):
sudo setcap 'CAP_SYS_PTRACE=ep' ~/.cargo/bin/scanflow-cli
  1. Set up connectors using memflowup

  2. Enjoy:

scanflow-cli -c qemu_procfs -p svchost.exe

Background

This tool came to be as a result of my YouTube series detailing memflow and various memory scanning techniques. If you wish to learn more, check out the memflow-applied playlist.

memflow-applied repo is also available with snapshots of different stages of development.

You might also like...
Common vulnerability scanning on steroids ☄️

Hogg 🐽 An experimental passive website scanner. Hogg acts as a proxy between you and your DNS server and scans every website you visit for common vul

A nushell plugin for scanning ports on a target.

nu_plugin_port_scan A nushell plugin for scanning ports on a target Similar to nc -vz {ip} {port} -w {timeout} the parameters are mapped to port scan

Wrapper over MMTk to simplify integration with runtimes: thread management system, object header, root scanning

vmkit A library which provides bunch of building blocks to make a VM in Rust. Feautures MMTK integration out of the box Thread management provided by

Comprehensive DSP graph and synthesis library for developing a modular synthesizer in Rust, such as HexoSynth.

HexoDSP - Comprehensive DSP graph and synthesis library for developing a modular synthesizer in Rust, such as HexoSynth. This project contains the com

`fugit` provides a comprehensive library of `Duration` and `Instant` for the handling of time in embedded systems, doing all it can at compile time.

fugit fugit provides a comprehensive library of Duration and Instant for the handling of time in embedded systems, doing all it can at compile time. T

A Comprehensive Web Fuzzer and Content Discovery Tool

rustbuster A Comprehensive Web Fuzzer and Content Discovery Tool Introduction Check the blog post: Introducing Rustbuster — A Comprehensive Web Fuzzer

AI-TOML Workflow Specification (aiTWS), a comprehensive and flexible specification for defining arbitrary Ai centric workflows.

AI-TOML Workflow Specification (aiTWS) The AI-TOML Workflow Specification (aiTWS) is a flexible and extensible specification for defining arbitrary wo

A comprehensive collection of resources and learning materials for Rust programming, empowering developers to explore and master the modern, safe, and blazingly fast language.

🦀 Awesome Rust Lang ⛰️ Project Description : Welcome to the Awesome Rust Lang repository! This is a comprehensive collection of resources for Rust, a

A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.
A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.

FREE Reverse Engineering Self-Study Course HERE Hacking Rust A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32

Master Rust programming with this comprehensive roadmap

🚀 Master Rust programming with this comprehensive roadmap! Explore fundamental and advanced concepts, code examples, and resources.

memory-profiler — A memory profiler for Linux
memory-profiler — A memory profiler for Linux

A memory profiler for Linux Features Can be used to analyze memory leaks, see where exactly the memory is being consumed, identify temporary allocatio

Custom memory allocator that helps discover reads from uninitialized memory

libdiffuzz: security-oriented alternative to Memory Sanitizer This is a drop-in replacement for OS memory allocator that can be used to detect uses of

Custom memory allocator that helps discover reads from uninitialized memory

libdiffuzz: security-oriented alternative to Memory Sanitizer This is a drop-in replacement for OS memory allocator that can be used to detect uses of

Shared memory - A Rust wrapper around native shared memory for Linux and Windows

shared_memory A crate that allows you to share memory between processes. This crate provides lightweight wrappers around shared memory APIs in an OS a

RedisLess is a fast, lightweight, embedded and scalable in-memory Key/Value store library compatible with the Redis API.

RedisLess is a fast, lightweight, embedded and scalable in-memory Key/Value store library compatible with the Redis API.

Key-Value based in-memory cache library which supports Custom Expiration Policies

Endorphin Key-Value based in-memory cache library which supports Custom Expiration Policies with standard HashMap, HashSet interface. use endorphin::H

Cross-platform library for reading/writing memory in other processes for Rust

vmemory Rust library for reading/writing memory in other processes for Windows, macOS, Linux, and in the future potentially, BSD variants. Rationale A

A rust library that makes reading and writing memory of the Dolphin emulator easier.

dolphin-memory-rs A crate for reading from and writing to the emulated memory of Dolphin in rust. A lot of internals here are directly based on aldela

Rust library to interract with memory written in rust

memory-rs Rust library to interract with memory written in rust It comes with: Pattern scanner (Return address for a pattern given). A pattern example

Comments
  •  scanflow-cli | oslayer: configuration error | qemu

    scanflow-cli | oslayer: configuration error | qemu

    Followed README.md instructions. Ran: scanflow-cli --os win32 svchost.exe

    07:47:05 [ERROR] oslayer: configuration error (Must provide memory!)
    07:47:05 [ERROR] oslayer: configuration error
    Error: Error(OsLayer, Configuration)
    
    > memflowup list
    Available packages:
    0. memflow-ffi - Library ()
    1. memflow-win32 - CorePlugin (dev/git)
    2. memflow-native - CorePlugin (dev/git)
    3. memflow-qemu - CorePlugin (dev/git)
    4. memflow-coredump - CorePlugin (stable/git, dev/git)
    5. memflow-kcore - CorePlugin (dev/git)
    6. memflow-pcileech - CorePlugin (dev/git)
    7. memflow-kvm - CorePlugin (dev/git)
    
    invalid 
    opened by codecnotsupported 2
  • Commands need additional explaination.

    Commands need additional explaination.

    I haven't read scanflow's code, but I'm confused how to use certain commands. Is it all explained in the memflow applied playlist?

    What I could gather.

    Self explanatory:

    quit q: quit the CLI help h: show this help reset r: reset all context state

    add a: manually add an address to matches remove rm: remove match by index print p: print found matches after initial scan

    Needs additional info

    write wr: write values to select matches. Arguments: {idx/*} {o/c} {value}

    • {idx/*}
      • idx: Write to the search match idx.
      • *: Write to the all search matches. (I'd prefer all as oppose to *)
    • {o/c}
      • o: No clue
      • c: No clue
    • value: Self explainitory

    reinterpret ri: reinterpret matches as another type. Usage: {{type}} ({{unsized len}})

    • {{type}}
      • Target recast type: str, str_utf16, i8, u8, i16, u16, i32, u32, i64, u64, i128, u128, f32, f64
    • ({{unsized len}})
      • Optional: Size of the type, Applicable to str and str_utf16
    • NOTE: Why the double {{}} brackets?

    globals g: find all global variables referenced by code

    • No idea how to use.
    • What the use of it is.

    sigmaker s: build a pointer map. args: {addr}

    • No idea how to use.

    offset_scan os: scan for offsets to matches. Arguments: {y/[n]} {lower range} {upper range} {max depth} ({filter})

    • {y/[n]}
      • y/n??
      • Default = n
    • {lower range}
      • scan result ptr - lower range = lower range
    • {upper range}
      • scan result ptr - upper range = upper range
    • {max depth}
      • Derefence pointers? And scan those?
    • ({filter})
      • Optional: A Filter??

    pointer_map pm: build a pointer map

    • No idea how to use. ( I know what a pointer map is )
    • Note: This caused a BSOD: watchdog timeout in the VM, further causing a unresponsive host system, sysrq-reboot still worked, this will probably work with other (not qemu) connectors.
      • Might be caused due to improper usage.
    opened by codecnotsupported 1
Owner
memflow
memflow
Rust library to interract with memory written in rust

memory-rs Rust library to interract with memory written in rust It comes with: Pattern scanner (Return address for a pattern given). A pattern example

Alex 1 Jan 13, 2022
bevy_datasize is a library for tracking memory usage in Bevy apps.

bevy_datasize bevy_datasize is a library for tracking memory usage in Bevy apps. bevy_datasize uses the DataSize trait from the datasize crate to esti

Ben Reeves 4 Mar 8, 2022
Memory hacking library for windows

Memory hacking library for windows

Sara Wahib 4 Apr 11, 2022
memory-mapped registers for x86_64 systems

regmap some well-known and known-to-be-good computer architectures, such as the Microchip PIC product line, or many of the AVR processor family, were

iximeow 31 Dec 6, 2022
MiniDump a process in memory with rust

safetydump Rust in-memory MiniDump implementation. Features ntdll!NtGetNextProcess to obtain a handle for the desired ProcessId as opposed to kernel32

null 26 Oct 11, 2022
In-memory, non stateful and session based code sharing application.

interviewer In-memory, non stateful and session based code sharing application. Test it here: interviewer.taras.lol Note: it's deployed to render auto

2pac 7 Aug 16, 2021
A cross-platform and safe Rust API to create and manage memory mappings in the virtual address space of the calling process.

mmap-rs A cross-platform and safe Rust API to create and manage memory mappings in the virtual address space of the calling process. This crate can be

S.J.R. van Schaik 19 Oct 23, 2022
A memory efficient syntax tree for language developers

This crate provides a tree structure which always is contiguously stored and manipulated in memory. It provides similar APIs as rowan and is intended to be an efficient replacement for it (read more below).

John-John Tedro 21 Dec 15, 2022
Compile-time checked Builder pattern derive macro with zero-memory overhead

Compile-time checked Builder pattern derive macro with zero-memory overhead This is very much a work-in-progress. PRs welcome to bring this to product

Esteban Kuber 214 Dec 29, 2022
A lightweight platform-accelerated library for biological motif scanning using position weight matrices.

?? ?? lightmotif A lightweight platform-accelerated library for biological motif scanning using position weight matrices. ??️ Overview Motif scanning

Martin Larralde 16 May 4, 2023