From c7dc3ed7e823524089703ba75de02340a92136ce Mon Sep 17 00:00:00 2001 From: Abdul Moez <72302783+Anonym0usWork1221@users.noreply.github.com> Date: Fri, 2 Jun 2023 22:56:32 +0500 Subject: [PATCH] Update README.md --- README.md | 432 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 430 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b2137a1..c9ccbb1 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,430 @@ -# C-Android-Memory-Tool -Android Memory Access at Runtime: Reading and Writing Using Memory Files and Maps +C-Android-Memory-Tool +==== +[![GitHub stars](https://img.shields.io/github/stars/Anonym0usWork1221/C-Android-Memory-Tool.svg)](https://github.com/Anonym0usWork1221/C-Android-Memory-Tool/stargazers) +[![GitHub forks](https://img.shields.io/github/forks/Anonym0usWork1221/C-Android-Memory-Tool.svg)](https://github.com/Anonym0usWork1221/C-Android-Memory-Tool/network/members) +[![GitHub issues](https://img.shields.io/github/issues/Anonym0usWork1221/C-Android-Memory-Tool.svg)](https://github.com/Anonym0usWork1221/C-Android-Memory-Tool/issues) +[![GitHub watchers](https://img.shields.io/github/watchers/Anonym0usWork1221/C-Android-Memory-Tool.svg)](https://github.com/Anonym0usWork1221/C-Android-Memory-Tool/watchers) +[![Python](https://img.shields.io/badge/language-cpp-blue.svg)](https://www.python.org) +[![GPT_LICENSE](https://img.shields.io/badge/license-MIT-red.svg)](https://opensource.org/licenses/) +![code size](https://img.shields.io/github/languages/code-size/Anonym0usWork1221/C-Android-Memory-Tool) + +----------- + +The MemoryTool is a C++ tool that provides functionality for reading and writing memory in a target process. It allows you to search for specific values in memory, modify memory addresses, freeze and unfreeze memory values, and perform various system-related operations. This documentation provides an overview of the tool's functionality, along with code snippets to demonstrate how to use each feature. + +# Introduction +I don't know who initially wrote this memory tool. I have put in a lot of effort to correct non-working functions, fix errors, optimize the code, add proper documentation, and implement proper object-oriented programming structures to ensure the smooth running of the script. I have also added new functions. + +Please note that this tool only works for rooted devices as the non-rooted (virtual environment) functionality has not been implemented yet. + +If you encounter any non-working functions, please open an issue and report it. + +* Date : 2023/06/02 +* Author : **__Abdul Moez__** +* Version : 0.1 +* Study : UnderGraduate in GCU Lahore, Pakistan +* Repository : https://github.com/Anonym0usWork1221/C-Android-Memory-Tool +* Documentation: Starts From Below + +# Samples +``main.cpp`` is the sample file to run the MemoryTool +### main.cpp File Explanation +The sample code provided demonstrates the usage of the memory tool. Let's go through it step by step: + +```cpp +#include +#include "MemoryTools.h" + +int main(int argc, char *argv[]) { + initXMemoryTools( + /*process name*/ + "com.tencent.ig", + /*mode root/no root*/ + MODE_ROOT + /*MODE_NO_ROOT - for no root*/ + ); +``` + +The code includes necessary headers and initializes the memory tool by calling initXMemoryTools(). It takes two parameters: the process name (in this case, "com.tencent.ig") and the mode ("MODE_ROOT" for rooted devices). + +```cpp + SetSearchRange(ALL); +``` +The SetSearchRange() function sets the search range for memory operations. In this case, it is set to "ALL," which means searching in all memory ranges. + +```cpp + MemorySearch("1", TYPE_BYTE); +``` +The MemorySearch() function is used to search for a specific value in memory. In this example, it searches for the value "1" of type TYPE_BYTE. + +```cpp + MemoryOffset("2", 2,/*offset*/ TYPE_BYTE); +``` +The MemoryOffset() function is used to search for a specific value at an offset from a base address. It searches for the value "2" of type TYPE_BYTE with an offset of 2. + +```cpp + MemoryWrite("0", 2,/*offset*/ TYPE_BYTE); +``` +The MemoryWrite() function is used to write a value to a specific memory address. In this example, it writes the value "0" of type TYPE_BYTE with an offset of 2. + +```cpp + ClearResults(); +``` +The ClearResults() function clears the linked list of results and frees up memory. +```cpp + return 0; +} +``` +The program ends and returns 0. + +---- +# Start of Memory Tool Documentation + +## Table of Contents +1. Data Structures +2. Initialization +3. Reading Memory +4. Searching Memory +5. Writing Memory +6. Freezing Memory +7. System Operations +8. Utility Functions + +## 1. Data Structures +The MemoryTool tool uses the following data structures: + +### MAPS +```cpp +struct MAPS { + long int addr; + long int taddr; + int type; + struct MAPS *next; +}; +``` + +* addr: The memory address. +* taddr: The target address. +* type: The type of memory. +* next: Pointer to the next MAPS structure. + +### RESULT +```cpp +struct RESULT { + long int addr; + struct RESULT *next; +}; +``` + +* addr: The memory address. +* next: Pointer to the next RESULT structure. + +### FREEZE +```cpp +struct FREEZE { + long int addr; // address + char *value; // value + int type; // type + struct FREEZE *next; // pointer to the next node +}; +``` + +* addr: The memory address. +* value: The value at the memory address. +* type: The type of memory. +* next: Pointer to the next FREEZE structure. + +## 2. Initialization +To use the MemoryTool, you need to create an instance of the MemoryTool class. Here's how to initialize the tool: + +```cpp +MemoryTool memTool; +``` + +## 3. Reading Memory +The MemoryTool provides functions to read memory from the target process. The following functions are available: + +### Read Maps File +```cpp +PMAPS readmaps(int pid); +``` +* pid: The process ID of the target process. +* Returns a linked list of MAPS structures containing information about the memory mappings in the target process. + +### Read All Memory Maps +```cpp +PMAPS readmaps_all(); +``` +* Returns a linked list of MAPS structures for all memory mappings in the target process. + +### Read Specific Memory Maps +```cpp +PMAPS readmaps_bad(); +PMAPS readmaps_c_alloc(); +PMAPS readmaps_c_bss(); +PMAPS readmaps_c_data(); +PMAPS readmaps_c_heap(); +PMAPS readmaps_java_heap(); +PMAPS readmaps_a_anonmyous(); +PMAPS readmaps_code_system(); +PMAPS readmaps_stack(); +PMAPS readmaps_ashmem(); +``` + +* Returns a linked list of MAPS structures for specific memory mappings in the target process. Each function corresponds to a specific memory range or type. + +## 4. Searching Memory +The MemoryTool allows you to search for specific values in the memory of the target process. You can search for values within a specific range or across the entire memory. The following functions are available for memory search: + +### Base Address Search +```cpp +void BaseAddressSearch(char* value, int type, long int address); +``` +* value: The value to search for. +* type: The type of memory to search for (see type enum for options). +* address: The base address to start the search from. + +### Range Memory Search +```cpp +void RangeMemorySearch(char* value, char* range, int type); +``` +* value: The value to search for. +* range: The memory range to search in (see Range enum for options). +* type: The type of memory to search for (see type enum for options). + +### Memory Search +```cpp +void MemorySearch(char* value, int type); +``` +* value: The value to search for. +* type: The type of memory to search for (see type enum for options). + +### Memory Offset Search +```cpp +void MemoryOffset(char* value, long int offset, int type); +``` + +* value: The value to search for. +* offset: The offset from the base address to search. +* type: The type of memory to search for (see type enum for options). + +### Range Memory Offset Search +```cpp +void RangeMemoryOffset(char* value, char* range, long int offset, int type); +``` +* value: The value to search for. +* range: The memory range to search in (see Range enum for options). +* offset: The offset from the base address to search. +* type: The type of memory to search for (see type enum for options). + +## 5. Writing Memory +The MemoryTool allows you to write values to memory addresses in the target process. The following functions are available for memory write: + +### Memory Write +```cpp +void MemoryWrite(char* value, long int address, int type); +``` +* value: The value to write to memory. +* address: The memory address to write the value to. +* type: The type of memory to write to (see type enum for options). +### Write Address +```cpp +int WriteAddress(long int address, char* value, int type); +``` +* address: The memory address to write the value to. +* value: The value to write to memory. +* type: The type of memory to write to (see type enum for options). +* Returns 1 if the write operation is successful, 0 otherwise. + +## 6. Freezing Memory +The MemoryTool allows you to freeze and unfreeze memory values in the target process. The freezing feature allows you to keep a memory value constant while the target process is running. The following functions are available for freezing memory: + +### Start Freezing +```cpp +int StartFreeze(); +``` +* Starts the freezing process. + +### Stop Freezing +```cpp +int StopFreeze(); +``` +* Stops the freezing process. + +### Set Freeze Delay +```cpp +int SetFreezeDelay(long int delay); +``` + +* delay: The delay in microseconds between each freeze operation. +* Sets the delay between each freeze operation. + +### Add Freeze Item +```cpp +int AddFreezeItem(long int address, char* value, int type, long int offset = 0); +``` +* address: The memory address to freeze. +* value: The value to freeze. +* type: The type of memory to freeze (see type enum for options). +* offset: The offset from the base address to freeze (optional, default is 0). +* Adds a memory address and its frozen value to the freeze list. + +### Remove Freeze Item +```cpp +int RemoveFreezeItem(long int address); +``` +* address: The memory address to remove from the freeze list. +* Removes a memory address from the freeze list. + +### Remove All Freeze Items +```cpp +int RemoveFreezeItem_All(); +``` +* Removes all memory addresses from the freeze list. + +### Print Freeze Items +```cpp +int PrintFreezeItems(); +``` +* Prints the current freeze list. + +## 7. Getting Memory Values +The MemoryTool allows you to retrieve the values from memory addresses in the target process. The following functions are available for getting memory values: + +### Get Address Value +```cpp +char* GetAddressValue(ADDRESS address, int type); +``` + +* address: The memory address to retrieve the value from. +* type: The type of memory value to retrieve (see type enum for options). +* Returns a character pointer containing the retrieved memory value. +### Get Address Value DWORD +```cpp +DWORD GetAddressValue_DWORD(ADDRESS address); +``` +* address: The memory address to retrieve the DWORD value from. +* Returns the retrieved DWORD value. + +### Get Address Value FLOAT +```cpp +FLOAT GetAddressValue_FLOAT(ADDRESS address); +``` + +* address: The memory address to retrieve the FLOAT value from. +* Returns the retrieved FLOAT value. + +### Get Address Value DOUBLE +```cpp +DOUBLE GetAddressValue_DOUBLE(ADDRESS address); +``` +* address: The memory address to retrieve the DOUBLE value from. +* Returns the retrieved DOUBLE value. + +### Get Address Value WORD +```cpp +WORD GetAddressValue_WORD(ADDRESS address); +``` +* address: The memory address to retrieve the WORD value from. +* Returns the retrieved WORD value. + +### Get Address Value BYTE +```cpp +BYTE GetAddressValue_BYTE(ADDRESS address); +``` +* address: The memory address to retrieve the BYTE value from. +* Returns the retrieved BYTE value. + +### Get Address Value QWORD +```cpp +QWORD GetAddressValue_QWORD(ADDRESS address); +``` +* address: The memory address to retrieve the QWORD value from. +* Returns the retrieved QWORD value. + +## 8. Miscellaneous Functions +The MemoryTool provides additional miscellaneous functions for interacting with the target process: + +### Get Result Count +```cpp +int GetResultCount(); +``` +* Returns the number of search results found. + +### Print Results +```cpp +void PrintResults(); +``` +* Prints the contents of the search results. + +### Clear Results +```cpp +void ClearResults(); +``` +* Clears the search results and frees up memory. + +### Clear Maps +```cpp +void ClearMaps(PMAPS maps); +``` +* maps: The pointer to the maps data structure to be cleared. +* Clears the maps data structure and frees up memory. + +### Get Results +```cpp +PMAPS GetResults(); +``` + +* Returns the pointer to the head of the search results. + +### Get PID +```cpp +int getPID(char package[64]); +``` + +* package: The package name of the target process. +* Returns the process ID (PID) of the target process. +### Get Process State +```cpp +char GetProcessState(char* package); +``` +* package: The package name of the target process. +* Returns the state of the target process. +### isapkinstalled +```cpp +int isapkinstalled(char* package); +``` +* package: The package name of the app. +* Checks if the specified app is installed. + +### isapkrunning +```cpp +int isapkrunning(char* package); +``` +* package: The package name of the app. +* Checks if the specified app is running. + +### killprocess +```cpp +int killprocess(char* package); +``` +* package: The package name of the process to kill. +* Kills the specified process. + + +# Contributor + + + + + + +Assistance +---------- +If you need assistance, you can ask for help on my mailing list: + +* Email : abdulmoez123456789@gmail.com + +I also created a Discord group: + +* Server : https://discord.gg/RMNcqzmt9f