Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

OPSphystech420/CGuardProbe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

40 Commits

Repository files navigation

CGuardProbe Memory Scanner and Manipulator

Overview

Memory engine and scanner designed for iOS and macOS platforms that leverages the Mach API to perform memory scanning and manipulation tasks. It offers capability to scan, search, read, write, allocate, deallocate memory in a target process, providing powerful tools for debugging, reverse engineering, or enhancing the capabilities of applications through dynamic memory analysis.

New update!

Requirements

  • macOS/iOS
  • Mach API && Mach-O
  • c++1x
  • #include "CGuardMemory/CGPMemory.h"

What's new

Added functions

  • ChangeMemoryProtection
  • VMTHook
  • RebindSymbol
  • RebindSymbols
  • RemapLibrary
  • ParseIDAPattern
  • ScanPattern
  • ScanIDAPattern

Features

AddrRange SearchRange = (AddrRange){0x100000000, 0x300000000};
static vector<void*> Addr;

Initialize the memory engine with the task port of the target process

CGPMemoryEngine Engine = CGPMemoryEngine(mach_task_self());

Get base address by simply passing lib name into this function

uintptr_t ImageBase = Engine.GetImageBase("MainLib");
  • Memory Scanning and Searching: Search memory regions for specific patterns or data, use CGP search types.
// Scan float value
float Search = 3566.004f;
Engine.CGPScanMemory(SearchRange, &Search, CGP_Search_Type_Float);
// Search nearby
float SearchNearby = 0.267f;
Engine.CGPNearBySearch(0x100, &SearchNearby, CGP_Search_Type_Float);
// Get all values
Addr = Engine.GetAllResults();

// Scan int value
int Search = 728949301;
Engine.CGPScanMemory(SearchRange, &Search, CGP_Search_Type_SInt);
// Get 40 values
Addr = Engine.GetResults(40);
  • Reading/Writing Memory: Directly read from or write to specific memory addresses.
// Write to address
long WriteAddress = 0x1abc;
char newData[] = {0x01, 0x02, 0x03, 0x04};
Engine.CGPWriteMemory(WriteAddress, newData, sizeof(newData));

// Scan and Write
double ChangeValue = 12.5249042791403535;

// Scan double value
if (Addr.size() == 0) {
double Search = 12.6664287277627762;
Engine.CGPScanMemory(SearchRange, &Search, CGP_Search_Type_Double);
// Get 80 values
Addr = Engine.GetResults(80);
}

// Write to address
for (int i = 0; i < Addr.size(); i++) {
Engine.CGPWriteMemory((long)Addr[i], &ChangeValue, CGP_Search_Type_Double);
}

// Read
unsigned long long readAddress = 0x1abc;
size_t dataLength = 4;

void* data = Engine.CGPReadMemory(readAddress, dataLength);
if (data) {
// Process data
free(data);
}
  • Memory Allocation/Deallocation: Manage memory dynamically within a target process.
size_t allocSize = 1024; // size of memory to allocate
void* allocatedMemory = Engine.CGPAllocateMemory(allocSize);

// use allocated memory...

memoryEngine.CGPDeallocateMemory(allocatedMemory, allocSize);
  • Memory Protection: Modify the protection attributes of memory regions.
void* protectAddress = allocatedMemory; // previously allocated memory
size_t protectSize = 1024;
Engine.CGPProtectMemory(protectAddress, protectSize, VM_PROT_READ | VM_PROT_WRITE);
  • Address Querying: Retrieve detailed information about memory regions.
kern_return_t kr = Engine.CGPQueryMemory(address, &size, &protection, &inheritance);

Contributing

You are welcome to change and do whatever you want with this code

About

Memory Engine and Scanner for iOS/MacOS using Mach API

Topics

Resources

Readme

License

View license

Stars

Watchers

Forks

Packages

No packages published