/C-Android-Memory-Tool

Android Memory Access at Runtime: Reading and Writing Using Memory Files and Maps

Primary LanguageC++MIT LicenseMIT

C-Android-Memory-Tool

GitHub stars GitHub forks GitHub issues GitHub watchers Python GPT_LICENSE code size


The MemoryTool is a C++ tool that provides functionality for reading and writing memory in a target process. It allows you to search for specific values in memory, modify memory addresses, freeze and unfreeze memory values, and perform various system-related operations. This documentation provides an overview of the tool's functionality, along with code snippets to demonstrate how to use each feature.

Introduction

I don't know who initially wrote this memory tool. I have put in a lot of effort to correct non-working functions, fix errors, optimize the code, add proper documentation, and implement proper object-oriented programming structures to ensure the smooth running of the script. I have also added new functions.

Please note that this tool only works for rooted devices as the non-rooted (virtual environment) functionality has not been implemented yet.

If you encounter any non-working functions, please open an issue and report it.

Samples

main.cpp is the sample file to run the MemoryTool

main.cpp File Explanation

The sample code provided demonstrates the usage of the memory tool. Let's go through it step by step:

#include <iostream>
#include "MemoryTools.h"

int main(int arc, char argv[]) {
	/* 1. Package Name of the game
	2. ROOT_MODE (tells you are using rooted device (not reooted device not implimented yet))
	*/
	char game_package[] = "com.tencent.ig";
	MemoryTool memory_tool;
	memory_tool.initXMemoryTools(game_package, MODE_ROOT);

The code includes necessary headers and initializes the memory tool by calling initXMemoryTools(). It takes two parameters: the process name (in this case, "com.tencent.ig") and the mode ("MODE_ROOT" for rooted devices).

   memory_tool.SetSearchRange(ALL);

The SetSearchRange() function sets the search range for memory operations. In this case, it is set to "ALL," which means searching in all memory ranges.

   memory_tool.MemorySearch("1", TYPE_BYTE);

The MemorySearch() function is used to search for a specific value in memory. In this example, it searches for the value "1" of type TYPE_BYTE.

    memory_tool.MemoryOffset("2", 2, /*offset*/ TYPE_BYTE);

The MemoryOffset() function is used to search for a specific value at an offset from a base address. It searches for the value "2" of type TYPE_BYTE with an offset of 2.

    memory_tool.MemoryWrite("0", 2, /*offset*/ TYPE_BYTE);

The MemoryWrite() function is used to write a value to a specific memory address. In this example, it writes the value "0" of type TYPE_BYTE with an offset of 2.

    memory_tool.ClearResults();

The ClearResults() function clears the linked list of results and frees up memory.

    return 0;
}

The program ends and returns 0.


Start of Memory Tool Documentation

Table of Contents

  1. Data Structures
  2. Initialization
  3. Reading Memory
  4. Searching Memory
  5. Writing Memory
  6. Freezing Memory
  7. System Operations
  8. Utility Functions

1. Data Structures

The MemoryTool tool uses the following data structures:

MAPS

struct MAPS {
    long int addr;
    long int taddr;
    int type;
    struct MAPS *next;
};
  • addr: The memory address.
  • taddr: The target address.
  • type: The type of memory.
  • next: Pointer to the next MAPS structure.

RESULT

struct RESULT {
    long int addr;
    struct RESULT *next;
};
  • addr: The memory address.
  • next: Pointer to the next RESULT structure.

FREEZE

struct FREEZE {
    long int addr; // address
    char *value; // value
    int type; // type
    struct FREEZE *next; // pointer to the next node
};
  • addr: The memory address.
  • value: The value at the memory address.
  • type: The type of memory.
  • next: Pointer to the next FREEZE structure.

2. Initialization

To use the MemoryTool, you need to create an instance of the MemoryTool class. Here's how to initialize the tool:

MemoryTool memTool;

3. Reading Memory

The MemoryTool provides functions to read memory from the target process. The following functions are available:

Read Maps File

PMAPS readmaps(int pid);
  • pid: The process ID of the target process.
  • Returns a linked list of MAPS structures containing information about the memory mappings in the target process.

Read All Memory Maps

PMAPS readmaps_all();
  • Returns a linked list of MAPS structures for all memory mappings in the target process.

Read Specific Memory Maps

PMAPS readmaps_bad();
PMAPS readmaps_c_alloc();
PMAPS readmaps_c_bss();
PMAPS readmaps_c_data();
PMAPS readmaps_c_heap();
PMAPS readmaps_java_heap();
PMAPS readmaps_a_anonmyous();
PMAPS readmaps_code_system();
PMAPS readmaps_stack();
PMAPS readmaps_ashmem();
  • Returns a linked list of MAPS structures for specific memory mappings in the target process. Each function corresponds to a specific memory range or type.

4. Searching Memory

The MemoryTool allows you to search for specific values in the memory of the target process. You can search for values within a specific range or across the entire memory. The following functions are available for memory search:

Base Address Search

void BaseAddressSearch(char* value, int type, long int address);
  • value: The value to search for.
  • type: The type of memory to search for (see type enum for options).
  • address: The base address to start the search from.

Range Memory Search

void RangeMemorySearch(char* value, char* range, int type);
  • value: The value to search for.
  • range: The memory range to search in (see Range enum for options).
  • type: The type of memory to search for (see type enum for options).

Memory Search

void MemorySearch(char* value, int type);
  • value: The value to search for.
  • type: The type of memory to search for (see type enum for options).

Memory Offset Search

void MemoryOffset(char* value, long int offset, int type);
  • value: The value to search for.
  • offset: The offset from the base address to search.
  • type: The type of memory to search for (see type enum for options).

Range Memory Offset Search

void RangeMemoryOffset(char* value, char* range, long int offset, int type);
  • value: The value to search for.
  • range: The memory range to search in (see Range enum for options).
  • offset: The offset from the base address to search.
  • type: The type of memory to search for (see type enum for options).

5. Writing Memory

The MemoryTool allows you to write values to memory addresses in the target process. The following functions are available for memory write:

Memory Write

void MemoryWrite(char* value, long int address, int type);
  • value: The value to write to memory.
  • address: The memory address to write the value to.
  • type: The type of memory to write to (see type enum for options).

Write Address

int WriteAddress(long int address, char* value, int type);
  • address: The memory address to write the value to.
  • value: The value to write to memory.
  • type: The type of memory to write to (see type enum for options).
  • Returns 1 if the write operation is successful, 0 otherwise.

6. Freezing Memory

The MemoryTool allows you to freeze and unfreeze memory values in the target process. The freezing feature allows you to keep a memory value constant while the target process is running. The following functions are available for freezing memory:

Start Freezing

int StartFreeze();
  • Starts the freezing process.

Stop Freezing

int StopFreeze();
  • Stops the freezing process.

Set Freeze Delay

int SetFreezeDelay(long int delay);
  • delay: The delay in microseconds between each freeze operation.
  • Sets the delay between each freeze operation.

Add Freeze Item

int AddFreezeItem(long int address, char* value, int type, long int offset = 0);
  • address: The memory address to freeze.
  • value: The value to freeze.
  • type: The type of memory to freeze (see type enum for options).
  • offset: The offset from the base address to freeze (optional, default is 0).
  • Adds a memory address and its frozen value to the freeze list.

Remove Freeze Item

int RemoveFreezeItem(long int address);
  • address: The memory address to remove from the freeze list.
  • Removes a memory address from the freeze list.

Remove All Freeze Items

int RemoveFreezeItem_All();
  • Removes all memory addresses from the freeze list.

Print Freeze Items

int PrintFreezeItems();
  • Prints the current freeze list.

7. Getting Memory Values

The MemoryTool allows you to retrieve the values from memory addresses in the target process. The following functions are available for getting memory values:

Get Address Value

char* GetAddressValue(ADDRESS address, int type);
  • address: The memory address to retrieve the value from.
  • type: The type of memory value to retrieve (see type enum for options).
  • Returns a character pointer containing the retrieved memory value.

Get Address Value DWORD

DWORD GetAddressValue_DWORD(ADDRESS address);
  • address: The memory address to retrieve the DWORD value from.
  • Returns the retrieved DWORD value.

Get Address Value FLOAT

FLOAT GetAddressValue_FLOAT(ADDRESS address);
  • address: The memory address to retrieve the FLOAT value from.
  • Returns the retrieved FLOAT value.

Get Address Value DOUBLE

DOUBLE GetAddressValue_DOUBLE(ADDRESS address);
  • address: The memory address to retrieve the DOUBLE value from.
  • Returns the retrieved DOUBLE value.

Get Address Value WORD

WORD GetAddressValue_WORD(ADDRESS address);
  • address: The memory address to retrieve the WORD value from.
  • Returns the retrieved WORD value.

Get Address Value BYTE

BYTE GetAddressValue_BYTE(ADDRESS address);
  • address: The memory address to retrieve the BYTE value from.
  • Returns the retrieved BYTE value.

Get Address Value QWORD

QWORD GetAddressValue_QWORD(ADDRESS address);
  • address: The memory address to retrieve the QWORD value from.
  • Returns the retrieved QWORD value.

8. Miscellaneous Functions

The MemoryTool provides additional miscellaneous functions for interacting with the target process:

Get Result Count

int GetResultCount();
  • Returns the number of search results found.

Print Results

void PrintResults();
  • Prints the contents of the search results.

Clear Results

void ClearResults();
  • Clears the search results and frees up memory.

Clear Maps

void ClearMaps(PMAPS maps);
  • maps: The pointer to the maps data structure to be cleared.
  • Clears the maps data structure and frees up memory.

Get Results

PMAPS GetResults();
  • Returns the pointer to the head of the search results.

Get PID

int getPID(char package[64]);
  • package: The package name of the target process.
  • Returns the process ID (PID) of the target process.

Get Process State

char GetProcessState(char* package);
  • package: The package name of the target process.
  • Returns the state of the target process.

isapkinstalled

int isapkinstalled(char* package);
  • package: The package name of the app.
  • Checks if the specified app is installed.

isapkrunning

int isapkrunning(char* package);
  • package: The package name of the app.
  • Checks if the specified app is running.

killprocess

int killprocess(char* package);
  • package: The package name of the process to kill.
  • Kills the specified process.

Contributor

Assistance

If you need assistance, you can ask for help on my mailing list:

I also created a Discord group: