Jan 192016
 

Found a nice tool to grep inside Windows memory made by NCC Group. I use it to get further information about Lynq/Office Communicator. You are able to see the actual presence of an individual (if he really is AFK or if he only set his status to be AFK).

https://github.com/nccgroup/memgrep/releases

C:\Data\NCC\!Code\Git.Public\memgrep\windows\x64\Release>Memgrep.exe -b 20 -a 20 -q -s ninja -x
memgrep - https://www.nccgroup.com/
        - https://github.com/nccgroup/memgrep
[i] Will print 20 bytes before hit
[i] Will print 20 bytes after hit
[i] Using the string 'ninja'
[*] Got unicode hit for ninja at 000000001092A52C in Dwm.exe (3444) page starts at 0000000010890000 [rw   ] - private
0000  70 00 20 00 36 00 30 00  36 00 34 00 20 00 2d 00   p. .6.0. 6.4. .-.
0010  73 00 20 00 6e 00 69 00  6e 00 6a 00 61 00 20 00   s. .n.i. n.j.a. .
0020  2d 00 78 00 00 00 00 00  15 00 00 00 19 00 00 00   -.x..... ........
0030  ce 23         

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)