Skip to content
View in the app

A better way to browse. Learn more.
DecodeHub - Reverse Engineering, Crackmes, Software & Coding

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Metin2 Rascal+Ninjeye+Bear+CShield Bypass Aktif (Ban kaldırma + Sınırsız client + Hile kullanabilir + Cheat Engine Ve Benzeri Araçları Açabilirsiniz).Satın Almak İçin TIKLA

[TOOL] MemReaper - Advanced Live Memory Scanner & Scylla-Killer & IAT Fix 1.0.0

(0 reviews)

By B13

1 Screenshot

I'm dropping MemReaper today. It's a live memory forensics and payload extraction tool I wrote in C++ (ImGui/DX11).

Instead of just dumping raw bytes and hoping for the best, MemReaper extracts the payload directly from live memory and reconstructs the IAT on the fly.

⚙️ Core Features & Tech Breakdown

  • Scylla-Killer (Auto IAT Rebuilder): Rebuilds the Import Address Table directly from RAM. It sanitizes the DataDirectory (clears BaseReloc and Bound Imports) and fixes Raw/Virtual sizes. If the protector uses header stomping (e.g., wiping the DOS/NT headers in memory), MemReaper dynamically pulls the original headers from the physical file on disk and stitches them back onto the memory-dumped payload.

  • Live Memory Foraging: Scans MEM_COMMIT regions using VirtualQueryEx. It actively hunts for unlinked/hidden modules (orphaned MZ signatures) and raw shellcode cavities. If it finds a mapped region with suspicious execution traits but no valid header, it dumps the raw .bin and automatically extracts strings for quick analysis.

  • EDR Hook Restoration (Lazarus Engine): Checks ntdll.dll for 0xE9 (JMP) or 0xC3 (RET) inline hooks on critical syscalls (NtReadVirtualMemory, NtProtectVirtualMemory, EtwEventWrite, etc.). If it detects that the APIs are blinded, it reads the clean bytes and forces a restore via VirtualProtectEx to bypass user-land telemetry.

  • Rogue Thread & Hollowing Detection: Uses undocumented NTDLL APIs (NtQueryInformationThread -> ThreadQuerySetWin32StartAddress) to spot threads running from unbacked memory (bypassing EnumProcessModules). It also flags process hollowing by tracking child PID spawning anomalies.

  • Built-in Hex Dump: A fast, interactive Hex/ASCII viewer for live memory addresses and dumped .bin files directly in the UI.

🚀 Quick Usage

  1. Run MemReaper.exe as Admin (strictly required for ReadProcessMemory / VirtualQueryEx).

  2. Click BROWSE FILE to select your target (.exe or .dll).

  3. Check the Static Profile (Imphash, Packer Score, anomalies).

  4. Click REAP TARGET (SUSPENDED) to spawn the process frozen.

  5. Hit RESUME to let the packer do its unpacking job in RAM.

  6. Once unpacked, click BUILD FINAL EXE to dump the clean, IAT-fixed executable.

📸 Screenshots

0OxFzMK.png

pIjTfjR.png

lPIYRR9.png

Enjoy the tool, and let me know if you run into any bugs or have feature requests!

[Hidden Content]

What's New in Version 1.0.0

Released

No changelog available for this version.
  • Like 3
Previous File ChatBoost Pro - RAM & UI Optimization Engine for AI Workflows (ChatGPT, Claude, Gemini, DeepSeek)

User Feedback

You may only provide a review once you have downloaded the file.

There are no reviews to display.

Important Information

Terms of Use

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.