Key Capabilities for ScreenSharing:

  • Detailed Process Visualization: Displays a comprehensive list of all running processes, services, drivers, and network connections, often revealing items hidden by the standard Windows Task Manager.

  • Memory Inspection & String Searching: Allows ScreenSharers to examine the virtual memory space allocated to any selected process and perform powerful searches within that memory for specific text strings (using keywords or regular expressions - regex) or binary patterns. This is the core function used to find cheat-related identifiers, loaded module paths, or suspicious commands within process memory.

  • Loaded Modules (DLLs) Information: Shows all the Dynamic Link Libraries (DLLs) loaded by a specific process, which is vital for identifying injected cheats or suspicious libraries.

  • Network Activity Monitoring: Provides real-time information on network connections established by each process, including remote IP addresses and ports, useful for detecting certain types of cheats or C2 communication.

  • Service and Handle Information: Allows inspection of system services, their associated processes (svchost.exe instances), and open handles (e.g., to files or registry keys) held by processes.

  • Kernel Live Dumps: (Advanced) Can create dumps of the kernel memory space for offline analysis.

PreviousProcess Hacker / System Informer: Introduction and ConfigurationNextConfiguration: Enabling Kernel Mode Driver

Last updated