Pointerscan Analyzer

Download link: Click here

Released on 03 January 2019
Written in C++, Qt, SQLite3

The pointerscan analyzer compares different pointer scan results to find a match between them. For instance if you have two pointer scan results, one result is index 0 of an array and another is index 5 of an array, you will be able to match them together by finding the array base before dereferencing to the index offsets. This can be particularly useful when comparing millions of results against multiple databases.

How to use:
Using the analyzer is simple, first load any sqlite pointerscan results (you can export PTR files to sqlite in the pointerscan summary window). Note that you will only be able to load pointerscans with the same base module (moduleid = 0); for instance you can't compare a result with "client.exe" against "server.exe" but you can compare "app.exe" against "app.exe". After that you can select the depth of dereferencing and if you want to match against all databases. If you decided NOT to match against all databases, this means you only need one match from any other database that you have loaded and NOT all of them.

This is a "standalone" (with loose files) so there are no installers. Simply extract and run the "run.bat" batch script, or go into "bin" and run "dbqt.exe".