search

javaRedLotus Mod Analyzer

The RedLotus Mod Analyzer tool combines memory scanning, filesystem monitoring, and bytecode analysis to detect mod cheats, unauthorized modifications, and common mod bypass methods.

hashtag
📺 Presentation & Showcase

Mod Analyzer Showcasearrow-up-right

Click the image above to watch the tool showcase.

hashtag
⚙️ Interface & Key Features

The tool offers two primary scanning modes via an intuitive GUI:

  • MEMORY SCAN: Automatically detects the running javaw.exe process and scans mods currently loaded in memory, catching file-renaming / deletion bypasses.

  • DISK SCAN: Allows manual selection of a specific mods folder from the disk for static analysis.

Dashboard Features

  • Search & Filter: Instantly locate specific mods by name or toggle views to focus on Unverified, Not Found, or Detected entries.

  • Smart Alerts: Visual warnings (⚠) appear if the mods folder was modified after the game started, signaling potential "self-destruct" or "hide" tactics.

  • Download Source: Automatically detects and displays the origin URL (e.g., CurseForge, Modrinth) for verified mods if present.

  • Mod Details: Double-clicking any row opens a detailed popup containing file hashes, full paths, and deep analysis data.

USN Journal Monitoring

Advanced filesystem tracking detects evasion attempts in real-time:

  • Deleted/Moved Mods: Files removed or moved out of the folder appear as MOD NOT FOUND entries in red.

  • Modified Mods: Files altered during runtime are highlighted in bold orange.

  • Detailed Logs: View a complete timeline of file events (Create, Delete, Move/Rename, Modify) with precise timestamps.

  • Smart Filtering: Journal checks only show modifications that occurred after Minecraft started (Memory Scan) or after system boot (Disk Scan), preventing false positives.

hashtag
🛡️ Advanced Detection Capabilities

The Dynamic Detection Engine analyzes raw bytecode directly from memory and has been calibrated against over 800 known cheat packages sent to me by RedLotus contributors and staff:

  • Combat Modules: Scans for 175+ unique signatures associated with KillAura, Velocity, Reach, and AutoClicker patterns.

  • Structural Fingerprints: Identifies 47+ unique patterns revealing hidden "Module Managers" and known cheat architectures.

  • Obfuscation Analysis: Detects heavy obfuscation (e.g., >30% single-letter classes) and flow obfuscation techniques often used to hide malicious code.

  • Native Injection: Flags suspicious JNI injection vectors and unauthorized native libraries (.dll / .so) hidden within JAR files.

hashtag
🚀 Technical Optimizations

Engineered for maximum performance and stability during live checks:

  • In-Memory Analysis: Uses miniz to decompress and analyze JAR files directly in RAM. This eliminates temporary files, resolves file lock/permission issues, and speeds up scanning by 10x-50x.

  • Parallel Scanning: Utilizes multithreading to analyze multiple mods simultaneously, scaling performance linearly with CPU cores.

  • Smart Caching: Implements transient caching to provide instant results for files that haven't changed since the last scan.

hashtag
🔗 Download

Link: Download via RedLotus GitHub / Tool Downloaderarrow-up-right

PreviousRedLotus Task SentinelNextRedLotus Alt Checker

Last updated