KsDumper-11/README.md

# KsDumper-11
https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4

## Features
- Auto dumping of selected exe.
- Unloading the KsDumper kernel driver is now supported! An option was added to unload on program exit, or system shutdown/restart.
- Splash screen for when driver is being loaded
- Auto Refresh (every 100ms)
- Suspend, resume, kill process
- Dump any process main module using a kernel driver (both x86 and x64)
- Rebuild PE32/PE64 header and sections
- ^ This can be defeated by stripping pe headers. Once pe headers are stripped, it cant dump.
- Works on protected system processes & processes with stripped handles (anti-cheats)
- Works on Windows 11, it doesnt crash anymore!
![Dev Channel Insider Build Win 11 Ksdumper](https://cdn.discordapp.com/attachments/1022996250037076047/1066538037154152548/image.png)

**Note**: Import table isn't rebuilt.

## Usage
The old way of loading the unsigned ksDumper.sys kernel driver was to use the capcom exploit to map it, this got patched in windows 11.
This one loads the driver with Kernel Driver Utility, or KDU for short. 
I could not get the main fork of the program to work when being built from source. 

This one does though.
https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe

All driver loading is now automated, i plan on putting in a splash screen till the driver loads.
For now, the client wont open until the driver has been loaded, if it fails, it exits. 
I tried to build a logger to output kdu's console output to a file, however it writes black always. Known issue

**Note**: The driver stays loaded until you reboot, so if you close KsDumper11.exe, you can just reopen it !  
**Note2**: Even though it can dump both x86 & x64 processes, this has to run on x64 Windows.

## Disclaimer
Due to the nature of how KDU works to map the kernel driver, it is unknown if the system you run this on 
will have a exploitable driver according to kdu providers.
If you try to boot KsDumper 11 and it fails to start the driver, trying again as administrator.
If it still fails, run the included ManualLoader.bat in the driver folder and post the results as an issue. 
I will be working on making a selector that will get the correct provider for your system, or detect if none are available.

This project has been made available for informational and educational purposes only.
The driver source is not included because i couldnt ever get it to compile on my system. The source can be found on the original reop. 
Considering the nature of this project, it is highly recommended to run it in a `Virtual Environment`. I am not responsible for any crash or damage that could happen to your system.

**Important**: This tool makes no attempt at hiding itself. If you target protected games, the anti-cheat might flag this as a cheat and ban you after a while. Use a `Virtual Environment` !

## References
= https://github.com/EquiFox/KsDumper
- https://github.com/hfiref0x/KDU
- https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe
- https://github.com/not-wlan/drvmap
- https://github.com/Zer0Mem0ry/KernelBhop
- https://github.com/NtQuery/Scylla/
- http://terminus.rewolf.pl/terminus/
- https://www.unknowncheats.me/

## Compile Yourself
- Requires Visual Studio 2022
- Requires .NET 4.8
Create README.md 2023-01-22 02:01:26 +01:00			`# KsDumper-11`
Readme Update 2023-01-23 05:48:54 +01:00			`https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4`
Main upload 2023-01-22 02:32:57 +01:00
			`## Features`
			`- Auto dumping of selected exe.`
README.md Update 2023-01-23 05:35:01 +01:00			`- Unloading the KsDumper kernel driver is now supported! An option was added to unload on program exit, or system shutdown/restart.`
			`- Splash screen for when driver is being loaded`
Main upload 2023-01-22 02:32:57 +01:00			`- Auto Refresh (every 100ms)`
			`- Suspend, resume, kill process`
			`- Dump any process main module using a kernel driver (both x86 and x64)`
			`- Rebuild PE32/PE64 header and sections`
README.md Update 2023-01-22 23:39:31 +01:00			`- ^ This can be defeated by stripping pe headers. Once pe headers are stripped, it cant dump.`
Main upload 2023-01-22 02:32:57 +01:00			`- Works on protected system processes & processes with stripped handles (anti-cheats)`
More spelling 2023-01-22 03:06:14 +01:00			`- Works on Windows 11, it doesnt crash anymore!`
Updated to darkmode windows 11 screenshot 2023-01-22 03:02:24 +01:00			`![Dev Channel Insider Build Win 11 Ksdumper](https://cdn.discordapp.com/attachments/1022996250037076047/1066538037154152548/image.png)`
Main upload 2023-01-22 02:32:57 +01:00
			`Note: Import table isn't rebuilt.`

			`## Usage`
			`The old way of loading the unsigned ksDumper.sys kernel driver was to use the capcom exploit to map it, this got patched in windows 11.`
			`This one loads the driver with Kernel Driver Utility, or KDU for short.`
			`I could not get the main fork of the program to work when being built from source.`

			`This one does though.`
			`https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe`

			`All driver loading is now automated, i plan on putting in a splash screen till the driver loads.`
			`For now, the client wont open until the driver has been loaded, if it fails, it exits.`
			`I tried to build a logger to output kdu's console output to a file, however it writes black always. Known issue`

Fixed spelling mistake 2023-01-22 03:04:37 +01:00			`Note: The driver stays loaded until you reboot, so if you close KsDumper11.exe, you can just reopen it !`
Main upload 2023-01-22 02:32:57 +01:00			`Note2: Even though it can dump both x86 & x64 processes, this has to run on x64 Windows.`

			`## Disclaimer`
Spelling 2023-01-22 03:19:18 +01:00			`Due to the nature of how KDU works to map the kernel driver, it is unknown if the system you run this on`
Disclaimer add 2023-01-22 03:17:19 +01:00			`will have a exploitable driver according to kdu providers.`
			`If you try to boot KsDumper 11 and it fails to start the driver, trying again as administrator.`
Spelling 2023-01-22 03:19:49 +01:00			`If it still fails, run the included ManualLoader.bat in the driver folder and post the results as an issue.`
Spelling 2023-01-22 03:19:18 +01:00			`I will be working on making a selector that will get the correct provider for your system, or detect if none are available.`
Disclaimer add 2023-01-22 03:17:19 +01:00
Main upload 2023-01-22 02:32:57 +01:00			`This project has been made available for informational and educational purposes only.`
			`The driver source is not included because i couldnt ever get it to compile on my system. The source can be found on the original reop.`
			Considering the nature of this project, it is highly recommended to run it in a `Virtual Environment`. I am not responsible for any crash or damage that could happen to your system.

			Important: This tool makes no attempt at hiding itself. If you target protected games, the anti-cheat might flag this as a cheat and ban you after a while. Use a `Virtual Environment` !

			`## References`
References update 2023-01-22 03:08:30 +01:00			`= https://github.com/EquiFox/KsDumper`
Main upload 2023-01-22 02:32:57 +01:00			`- https://github.com/hfiref0x/KDU`
			`- https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe`
			`- https://github.com/not-wlan/drvmap`
			`- https://github.com/Zer0Mem0ry/KernelBhop`
			`- https://github.com/NtQuery/Scylla/`
			`- http://terminus.rewolf.pl/terminus/`
			`- https://www.unknowncheats.me/`

			`## Compile Yourself`
			`- Requires Visual Studio 2022`
			`- Requires .NET 4.8`