Cool_Tools/KsDumper-11
1
0
Fork 0
mirror of https://github.com/mastercodeon314/KsDumper-11.git synced 2025-02-17 11:08:40 +01:00
Code Releases Activity

v1.3.4

Browse Source
This commit is contained in:
Dennis Nedry 2024-02-22 00:51:22 -06:00
parent cfc2489f19
commit 58a0d27fd7
24 changed files with 708 additions and 1420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DarkControls/DarkControls.csproj
View File

@ -46,7 +46,7 @@
<DefineConstants>TRACE</DefineConstants>
<Optimize>true</Optimize>
<DebugType>pdbonly</DebugType>
<PlatformTarget>x64</PlatformTarget>
<PlatformTarget>AnyCPU</PlatformTarget>
<LangVersion>7.3</LangVersion>
<ErrorReport>prompt</ErrorReport>
</PropertyGroup>

29
DriverInterface/KduWrapper.cs
View File

@ -36,7 +36,7 @@ namespace KsDumper11
private bool _IsDirty = false;
public event EventHandler IsDirtyChanged;
//public event EventHandler IsDirtyChanged;
public bool IsDirty
{
@ -70,8 +70,6 @@ namespace KsDumper11
//crashMon = new CrashMon();
kduSettingsJson = new KduProviderSettings();
Application.ThreadExit += Application_ThreadExit;
}
public void SetDefaultProvider(int providerID)
@ -96,29 +94,6 @@ namespace KsDumper11
IsDirty = false;
SaveProviders();
//foreach (KduProvider prov in providers)
//{
// string non_W = "[NOT WORKING] ";
// string W_ = "[WORKING] ";
// prov.ProviderName = prov.ProviderName.Replace(non_W, "").Replace(W_, "");
//}
//kduSettingsJson.DefaultProvider = -1;
//IsDirty = false;
//SaveProviders();
}
private void Application_ThreadExit(object sender, EventArgs e)
{
// Create a setting for the user to determine if they want to unload the driver upon exit of KsDumper 11
//if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
//{
// KsDumperDriverInterface.OpenKsDumperDriver().UnloadDriver();
//}
}
public void LoadProviders()
@ -362,7 +337,7 @@ namespace KsDumper11
}
else
{
// alert the user to the fact they probaly need to clear the settings jsons
// alert the user to the fact they probably need to clear the settings jsons
}
}

269
KsDumper11/Dumper.Designer.cs → KsDumper11/DumperForm.Designer.cs generated
View File

@ -1,9 +1,7 @@
namespace KsDumper11
{
// Token: 0x02000002 RID: 2
public partial class Dumper : global::System.Windows.Forms.Form
public partial class DumperForm : global::System.Windows.Forms.Form
{
// Token: 0x0600002C RID: 44 RVA: 0x00002ACC File Offset: 0x00000CCC
protected override void Dispose(bool disposing)
{
bool flag = disposing && this.components != null;
@ -14,11 +12,10 @@
base.Dispose(disposing);
}
// Token: 0x0600002D RID: 45 RVA: 0x00002B04 File Offset: 0x00000D04
private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(Dumper));
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(DumperForm));
this.groupBox1 = new System.Windows.Forms.GroupBox();
this.logsTextBox = new System.Windows.Forms.RichTextBox();
this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
@ -29,7 +26,7 @@
this.resumeProcessToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.killProcessToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.fileDumpBtn = new System.Windows.Forms.Button();
this.transparentLabel1 = new DarkControls.Controls.TransparentLabel();
this.titleLbl = new DarkControls.Controls.TransparentLabel();
this.closeBtn = new DarkControls.Controls.WindowsDefaultTitleBarButton();
this.refreshBtn = new System.Windows.Forms.Button();
this.autoRefreshCheckBox = new DarkControls.Controls.DarkCheckBox();
@ -44,9 +41,10 @@
this.EntryPointHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.ImageSizeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.ImageTypeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.debuggerTrigger = new KsDumper11.Trigger();
this.trigger1 = new KsDumper11.Trigger();
this.providerBtn = new DarkControls.Controls.DarkButton();
this.trigger1 = new KsDumper11.Trigger();
this.debuggerTrigger = new KsDumper11.Trigger();
this.antiantiDebuggerToolsBox = new DarkControls.Controls.DarkCheckBox();
this.groupBox1.SuspendLayout();
this.contextMenuStrip1.SuspendLayout();
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).BeginInit();
@ -56,11 +54,9 @@
//
this.groupBox1.Controls.Add(this.logsTextBox);
this.groupBox1.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.groupBox1.Location = new System.Drawing.Point(16, 630);
this.groupBox1.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.groupBox1.Location = new System.Drawing.Point(12, 512);
this.groupBox1.Name = "groupBox1";
this.groupBox1.Padding = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.groupBox1.Size = new System.Drawing.Size(1316, 273);
this.groupBox1.Size = new System.Drawing.Size(987, 222);
this.groupBox1.TabIndex = 5;
this.groupBox1.TabStop = false;
this.groupBox1.Text = "Logs";
@ -70,12 +66,11 @@
this.logsTextBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.logsTextBox.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.logsTextBox.ForeColor = System.Drawing.Color.Silver;
this.logsTextBox.Location = new System.Drawing.Point(16, 23);
this.logsTextBox.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.logsTextBox.Location = new System.Drawing.Point(12, 19);
this.logsTextBox.Name = "logsTextBox";
this.logsTextBox.ReadOnly = true;
this.logsTextBox.ScrollBars = System.Windows.Forms.RichTextBoxScrollBars.Vertical;
this.logsTextBox.Size = new System.Drawing.Size(1289, 242);
this.logsTextBox.Size = new System.Drawing.Size(967, 197);
this.logsTextBox.TabIndex = 0;
this.logsTextBox.Text = "";
this.logsTextBox.TextChanged += new System.EventHandler(this.logsTextBox_TextChanged);
@ -91,46 +86,46 @@
this.resumeProcessToolStripMenuItem,
this.killProcessToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
this.contextMenuStrip1.Size = new System.Drawing.Size(190, 130);
this.contextMenuStrip1.Size = new System.Drawing.Size(163, 120);
this.contextMenuStrip1.Opening += new System.ComponentModel.CancelEventHandler(this.contextMenuStrip1_Opening);
//
// dumpMainModuleToolStripMenuItem
//
this.dumpMainModuleToolStripMenuItem.Name = "dumpMainModuleToolStripMenuItem";
this.dumpMainModuleToolStripMenuItem.Size = new System.Drawing.Size(189, 24);
this.dumpMainModuleToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.dumpMainModuleToolStripMenuItem.Text = "Dump Process";
this.dumpMainModuleToolStripMenuItem.Click += new System.EventHandler(this.dumpMainModuleToolStripMenuItem_Click);
//
// toolStripSeparator1
//
this.toolStripSeparator1.Name = "toolStripSeparator1";
this.toolStripSeparator1.Size = new System.Drawing.Size(186, 6);
this.toolStripSeparator1.Size = new System.Drawing.Size(159, 6);
//
// openInExplorerToolStripMenuItem
//
this.openInExplorerToolStripMenuItem.Name = "openInExplorerToolStripMenuItem";
this.openInExplorerToolStripMenuItem.Size = new System.Drawing.Size(189, 24);
this.openInExplorerToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.openInExplorerToolStripMenuItem.Text = "Open In Explorer";
this.openInExplorerToolStripMenuItem.Click += new System.EventHandler(this.openInExplorerToolStripMenuItem_Click);
//
// suspendProcessToolStripMenuItem
//
this.suspendProcessToolStripMenuItem.Name = "suspendProcessToolStripMenuItem";
this.suspendProcessToolStripMenuItem.Size = new System.Drawing.Size(189, 24);
this.suspendProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.suspendProcessToolStripMenuItem.Text = "Suspend process";
this.suspendProcessToolStripMenuItem.Click += new System.EventHandler(this.suspendProcessToolStripMenuItem_Click);
//
// resumeProcessToolStripMenuItem
//
this.resumeProcessToolStripMenuItem.Name = "resumeProcessToolStripMenuItem";
this.resumeProcessToolStripMenuItem.Size = new System.Drawing.Size(189, 24);
this.resumeProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.resumeProcessToolStripMenuItem.Text = "Resume process";
this.resumeProcessToolStripMenuItem.Click += new System.EventHandler(this.resumeProcessToolStripMenuItem_Click);
//
// killProcessToolStripMenuItem
//
this.killProcessToolStripMenuItem.Name = "killProcessToolStripMenuItem";
this.killProcessToolStripMenuItem.Size = new System.Drawing.Size(189, 24);
this.killProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.killProcessToolStripMenuItem.Text = "Kill process";
this.killProcessToolStripMenuItem.Click += new System.EventHandler(this.killProcessToolStripMenuItem_Click);
//
@ -139,24 +134,23 @@
this.fileDumpBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.fileDumpBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.fileDumpBtn.ForeColor = System.Drawing.Color.Silver;
this.fileDumpBtn.Location = new System.Drawing.Point(303, 60);
this.fileDumpBtn.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.fileDumpBtn.Location = new System.Drawing.Point(227, 49);
this.fileDumpBtn.Name = "fileDumpBtn";
this.fileDumpBtn.Size = new System.Drawing.Size(100, 28);
this.fileDumpBtn.Size = new System.Drawing.Size(75, 23);
this.fileDumpBtn.TabIndex = 1;
this.fileDumpBtn.Text = "Dump File";
this.fileDumpBtn.UseVisualStyleBackColor = false;
this.fileDumpBtn.Click += new System.EventHandler(this.fileDumpBtn_Click);
//
// transparentLabel1
// titleLbl
//
this.transparentLabel1.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.transparentLabel1.Location = new System.Drawing.Point(43, 5);
this.transparentLabel1.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.transparentLabel1.Name = "transparentLabel1";
this.transparentLabel1.Size = new System.Drawing.Size(144, 25);
this.transparentLabel1.TabIndex = 8;
this.transparentLabel1.Text = "KsDumper 11";
this.titleLbl.AutoSize = true;
this.titleLbl.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.titleLbl.Location = new System.Drawing.Point(32, 7);
this.titleLbl.Name = "titleLbl";
this.titleLbl.Size = new System.Drawing.Size(106, 20);
this.titleLbl.TabIndex = 8;
this.titleLbl.Text = "KsDumper 11";
//
// closeBtn
//
@ -167,10 +161,9 @@
this.closeBtn.HoverIconColor = System.Drawing.Color.Black;
this.closeBtn.IconColor = System.Drawing.Color.Black;
this.closeBtn.IconLineThickness = 2;
this.closeBtn.Location = new System.Drawing.Point(1292, 1);
this.closeBtn.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.closeBtn.Location = new System.Drawing.Point(969, 1);
this.closeBtn.Name = "closeBtn";
this.closeBtn.Size = new System.Drawing.Size(53, 49);
this.closeBtn.Size = new System.Drawing.Size(40, 40);
this.closeBtn.TabIndex = 7;
this.closeBtn.Text = "windowsDefaultTitleBarButton1";
this.closeBtn.UseVisualStyleBackColor = true;
@ -180,10 +173,9 @@
this.refreshBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.refreshBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.refreshBtn.ForeColor = System.Drawing.Color.Silver;
this.refreshBtn.Location = new System.Drawing.Point(16, 60);
this.refreshBtn.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.refreshBtn.Location = new System.Drawing.Point(12, 49);
this.refreshBtn.Name = "refreshBtn";
this.refreshBtn.Size = new System.Drawing.Size(100, 28);
this.refreshBtn.Size = new System.Drawing.Size(75, 23);
this.refreshBtn.TabIndex = 10;
this.refreshBtn.Text = "Refresh";
this.refreshBtn.UseVisualStyleBackColor = false;
@ -197,10 +189,9 @@
this.autoRefreshCheckBox.CheckColor = System.Drawing.Color.CornflowerBlue;
this.autoRefreshCheckBox.FlatAppearance.BorderSize = 0;
this.autoRefreshCheckBox.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.autoRefreshCheckBox.Location = new System.Drawing.Point(124, 60);
this.autoRefreshCheckBox.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.autoRefreshCheckBox.Location = new System.Drawing.Point(93, 49);
this.autoRefreshCheckBox.Name = "autoRefreshCheckBox";
this.autoRefreshCheckBox.Size = new System.Drawing.Size(131, 28);
this.autoRefreshCheckBox.Size = new System.Drawing.Size(98, 23);
this.autoRefreshCheckBox.TabIndex = 11;
this.autoRefreshCheckBox.Text = "Auto Refresh";
this.autoRefreshCheckBox.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
@ -212,10 +203,9 @@
this.hideSystemProcessBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.hideSystemProcessBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.hideSystemProcessBtn.ForeColor = System.Drawing.Color.Silver;
this.hideSystemProcessBtn.Location = new System.Drawing.Point(1000, 60);
this.hideSystemProcessBtn.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.hideSystemProcessBtn.Location = new System.Drawing.Point(750, 49);
this.hideSystemProcessBtn.Name = "hideSystemProcessBtn";
this.hideSystemProcessBtn.Size = new System.Drawing.Size(183, 28);
this.hideSystemProcessBtn.Size = new System.Drawing.Size(137, 23);
this.hideSystemProcessBtn.TabIndex = 12;
this.hideSystemProcessBtn.Text = "Show System Processes";
this.hideSystemProcessBtn.UseVisualStyleBackColor = false;
@ -229,10 +219,9 @@
this.closeDriverOnExitBox.CheckColor = System.Drawing.Color.CornflowerBlue;
this.closeDriverOnExitBox.FlatAppearance.BorderSize = 0;
this.closeDriverOnExitBox.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.closeDriverOnExitBox.Location = new System.Drawing.Point(815, 60);
this.closeDriverOnExitBox.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.closeDriverOnExitBox.Location = new System.Drawing.Point(361, 48);
this.closeDriverOnExitBox.Name = "closeDriverOnExitBox";
this.closeDriverOnExitBox.Size = new System.Drawing.Size(177, 28);
this.closeDriverOnExitBox.Size = new System.Drawing.Size(133, 23);
this.closeDriverOnExitBox.TabIndex = 13;
this.closeDriverOnExitBox.Text = "Close Driver on Exit";
this.closeDriverOnExitBox.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
@ -245,11 +234,10 @@
this.appIcon1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.appIcon1.DragForm = this;
this.appIcon1.Image = ((System.Drawing.Image)(resources.GetObject("appIcon1.Image")));
this.appIcon1.Location = new System.Drawing.Point(7, 5);
this.appIcon1.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.appIcon1.Location = new System.Drawing.Point(5, 4);
this.appIcon1.Name = "appIcon1";
this.appIcon1.Scale = 3.5F;
this.appIcon1.Size = new System.Drawing.Size(37, 34);
this.appIcon1.Size = new System.Drawing.Size(28, 28);
this.appIcon1.TabIndex = 9;
this.appIcon1.TabStop = false;
//
@ -269,12 +257,11 @@
this.processList.ForeColor = System.Drawing.Color.Silver;
this.processList.FullRowSelect = true;
this.processList.HideSelection = false;
this.processList.Location = new System.Drawing.Point(16, 96);
this.processList.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.processList.Location = new System.Drawing.Point(12, 78);
this.processList.MultiSelect = false;
this.processList.Name = "processList";
this.processList.OwnerDraw = true;
this.processList.Size = new System.Drawing.Size(1316, 527);
this.processList.Size = new System.Drawing.Size(987, 428);
this.processList.Sorting = System.Windows.Forms.SortOrder.Ascending;
this.processList.SystemProcessesHidden = true;
this.processList.TabIndex = 2;
@ -316,45 +303,61 @@
this.ImageTypeHeader.Text = "Image Type";
this.ImageTypeHeader.Width = 76;
//
// debuggerTrigger
//
this.debuggerTrigger.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.debuggerTrigger.Location = new System.Drawing.Point(645, 34);
this.debuggerTrigger.Margin = new System.Windows.Forms.Padding(5, 5, 5, 5);
this.debuggerTrigger.Name = "debuggerTrigger";
this.debuggerTrigger.Size = new System.Drawing.Size(20, 16);
this.debuggerTrigger.TabIndex = 15;
//
// trigger1
//
this.trigger1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.trigger1.Location = new System.Drawing.Point(591, 34);
this.trigger1.Margin = new System.Windows.Forms.Padding(5, 5, 5, 5);
this.trigger1.Name = "trigger1";
this.trigger1.Size = new System.Drawing.Size(47, 30);
this.trigger1.TabIndex = 16;
this.trigger1.Load += new System.EventHandler(this.trigger1_Load);
//
// providerBtn
//
this.providerBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.providerBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.providerBtn.ForeColor = System.Drawing.Color.Silver;
this.providerBtn.Location = new System.Drawing.Point(1191, 60);
this.providerBtn.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.providerBtn.Location = new System.Drawing.Point(893, 49);
this.providerBtn.Name = "providerBtn";
this.providerBtn.Size = new System.Drawing.Size(141, 28);
this.providerBtn.Size = new System.Drawing.Size(106, 23);
this.providerBtn.TabIndex = 17;
this.providerBtn.Text = "Provider Selector";
this.providerBtn.UseVisualStyleBackColor = true;
this.providerBtn.Click += new System.EventHandler(this.providerBtn_Click);
//
// Dumper
// trigger1
//
this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F);
this.trigger1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.trigger1.Location = new System.Drawing.Point(443, 28);
this.trigger1.Margin = new System.Windows.Forms.Padding(4);
this.trigger1.Name = "trigger1";
this.trigger1.Size = new System.Drawing.Size(35, 24);
this.trigger1.TabIndex = 16;
//
// debuggerTrigger
//
this.debuggerTrigger.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.debuggerTrigger.Location = new System.Drawing.Point(484, 28);
this.debuggerTrigger.Margin = new System.Windows.Forms.Padding(4);
this.debuggerTrigger.Name = "debuggerTrigger";
this.debuggerTrigger.Size = new System.Drawing.Size(15, 13);
this.debuggerTrigger.TabIndex = 15;
//
// antiantiDebuggerToolsBox
//
this.antiantiDebuggerToolsBox.Appearance = System.Windows.Forms.Appearance.Button;
this.antiantiDebuggerToolsBox.BoxBorderColor = System.Drawing.Color.DarkSlateBlue;
this.antiantiDebuggerToolsBox.BoxFillColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.antiantiDebuggerToolsBox.CheckColor = System.Drawing.Color.CornflowerBlue;
this.antiantiDebuggerToolsBox.FlatAppearance.BorderSize = 0;
this.antiantiDebuggerToolsBox.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.antiantiDebuggerToolsBox.Location = new System.Drawing.Point(500, 48);
this.antiantiDebuggerToolsBox.Name = "antiantiDebuggerToolsBox";
this.antiantiDebuggerToolsBox.Size = new System.Drawing.Size(244, 23);
this.antiantiDebuggerToolsBox.TabIndex = 18;
this.antiantiDebuggerToolsBox.Text = "Enable Anti Anti Debugger Tools Detection";
this.antiantiDebuggerToolsBox.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
this.antiantiDebuggerToolsBox.UseVisualStyleBackColor = true;
this.antiantiDebuggerToolsBox.CheckedChanged += new System.EventHandler(this.antiantiDebuggerToolsBox_CheckedChanged);
//
// DumperForm
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(1345, 918);
this.ClientSize = new System.Drawing.Size(1009, 746);
this.Controls.Add(this.antiantiDebuggerToolsBox);
this.Controls.Add(this.providerBtn);
this.Controls.Add(this.trigger1);
this.Controls.Add(this.debuggerTrigger);
@ -367,100 +370,52 @@
this.Controls.Add(this.groupBox1);
this.Controls.Add(this.processList);
this.Controls.Add(this.appIcon1);
this.Controls.Add(this.transparentLabel1);
this.Controls.Add(this.titleLbl);
this.DoubleBuffered = true;
this.ForeColor = System.Drawing.Color.Silver;
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.Margin = new System.Windows.Forms.Padding(4, 4, 4, 4);
this.MaximizeBox = false;
this.Name = "Dumper";
this.Name = "DumperForm";
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "KsDumper 11";
this.Text = "Actions";
this.Load += new System.EventHandler(this.Dumper_Load);
this.groupBox1.ResumeLayout(false);
this.contextMenuStrip1.ResumeLayout(false);
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).EndInit();
this.ResumeLayout(false);
this.PerformLayout();
}
// Token: 0x04000012 RID: 18
private global::System.ComponentModel.IContainer components = null;
// Token: 0x04000013 RID: 19
private global::KsDumper11.Utility.ProcessListView processList;
// Token: 0x04000014 RID: 20
private global::System.Windows.Forms.ColumnHeader PIDHeader;
// Token: 0x04000015 RID: 21
private global::System.Windows.Forms.ColumnHeader NameHeader;
// Token: 0x04000016 RID: 22
private global::System.Windows.Forms.ColumnHeader PathHeader;
// Token: 0x04000017 RID: 23
private global::System.Windows.Forms.ColumnHeader BaseAddressHeader;
// Token: 0x04000018 RID: 24
private global::System.Windows.Forms.ColumnHeader EntryPointHeader;
// Token: 0x04000019 RID: 25
private global::System.Windows.Forms.ColumnHeader ImageSizeHeader;
// Token: 0x0400001A RID: 26
private global::System.Windows.Forms.ColumnHeader ImageTypeHeader;
// Token: 0x0400001B RID: 27
private global::System.Windows.Forms.GroupBox groupBox1;
// Token: 0x0400001C RID: 28
private global::System.Windows.Forms.RichTextBox logsTextBox;
// Token: 0x0400001D RID: 29
private global::System.Windows.Forms.ContextMenuStrip contextMenuStrip1;
// Token: 0x0400001E RID: 30
private global::System.Windows.Forms.ToolStripMenuItem dumpMainModuleToolStripMenuItem;
// Token: 0x0400001F RID: 31
private global::System.Windows.Forms.ToolStripSeparator toolStripSeparator1;
// Token: 0x04000020 RID: 32
private global::System.Windows.Forms.ToolStripMenuItem openInExplorerToolStripMenuItem;
// Token: 0x04000021 RID: 33
private global::System.Windows.Forms.ToolStripMenuItem suspendProcessToolStripMenuItem;
// Token: 0x04000022 RID: 34
private global::System.Windows.Forms.ToolStripMenuItem resumeProcessToolStripMenuItem;
// Token: 0x04000023 RID: 35
private global::System.Windows.Forms.ToolStripMenuItem killProcessToolStripMenuItem;
// Token: 0x04000024 RID: 36
private global::System.Windows.Forms.Button fileDumpBtn;
// Token: 0x04000025 RID: 37
private global::DarkControls.Controls.WindowsDefaultTitleBarButton closeBtn;
// Token: 0x04000026 RID: 38
private global::DarkControls.Controls.TransparentLabel transparentLabel1;
// Token: 0x04000027 RID: 39
private global::DarkControls.Controls.AppIcon appIcon1;
// Token: 0x04000028 RID: 40
private global::System.Windows.Forms.Button refreshBtn;
// Token: 0x04000029 RID: 41
private global::DarkControls.Controls.DarkCheckBox autoRefreshCheckBox;
// Token: 0x0400002A RID: 42
private global::System.Windows.Forms.Button hideSystemProcessBtn;
private System.ComponentModel.IContainer components = null;
private KsDumper11.Utility.ProcessListView processList;
private System.Windows.Forms.ColumnHeader PIDHeader;
private System.Windows.Forms.ColumnHeader NameHeader;
private System.Windows.Forms.ColumnHeader PathHeader;
private System.Windows.Forms.ColumnHeader BaseAddressHeader;
private System.Windows.Forms.ColumnHeader EntryPointHeader;
private System.Windows.Forms.ColumnHeader ImageSizeHeader;
private System.Windows.Forms.ColumnHeader ImageTypeHeader;
private System.Windows.Forms.GroupBox groupBox1;
private System.Windows.Forms.RichTextBox logsTextBox;
private System.Windows.Forms.ContextMenuStrip contextMenuStrip1;
private System.Windows.Forms.ToolStripMenuItem dumpMainModuleToolStripMenuItem;
private System.Windows.Forms.ToolStripSeparator toolStripSeparator1;
private System.Windows.Forms.ToolStripMenuItem openInExplorerToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem suspendProcessToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem resumeProcessToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem killProcessToolStripMenuItem;
private System.Windows.Forms.Button fileDumpBtn;
private DarkControls.Controls.WindowsDefaultTitleBarButton closeBtn;
private DarkControls.Controls.TransparentLabel titleLbl;
private DarkControls.Controls.AppIcon appIcon1;
private System.Windows.Forms.Button refreshBtn;
private DarkControls.Controls.DarkCheckBox autoRefreshCheckBox;
private System.Windows.Forms.Button hideSystemProcessBtn;
private DarkControls.Controls.DarkCheckBox closeDriverOnExitBox;
private Trigger debuggerTrigger;
private Trigger trigger1;
private DarkControls.Controls.DarkButton providerBtn;
private DarkControls.Controls.DarkCheckBox antiantiDebuggerToolsBox;
}
}

481
KsDumper11/Dumper.cs → KsDumper11/DumperForm.cs
View File

@ -4,21 +4,20 @@ using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using DarkControls;
using DarkControls.Controls;
using KsDumper11.Driver;
using KsDumper11.PE;
using KsDumper11.Utility;
using System.Collections.Generic;
using System.Reflection.Emit;
namespace KsDumper11
{
// Token: 0x02000002 RID: 2
public partial class Dumper : Form
public partial class DumperForm : Form
{
// Token: 0x17000001 RID: 1
// (get) Token: 0x06000001 RID: 1 RVA: 0x00002048 File Offset: 0x00000248
protected override CreateParams CreateParams
{
get
@ -29,81 +28,117 @@ namespace KsDumper11
}
}
// Token: 0x06000002 RID: 2
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
// Token: 0x06000003 RID: 3
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int OpenProcessToken(int ProcessHandle, int DesiredAccess, ref int tokenhandle);
// Token: 0x06000004 RID: 4
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern int GetCurrentProcess();
// Token: 0x06000005 RID: 5
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int LookupPrivilegeValue(string lpsystemname, string lpname, ref long lpLuid);
// Token: 0x06000006 RID: 6
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int AdjustTokenPrivileges(int tokenhandle, int disableprivs, ref Dumper.TOKEN_PRIVILEGES Newstate, int bufferlength, int PreivousState, int Returnlength);
// Token: 0x06000007 RID: 7
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int GetSecurityInfo(int HANDLE, int SE_OBJECT_TYPE, int SECURITY_INFORMATION, int psidOwner, int psidGroup, out IntPtr pDACL, IntPtr pSACL, out IntPtr pSecurityDescriptor);
// Token: 0x06000008 RID: 8
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int SetSecurityInfo(int HANDLE, int SE_OBJECT_TYPE, int SECURITY_INFORMATION, int psidOwner, int psidGroup, IntPtr pDACL, IntPtr pSACL);
// Token: 0x06000009 RID: 9
[DllImport("ntdll.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ZwSuspendProcess(IntPtr hProcess);
// Token: 0x0600000A RID: 10
[DllImport("ntdll.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ZwResumeProcess(IntPtr hProcess);
// Token: 0x0600000B RID: 11
[DllImport("kernel32")]
public static extern void GetSystemInfo(ref Dumper.SYSTEM_INFO pSI);
// Token: 0x0600000C RID: 12
[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
// Token: 0x0600000D RID: 13
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle(IntPtr hObject);
// Token: 0x0600000E RID: 14
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr CreateToolhelp32Snapshot([In] uint dwFlags, [In] uint th32ProcessID);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
private struct TOKEN_PRIVILEGES
{
public int PrivilegeCount;
// Token: 0x0600000F RID: 15
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool Process32First([In] IntPtr hSnapshot, ref Dumper.PROCESSENTRY32 lppe);
public long Luid;
// Token: 0x06000010 RID: 16
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool Process32Next([In] IntPtr hSnapshot, ref Dumper.PROCESSENTRY32 lppe);
public int Attributes;
}
// Token: 0x06000011 RID: 17
[DllImport("ntdll.dll", SetLastError = true)]
private static extern int NtQueryInformationProcess(IntPtr processHandle, int processInformationClass, ref Dumper.PROCESS_BASIC_INFORMATION processInformation, uint processInformationLength, out int returnLength);
public struct SYSTEM_INFO
{
public uint dwOemId;
public uint dwPageSize;
public uint lpMinimumApplicationAddress;
public uint lpMaximumApplicationAddress;
public uint dwActiveProcessorMask;
public uint dwNumberOfProcessors;
public uint dwProcessorType;
public uint dwAllocationGranularity;
public uint dwProcessorLevel;
public uint dwProcessorRevision;
}
bool skip = false;
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
private struct PROCESSENTRY32
{
private const int MAX_PATH = 260;
internal uint dwSize;
internal uint cntUsage;
internal uint th32ProcessID;
internal IntPtr th32DefaultHeapID;
internal uint th32ModuleID;
internal uint cntThreads;
internal uint th32ParentProcessID;
internal int pcPriClassBase;
internal uint dwFlags;
// Token: 0x06000012 RID: 18 RVA: 0x00002078 File Offset: 0x00000278
public Dumper()
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
internal string szExeFile;
}
[StructLayout(LayoutKind.Sequential, Pack = 1)]
private struct PROCESS_BASIC_INFORMATION
{
public int Size
{
get
{
return 24;
}
}
public int ExitStatus;
public int PebBaseAddress;
public int AffinityMask;
public int BasePriority;
public int UniqueProcessId;
public int InheritedFromUniqueProcessId;
}
private readonly KsDumperDriverInterface driver;
private readonly ProcessDumper dumper;
private System.Windows.Forms.Timer t;
bool skip_closeDriverOnExitBox_CheckedChanged_Event = false;
bool skip_antiantiDebuggerToolsBox_CheckedChanged_Event = false;
List<LabelInfo> labelInfos = new List<LabelInfo>();
JsonSettingsManager settingsManager;
LabelDrawer labelDrawer;
public DumperForm()
{
this.InitializeComponent();
closeDriverOnExitBox.Checked = Properties.Settings.Default.closeDriverOnExitSettings;
settingsManager = new JsonSettingsManager();
skip_closeDriverOnExitBox_CheckedChanged_Event = true;
closeDriverOnExitBox.Checked = settingsManager.JsonSettings.closeDriverOnExit;
skip_closeDriverOnExitBox_CheckedChanged_Event = true;
antiantiDebuggerToolsBox.Checked = settingsManager.JsonSettings.enableAntiAntiDebuggerTools;
this.FormClosing += Dumper_FormClosing;
this.Disposed += Dumper_Disposed;
this.appIcon1.DragForm = this;
@ -124,9 +159,31 @@ namespace KsDumper11
this.LoadProcessList();
}
private void Dumper_Load(object sender, EventArgs e)
{
if (antiantiDebuggerToolsBox.Checked)
{
labelDrawer = new LabelDrawer(this);
SnifferBypass.SelfTitle(this.Handle);
foreach (Control ctrl in this.Controls)
{
if (ctrl == groupBox1) continue;
SnifferBypass.SelfTitle(ctrl.Handle);
}
this.Text = SnifferBypass.GenerateRandomString(this.Text.Length);
}
Logger.OnLog += this.Logger_OnLog;
Logger.Log("KsDumper 11 - [By EquiFox] Given Newlife", Array.Empty<object>());
}
private void Dumper_Disposed(object sender, EventArgs e)
{
if (Properties.Settings.Default.closeDriverOnExitSettings)
if (settingsManager.JsonSettings.closeDriverOnExit)
{
driver.UnloadDriver();
}
@ -134,8 +191,26 @@ namespace KsDumper11
private void closeDriverOnExitBox_CheckedChanged(object sender, EventArgs e)
{
Properties.Settings.Default.closeDriverOnExitSettings = closeDriverOnExitBox.Checked;
Properties.Settings.Default.Save();
if (skip_closeDriverOnExitBox_CheckedChanged_Event)
{
skip_closeDriverOnExitBox_CheckedChanged_Event = false;
return;
}
settingsManager.JsonSettings.closeDriverOnExit = closeDriverOnExitBox.Checked;
settingsManager.Save();
}
private void antiantiDebuggerToolsBox_CheckedChanged(object sender, EventArgs e)
{
if (skip_antiantiDebuggerToolsBox_CheckedChanged_Event)
{
skip_antiantiDebuggerToolsBox_CheckedChanged_Event = false;
return;
}
settingsManager.JsonSettings.enableAntiAntiDebuggerTools = antiantiDebuggerToolsBox.Checked;
settingsManager.Save();
}
private void Dumper_FormClosing(object sender, FormClosingEventArgs e)
@ -146,7 +221,6 @@ namespace KsDumper11
}
}
// Token: 0x06000013 RID: 19 RVA: 0x000021C4 File Offset: 0x000003C4
protected override void WndProc(ref Message m)
{
base.WndProc(ref m);
@ -157,7 +231,6 @@ namespace KsDumper11
}
}
// Token: 0x06000014 RID: 20 RVA: 0x000021FC File Offset: 0x000003FC
private void processList_ColumnWidthChanging(object sender, ColumnWidthChangingEventArgs e)
{
Console.Write("Column Resizing");
@ -165,14 +238,8 @@ namespace KsDumper11
e.Cancel = true;
}
// Token: 0x06000015 RID: 21 RVA: 0x00002234 File Offset: 0x00000434
private void Dumper_Load(object sender, EventArgs e)
{
Logger.OnLog += this.Logger_OnLog;
Logger.Log("KsDumper 11 - [By EquiFox] Given Newlife", Array.Empty<object>());
}
// Token: 0x06000016 RID: 22 RVA: 0x0000225C File Offset: 0x0000045C
private void LoadProcessList()
{
bool flag = this.driver.HasValidHandle();
@ -191,7 +258,6 @@ namespace KsDumper11
}
}
// Token: 0x06000017 RID: 23 RVA: 0x000022B4 File Offset: 0x000004B4
private bool DumpProcess(ProcessSummary process)
{
bool flag = this.driver.HasValidHandle();
@ -244,7 +310,6 @@ namespace KsDumper11
return flag2;
}
// Token: 0x06000018 RID: 24 RVA: 0x00002340 File Offset: 0x00000540
private bool DumpProcess(Process process)
{
bool flag = this.driver.HasValidHandle();
@ -298,14 +363,12 @@ namespace KsDumper11
return flag3;
}
// Token: 0x06000019 RID: 25 RVA: 0x000024EC File Offset: 0x000006EC
private void dumpMainModuleToolStripMenuItem_Click(object sender, EventArgs e)
{
ProcessSummary targetProcess = this.processList.SelectedItems[0].Tag as ProcessSummary;
this.DumpProcess(targetProcess);
}
// Token: 0x0600001A RID: 26 RVA: 0x00002520 File Offset: 0x00000720
private void Logger_OnLog(string message)
{
this.logsTextBox.Invoke(new Action(delegate ()
@ -315,146 +378,133 @@ namespace KsDumper11
}));
}
// Token: 0x0600001B RID: 27 RVA: 0x0000255A File Offset: 0x0000075A
private void refreshMenuBtn_Click(object sender, EventArgs e)
{
this.LoadProcessList();
}
// Token: 0x0600001C RID: 28 RVA: 0x00002564 File Offset: 0x00000764
private void contextMenuStrip1_Opening(object sender, CancelEventArgs e)
{
e.Cancel = this.processList.SelectedItems.Count == 0;
}
// Token: 0x0600001D RID: 29 RVA: 0x00002581 File Offset: 0x00000781
private void logsTextBox_TextChanged(object sender, EventArgs e)
{
this.logsTextBox.SelectionStart = this.logsTextBox.Text.Length;
this.logsTextBox.ScrollToCaret();
}
// Token: 0x0600001E RID: 30 RVA: 0x000025AC File Offset: 0x000007AC
private void openInExplorerToolStripMenuItem_Click(object sender, EventArgs e)
{
ProcessSummary targetProcess = this.processList.SelectedItems[0].Tag as ProcessSummary;
Process.Start("explorer.exe", Path.GetDirectoryName(targetProcess.MainModuleFileName));
}
// Token: 0x0600001F RID: 31 RVA: 0x000025EC File Offset: 0x000007EC
private void suspendProcessToolStripMenuItem_Click(object sender, EventArgs e)
{
ProcessSummary targetProcess = this.processList.SelectedItems[0].Tag as ProcessSummary;
this.SuspendProcess(targetProcess.ProcessId);
}
// Token: 0x06000020 RID: 32 RVA: 0x00002624 File Offset: 0x00000824
private void KillProcess(int processId)
{
IntPtr hProcess = Dumper.OpenProcess(1081U, 0, (uint)processId);
IntPtr hProcess = DumperForm.OpenProcess(1081U, 0, (uint)processId);
bool flag = hProcess == IntPtr.Zero;
if (flag)
{
IntPtr pDACL;
IntPtr pSecDesc;
Dumper.GetSecurityInfo((int)Process.GetCurrentProcess().Handle, 6, 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc);
hProcess = Dumper.OpenProcess(262144U, 0, (uint)processId);
Dumper.SetSecurityInfo((int)hProcess, 6, 536870916, 0, 0, pDACL, IntPtr.Zero);
Dumper.CloseHandle(hProcess);
hProcess = Dumper.OpenProcess(1080U, 0, (uint)processId);
DumperForm.GetSecurityInfo((int)Process.GetCurrentProcess().Handle, 6, 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc);
hProcess = DumperForm.OpenProcess(262144U, 0, (uint)processId);
DumperForm.SetSecurityInfo((int)hProcess, 6, 536870916, 0, 0, pDACL, IntPtr.Zero);
DumperForm.CloseHandle(hProcess);
hProcess = DumperForm.OpenProcess(1080U, 0, (uint)processId);
}
try
{
Dumper.TerminateProcess(hProcess, 0U);
DumperForm.TerminateProcess(hProcess, 0U);
}
catch
{
}
Dumper.CloseHandle(hProcess);
DumperForm.CloseHandle(hProcess);
}
// Token: 0x06000021 RID: 33 RVA: 0x000026D8 File Offset: 0x000008D8
private void SuspendProcess(int processId)
{
IntPtr hProcess = Dumper.OpenProcess(2048U, 0, (uint)processId);
IntPtr hProcess = DumperForm.OpenProcess(2048U, 0, (uint)processId);
bool flag = hProcess == IntPtr.Zero;
if (flag)
{
IntPtr pDACL;
IntPtr pSecDesc;
Dumper.GetSecurityInfo((int)Process.GetCurrentProcess().Handle, 6, 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc);
hProcess = Dumper.OpenProcess(262144U, 0, (uint)processId);
Dumper.SetSecurityInfo((int)hProcess, 6, 536870916, 0, 0, pDACL, IntPtr.Zero);
Dumper.CloseHandle(hProcess);
hProcess = Dumper.OpenProcess(1080U, 0, (uint)processId);
DumperForm.GetSecurityInfo((int)Process.GetCurrentProcess().Handle, 6, 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc);
hProcess = DumperForm.OpenProcess(262144U, 0, (uint)processId);
DumperForm.SetSecurityInfo((int)hProcess, 6, 536870916, 0, 0, pDACL, IntPtr.Zero);
DumperForm.CloseHandle(hProcess);
hProcess = DumperForm.OpenProcess(1080U, 0, (uint)processId);
}
try
{
Dumper.ZwSuspendProcess(hProcess);
DumperForm.ZwSuspendProcess(hProcess);
}
catch
{
}
Dumper.CloseHandle(hProcess);
DumperForm.CloseHandle(hProcess);
}
// Token: 0x06000022 RID: 34 RVA: 0x0000278C File Offset: 0x0000098C
private void ResumeProcess(int processId)
{
IntPtr hProcess = Dumper.OpenProcess(2048U, 0, (uint)processId);
IntPtr hProcess = DumperForm.OpenProcess(2048U, 0, (uint)processId);
bool flag = hProcess == IntPtr.Zero;
if (flag)
{
IntPtr pDACL;
IntPtr pSecDesc;
Dumper.GetSecurityInfo((int)Process.GetCurrentProcess().Handle, 6, 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc);
hProcess = Dumper.OpenProcess(262144U, 0, (uint)processId);
Dumper.SetSecurityInfo((int)hProcess, 6, 536870916, 0, 0, pDACL, IntPtr.Zero);
Dumper.CloseHandle(hProcess);
hProcess = Dumper.OpenProcess(1080U, 0, (uint)processId);
DumperForm.GetSecurityInfo((int)Process.GetCurrentProcess().Handle, 6, 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc);
hProcess = DumperForm.OpenProcess(262144U, 0, (uint)processId);
DumperForm.SetSecurityInfo((int)hProcess, 6, 536870916, 0, 0, pDACL, IntPtr.Zero);
DumperForm.CloseHandle(hProcess);
hProcess = DumperForm.OpenProcess(1080U, 0, (uint)processId);
}
try
{
Dumper.ZwResumeProcess(hProcess);
DumperForm.ZwResumeProcess(hProcess);
}
catch
{
}
Dumper.CloseHandle(hProcess);
DumperForm.CloseHandle(hProcess);
}
// Token: 0x06000023 RID: 35 RVA: 0x00002840 File Offset: 0x00000A40
private void resumeProcessToolStripMenuItem_Click(object sender, EventArgs e)
{
ProcessSummary targetProcess = this.processList.SelectedItems[0].Tag as ProcessSummary;
this.ResumeProcess(targetProcess.ProcessId);
}
// Token: 0x06000024 RID: 36 RVA: 0x00002878 File Offset: 0x00000A78
private void killProcessToolStripMenuItem_Click(object sender, EventArgs e)
{
ProcessSummary targetProcess = this.processList.SelectedItems[0].Tag as ProcessSummary;
this.KillProcess(targetProcess.ProcessId);
}
// Token: 0x06000025 RID: 37 RVA: 0x000028AF File Offset: 0x00000AAF
private void T_Tick(object sender, EventArgs e)
{
this.LoadProcessList();
}
// Token: 0x06000026 RID: 38 RVA: 0x000028B9 File Offset: 0x00000AB9
private void ClearLog()
{
this.logsTextBox.Clear();
}
// Token: 0x06000027 RID: 39 RVA: 0x000028C8 File Offset: 0x00000AC8
private void StartAndDumpFile(string dumpFile)
{
Logger.Log(Path.GetFileName(dumpFile) + " Started", Array.Empty<object>());
Process process = Process.Start(dumpFile);
process.WaitForInputIdle();
Thread.Sleep(4);
this.SuspendProcess(process.Id);
Logger.Log("Suspending process...", Array.Empty<object>());
bool flag = this.DumpProcess(process);
@ -468,7 +518,6 @@ namespace KsDumper11
}
}
// Token: 0x06000028 RID: 40 RVA: 0x00002958 File Offset: 0x00000B58
private void fileDumpBtn_Click(object sender, EventArgs e)
{
this.ClearLog();
@ -485,7 +534,6 @@ namespace KsDumper11
}
}
// Token: 0x06000029 RID: 41 RVA: 0x000029C4 File Offset: 0x00000BC4
private void hideSystemProcessBtn_Click(object sender, EventArgs e)
{
bool flag = !this.processList.SystemProcessesHidden;
@ -501,13 +549,11 @@ namespace KsDumper11
}
}
// Token: 0x0600002A RID: 42 RVA: 0x00002A24 File Offset: 0x00000C24
private void refreshBtn_Click(object sender, EventArgs e)
{
this.LoadProcessList();
}
// Token: 0x0600002B RID: 43 RVA: 0x00002A30 File Offset: 0x00000C30
private void autoRefreshCheckBox_CheckedChanged(object sender, EventArgs e)
{
bool @checked = this.autoRefreshCheckBox.Checked;
@ -516,7 +562,7 @@ namespace KsDumper11
bool flag = this.t == null;
if (flag)
{
this.t = new Timer();
this.t = new System.Windows.Forms.Timer();
this.t.Tick += this.T_Tick;
this.t.Interval = 100;
this.t.Start();
@ -533,227 +579,6 @@ namespace KsDumper11
}
}
// Token: 0x04000001 RID: 1
private const int SE_PRIVILEGE_ENABLED = 2;
// Token: 0x04000002 RID: 2
private const int TOKEN_ADJUST_PRIVILEGES = 32;
// Token: 0x04000003 RID: 3
private const int TOKEN_QUERY = 8;
// Token: 0x04000004 RID: 4
private const uint PROCESS_TERMINATE = 1U;
// Token: 0x04000005 RID: 5
private const uint PROCESS_CREATE_THREAD = 2U;
// Token: 0x04000006 RID: 6
private const uint PROCESS_SET_SESSIONID = 4U;
// Token: 0x04000007 RID: 7
private const uint PROCESS_VM_OPERATION = 8U;
// Token: 0x04000008 RID: 8
private const uint PROCESS_VM_READ = 16U;
// Token: 0x04000009 RID: 9
private const uint PROCESS_VM_WRITE = 32U;
// Token: 0x0400000A RID: 10
private const uint PROCESS_DUP_HANDLE = 64U;
// Token: 0x0400000B RID: 11
private const uint PROCESS_CREATE_PROCESS = 128U;
// Token: 0x0400000C RID: 12
private const uint PROCESS_SET_QUOTA = 256U;
// Token: 0x0400000D RID: 13
private const uint PROCESS_SET_INFORMATION = 512U;
// Token: 0x0400000E RID: 14
private const uint PROCESS_QUERY_INFORMATION = 1024U;
// Token: 0x0400000F RID: 15
private readonly KsDumperDriverInterface driver;
// Token: 0x04000010 RID: 16
private readonly ProcessDumper dumper;
// Token: 0x04000011 RID: 17
private Timer t;
// Token: 0x02000016 RID: 22
[StructLayout(LayoutKind.Sequential, Pack = 1)]
private struct TOKEN_PRIVILEGES
{
// Token: 0x04000078 RID: 120
public int PrivilegeCount;
// Token: 0x04000079 RID: 121
public long Luid;
// Token: 0x0400007A RID: 122
public int Attributes;
}
// Token: 0x02000017 RID: 23
public enum ProcessAccess
{
// Token: 0x0400007C RID: 124
AllAccess = 1050235,
// Token: 0x0400007D RID: 125
CreateThread = 2,
// Token: 0x0400007E RID: 126
DuplicateHandle = 64,
// Token: 0x0400007F RID: 127
QueryInformation = 1024,
// Token: 0x04000080 RID: 128
SetInformation = 512,
// Token: 0x04000081 RID: 129
Terminate = 1,
// Token: 0x04000082 RID: 130
VMOperation = 8,
// Token: 0x04000083 RID: 131
VMRead = 16,
// Token: 0x04000084 RID: 132
VMWrite = 32,
// Token: 0x04000085 RID: 133
Synchronize = 1048576
}
// Token: 0x02000018 RID: 24
public struct SYSTEM_INFO
{
// Token: 0x04000086 RID: 134
public uint dwOemId;
// Token: 0x04000087 RID: 135
public uint dwPageSize;
// Token: 0x04000088 RID: 136
public uint lpMinimumApplicationAddress;
// Token: 0x04000089 RID: 137
public uint lpMaximumApplicationAddress;
// Token: 0x0400008A RID: 138
public uint dwActiveProcessorMask;
// Token: 0x0400008B RID: 139
public uint dwNumberOfProcessors;
// Token: 0x0400008C RID: 140
public uint dwProcessorType;
// Token: 0x0400008D RID: 141
public uint dwAllocationGranularity;
// Token: 0x0400008E RID: 142
public uint dwProcessorLevel;
// Token: 0x0400008F RID: 143
public uint dwProcessorRevision;
}
// Token: 0x02000019 RID: 25
[Flags]
private enum SnapshotFlags : uint
{
// Token: 0x04000091 RID: 145
HeapList = 1U,
// Token: 0x04000092 RID: 146
Process = 2U,
// Token: 0x04000093 RID: 147
Thread = 4U,
// Token: 0x04000094 RID: 148
Module = 8U,
// Token: 0x04000095 RID: 149
Module32 = 16U,
// Token: 0x04000096 RID: 150
Inherit = 2147483648U,
// Token: 0x04000097 RID: 151
All = 31U
}
// Token: 0x0200001A RID: 26
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
private struct PROCESSENTRY32
{
// Token: 0x04000098 RID: 152
private const int MAX_PATH = 260;
// Token: 0x04000099 RID: 153
internal uint dwSize;
// Token: 0x0400009A RID: 154
internal uint cntUsage;
// Token: 0x0400009B RID: 155
internal uint th32ProcessID;
// Token: 0x0400009C RID: 156
internal IntPtr th32DefaultHeapID;
// Token: 0x0400009D RID: 157
internal uint th32ModuleID;
// Token: 0x0400009E RID: 158
internal uint cntThreads;
// Token: 0x0400009F RID: 159
internal uint th32ParentProcessID;
// Token: 0x040000A0 RID: 160
internal int pcPriClassBase;
// Token: 0x040000A1 RID: 161
internal uint dwFlags;
// Token: 0x040000A2 RID: 162
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
internal string szExeFile;
}
// Token: 0x0200001B RID: 27
[StructLayout(LayoutKind.Sequential, Pack = 1)]
private struct PROCESS_BASIC_INFORMATION
{
// Token: 0x17000033 RID: 51
// (get) Token: 0x060000E0 RID: 224 RVA: 0x00006064 File Offset: 0x00004264
public int Size
{
get
{
return 24;
}
}
// Token: 0x040000A3 RID: 163
public int ExitStatus;
// Token: 0x040000A4 RID: 164
public int PebBaseAddress;
// Token: 0x040000A5 RID: 165
public int AffinityMask;
// Token: 0x040000A6 RID: 166
public int BasePriority;
// Token: 0x040000A7 RID: 167
public int UniqueProcessId;
// Token: 0x040000A8 RID: 168
public int InheritedFromUniqueProcessId;
}
private void trigger1_Load(object sender, EventArgs e)
{
}
private void providerBtn_Click(object sender, EventArgs e)
{
KsDumperDriverInterface drv = KsDumperDriverInterface.OpenKsDumperDriver();

0
KsDumper11/Dumper.resx → KsDumper11/DumperForm.resx
View File

15
KsDumper11/JsonSettings.cs Normal file
View File

@ -0,0 +1,15 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace KsDumper11
{
public class JsonSettings
{
public bool closeDriverOnExit { get; set; }
public bool enableAntiAntiDebuggerTools { get; set; }
}
}

50
KsDumper11/JsonSettingsManager.cs Normal file
View File

@ -0,0 +1,50 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;
using Newtonsoft.Json.Bson;
namespace KsDumper11
{
public class JsonSettingsManager
{
public JsonSettings JsonSettings { get; set; }
private string settingsFilePath;
public JsonSettingsManager()
{
settingsFilePath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) + @"\Settings.json";
CreateOrLoadSettingsJson();
}
private void CreateOrLoadSettingsJson()
{
if (File.Exists(settingsFilePath))
{
// Load settings json
string settingsJsonText = File.ReadAllText(settingsFilePath);
JsonSettings = JsonConvert.DeserializeObject<JsonSettings>(settingsJsonText);
}
else
{
// Populate and save default settings json
JsonSettings = new JsonSettings();
JsonSettings.enableAntiAntiDebuggerTools = false;
JsonSettings.closeDriverOnExit = false;
string settingsJsonText = JsonConvert.SerializeObject(JsonSettings, Formatting.Indented);
File.WriteAllText(settingsFilePath, settingsJsonText);
}
}
public void Save()
{
string settingsJsonText = JsonConvert.SerializeObject(JsonSettings, Formatting.Indented);
File.WriteAllText(settingsFilePath, settingsJsonText);
}
}
}

26
KsDumper11/KsDumper11.csproj
View File

@ -101,12 +101,16 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="JsonSettings.cs" />
<Compile Include="JsonSettingsManager.cs" />
<Compile Include="LabelDrawer.cs" />
<Compile Include="ProviderSelector.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="ProviderSelector.Designer.cs">
<DependentUpon>ProviderSelector.cs</DependentUpon>
</Compile>
<Compile Include="SnifferBypass.cs" />
<Compile Include="StartDriver.cs" />
<Compile Include="TriggerForm.cs">
<SubType>Form</SubType>
@ -114,17 +118,11 @@
<Compile Include="TriggerForm.Designer.cs">
<DependentUpon>TriggerForm.cs</DependentUpon>
</Compile>
<None Include="SplashForm.cs">
<SubType>Form</SubType>
</None>
<None Include="SplashForm.Designer.cs">
<DependentUpon>SplashForm.cs</DependentUpon>
</None>
<Compile Include="Dumper.cs">
<Compile Include="DumperForm.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="Dumper.Designer.cs">
<DependentUpon>Dumper.cs</DependentUpon>
<Compile Include="DumperForm.Designer.cs">
<DependentUpon>DumperForm.cs</DependentUpon>
</Compile>
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
@ -145,16 +143,13 @@
<EmbeddedResource Include="TriggerForm.resx">
<DependentUpon>TriggerForm.cs</DependentUpon>
</EmbeddedResource>
<EmbeddedResource Include="Dumper.resx">
<DependentUpon>Dumper.cs</DependentUpon>
<EmbeddedResource Include="DumperForm.resx">
<DependentUpon>DumperForm.cs</DependentUpon>
</EmbeddedResource>
<EmbeddedResource Include="Properties\Resources.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
</EmbeddedResource>
<None Include="SplashForm.resx">
<DependentUpon>SplashForm.cs</DependentUpon>
</None>
<EmbeddedResource Include="Trigger.resx">
<DependentUpon>Trigger.cs</DependentUpon>
</EmbeddedResource>
@ -172,9 +167,6 @@
<DesignTimeSharedInput>True</DesignTimeSharedInput>
</Compile>
</ItemGroup>
<ItemGroup>
<None Include="App.config" />
</ItemGroup>
<ItemGroup>
<Content Include="Default.ico" />
<Content Include="Driver\drv64.dll" />

74
KsDumper11/LabelDrawer.cs Normal file
View File

@ -0,0 +1,74 @@
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using static System.Windows.Forms.VisualStyles.VisualStyleElement.Button;
namespace KsDumper11
{
public struct LabelInfo
{
public Font Font;
public Point Location;
public string Text;
public string Name;
public bool Visible;
}
public class LabelDrawer
{
private Form ParentForm;
public LabelInfo[] labelInfos;
public LabelDrawer(Form parentFrm)
{
ParentForm = parentFrm;
ParentForm.Paint += ParentForm_Paint;
List<Control> labelsToRemove = new List<Control>();
List<LabelInfo> infos = new List<LabelInfo>();
foreach (Control ctrl in ParentForm.Controls)
{
if (ctrl is System.Windows.Forms.Label)
{
LabelInfo labelInfo = new LabelInfo();
labelInfo.Text = ctrl.Text;
labelInfo.Font = ctrl.Font;
labelInfo.Location = ctrl.Location;
labelInfo.Name = ctrl.Name;
labelInfo.Visible = ctrl.Visible;
infos.Add(labelInfo);
labelsToRemove.Add(ctrl);
continue;
}
}
labelInfos = infos.ToArray();
foreach (Control ctrl in labelsToRemove)
{
ParentForm.Controls.Remove(ctrl);
ctrl.Dispose();
}
}
private void ParentForm_Paint(object sender, PaintEventArgs e)
{
foreach (LabelInfo labelInfo in labelInfos)
{
if (labelInfo.Visible)
{
PointF location = new PointF(labelInfo.Location.X, (labelInfo.Location.Y));
// Draw the text on the form
e.Graphics.DrawString(labelInfo.Text, labelInfo.Font, Brushes.Silver, location);
}
}
}
}
}

92
KsDumper11/Program.cs
View File

@ -1,6 +1,7 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Windows.Forms;
using KsDumper11.Driver;
@ -9,14 +10,88 @@ namespace KsDumper11
{
public class Program
{
[STAThread]
static string exeName = "KsDumper11.exe";
public static bool ProviderIsClosing = false;
static JsonSettingsManager settingsManager;
static void runSnifferBypass()
{
string asmPath = Assembly.GetExecutingAssembly().Location;
string directory = Path.GetDirectoryName(asmPath);
string fileName = Path.GetFileName(asmPath);
string newFile = SnifferBypass.GenerateRandomString(12) + ".exe";
string newFileName = Path.Combine(directory, newFile);
//Debugger.Break();
if (fileName == exeName)
{
// Rename the current file to the specified new file name and execute it
ProcessStartInfo renameAndExecuteProcessInfo = new ProcessStartInfo();
renameAndExecuteProcessInfo.FileName = "cmd.exe";
renameAndExecuteProcessInfo.Arguments = $"/c timeout 3 > NUL && ren \"{asmPath}\" \"{newFile}\" && \"{newFileName}\"";
renameAndExecuteProcessInfo.UseShellExecute = true;
renameAndExecuteProcessInfo.CreateNoWindow = true;
renameAndExecuteProcessInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process renameAndExecuteProcess = new Process();
renameAndExecuteProcess.StartInfo = renameAndExecuteProcessInfo;
renameAndExecuteProcess.Start();
Environment.Exit(0);
}
else
{
Application.ApplicationExit += Application_ApplicationExit;
}
}
private static void Application_ApplicationExit(object sender, EventArgs e)
{
if (!ProviderIsClosing)
{
string asmPath = Assembly.GetExecutingAssembly().Location;
string directory = Path.GetDirectoryName(asmPath);
string fileName = Path.GetFileName(asmPath);
string newFile = SnifferBypass.GenerateRandomString(12) + ".exe";
string newFileName = Path.Combine(directory, exeName);
if (fileName != exeName)
{
ProcessStartInfo renameAndExecuteProcessInfo = new ProcessStartInfo();
renameAndExecuteProcessInfo.FileName = "cmd.exe";
renameAndExecuteProcessInfo.Arguments = $"/c timeout 2 > NUL && ren \"{asmPath}\" \"{exeName}\"";
renameAndExecuteProcessInfo.UseShellExecute = false;
renameAndExecuteProcessInfo.CreateNoWindow = true;
renameAndExecuteProcessInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process renameAndExecuteProcess = new Process();
renameAndExecuteProcess.StartInfo = renameAndExecuteProcessInfo;
renameAndExecuteProcess.Start();
}
}
else
{
ProviderIsClosing = false;
}
}
[STAThread]
private static void Main()
{
KduSelfExtract.DisableDriverBlockList();
{
settingsManager = new JsonSettingsManager();
if (settingsManager.JsonSettings.enableAntiAntiDebuggerTools)
{
runSnifferBypass();
}
KduSelfExtract.DisableDriverBlockList();
KduSelfExtract.Extract();
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
@ -28,7 +103,7 @@ namespace KsDumper11
{
// Run the selector here to populate the providers and set a default provider.
Application.Run(new ProviderSelector());
Application.Run(new Dumper());
Application.Run(new DumperForm());
}
else
{
@ -41,7 +116,7 @@ namespace KsDumper11
if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
Application.Run(new Dumper());
Application.Run(new DumperForm());
}
else
{
@ -55,7 +130,7 @@ namespace KsDumper11
if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
Application.Run(new Dumper());
Application.Run(new DumperForm());
}
else
{
@ -66,7 +141,8 @@ namespace KsDumper11
}
else
{
Application.Run(new Dumper());
Application.Run(new DumperForm());
Environment.Exit(0);
}
}
}

6
KsDumper11/Properties/AssemblyInfo.cs
View File

@ -5,9 +5,9 @@ using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Runtime.Versioning;
[assembly: AssemblyVersion("1.3.3")]
[assembly: AssemblyVersion("1.3.4")]
[assembly: AssemblyTitle("KsDumper 11")]
[assembly: AssemblyDescription("Dump processes from kernel space !")]
[assembly: AssemblyDescription("Dump processes from kernel space!")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Codeon Inc")]
[assembly: AssemblyProduct("KsDumper")]
@ -15,4 +15,4 @@ using System.Runtime.Versioning;
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: Guid("7881b99d-0b5a-44e7-af34-80a0ecffd5db")]
[assembly: AssemblyFileVersion("1.3.3")]
[assembly: AssemblyFileVersion("1.3.4")]

14
KsDumper11/Properties/Settings.Designer.cs generated
View File

@ -12,7 +12,7 @@ namespace KsDumper11.Properties {
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "17.7.0.0")]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "17.8.0.0")]
internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
@ -22,17 +22,5 @@ namespace KsDumper11.Properties {
return defaultInstance;
}
}
[global::System.Configuration.UserScopedSettingAttribute()]
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
[global::System.Configuration.DefaultSettingValueAttribute("False")]
public bool closeDriverOnExitSettings {
get {
return ((bool)(this["closeDriverOnExitSettings"]));
}
set {
this["closeDriverOnExitSettings"] = value;
}
}
}
}

8
KsDumper11/Properties/Settings.settings
View File

@ -1,9 +1,5 @@
<?xml version='1.0' encoding='utf-8'?>
<SettingsFile xmlns="http://schemas.microsoft.com/VisualStudio/2004/01/settings" CurrentProfile="(Default)" GeneratedClassNamespace="KsDumper11.Properties" GeneratedClassName="Settings">
<SettingsFile xmlns="http://schemas.microsoft.com/VisualStudio/2004/01/settings" CurrentProfile="(Default)">
<Profiles />
<Settings>
<Setting Name="closeDriverOnExitSettings" Type="System.Boolean" Scope="User">
<Value Profile="(Default)">False</Value>
</Setting>
</Settings>
<Settings />
</SettingsFile>

146
KsDumper11/ProviderSelector.Designer.cs generated
View File

@ -55,7 +55,7 @@
this.provIdCol = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.provNameCol = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.appIcon1 = new DarkControls.Controls.AppIcon();
this.transparentLabel1 = new DarkControls.Controls.TransparentLabel();
this.titleLbl = new DarkControls.Controls.TransparentLabel();
this.closeBtn = new DarkControls.Controls.WindowsDefaultTitleBarButton();
this.wipeSettingsBtn = new DarkControls.Controls.DarkButton();
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).BeginInit();
@ -64,70 +64,63 @@
// label1
//
this.label1.AutoSize = true;
this.label1.Location = new System.Drawing.Point(541, 416);
this.label1.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label1.Location = new System.Drawing.Point(406, 338);
this.label1.Name = "label1";
this.label1.Size = new System.Drawing.Size(115, 16);
this.label1.Size = new System.Drawing.Size(94, 13);
this.label1.TabIndex = 12;
this.label1.Text = "Provider Extra Info";
//
// label2
//
this.label2.AutoSize = true;
this.label2.Location = new System.Drawing.Point(541, 41);
this.label2.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label2.Location = new System.Drawing.Point(406, 33);
this.label2.Name = "label2";
this.label2.Size = new System.Drawing.Size(83, 16);
this.label2.Size = new System.Drawing.Size(66, 13);
this.label2.TabIndex = 14;
this.label2.Text = "Driver Name";
//
// label3
//
this.label3.AutoSize = true;
this.label3.Location = new System.Drawing.Point(541, 89);
this.label3.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label3.Location = new System.Drawing.Point(406, 72);
this.label3.Name = "label3";
this.label3.Size = new System.Drawing.Size(90, 16);
this.label3.Size = new System.Drawing.Size(72, 13);
this.label3.TabIndex = 16;
this.label3.Text = "Device Name";
//
// label4
//
this.label4.AutoSize = true;
this.label4.Location = new System.Drawing.Point(541, 139);
this.label4.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label4.Location = new System.Drawing.Point(406, 113);
this.label4.Name = "label4";
this.label4.Size = new System.Drawing.Size(86, 16);
this.label4.Size = new System.Drawing.Size(68, 13);
this.label4.TabIndex = 18;
this.label4.Text = "Signer Name";
//
// label5
//
this.label5.AutoSize = true;
this.label5.Location = new System.Drawing.Point(541, 241);
this.label5.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label5.Location = new System.Drawing.Point(406, 196);
this.label5.Name = "label5";
this.label5.Size = new System.Drawing.Size(150, 16);
this.label5.Size = new System.Drawing.Size(120, 13);
this.label5.TabIndex = 22;
this.label5.Text = "Minimum Windows build";
//
// label6
//
this.label6.AutoSize = true;
this.label6.Location = new System.Drawing.Point(541, 191);
this.label6.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label6.Location = new System.Drawing.Point(406, 155);
this.label6.Name = "label6";
this.label6.Size = new System.Drawing.Size(154, 16);
this.label6.Size = new System.Drawing.Size(123, 13);
this.label6.TabIndex = 20;
this.label6.Text = "Maximum Windows build";
//
// label7
//
this.label7.AutoSize = true;
this.label7.Location = new System.Drawing.Point(541, 297);
this.label7.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label7.Location = new System.Drawing.Point(406, 241);
this.label7.Name = "label7";
this.label7.Size = new System.Drawing.Size(152, 16);
this.label7.Size = new System.Drawing.Size(120, 13);
this.label7.TabIndex = 25;
this.label7.Text = "Shellcode support mask";
//
@ -135,10 +128,9 @@
//
this.driverLoadedLbl.AutoSize = true;
this.driverLoadedLbl.Font = new System.Drawing.Font("Microsoft Sans Serif", 14F);
this.driverLoadedLbl.Location = new System.Drawing.Point(108, 542);
this.driverLoadedLbl.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.driverLoadedLbl.Location = new System.Drawing.Point(81, 440);
this.driverLoadedLbl.Name = "driverLoadedLbl";
this.driverLoadedLbl.Size = new System.Drawing.Size(171, 29);
this.driverLoadedLbl.Size = new System.Drawing.Size(133, 24);
this.driverLoadedLbl.TabIndex = 27;
this.driverLoadedLbl.Text = "Driver Loaded!";
this.driverLoadedLbl.Visible = false;
@ -151,10 +143,9 @@
// label8
//
this.label8.AutoSize = true;
this.label8.Location = new System.Drawing.Point(541, 350);
this.label8.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.label8.Location = new System.Drawing.Point(406, 284);
this.label8.Name = "label8";
this.label8.Size = new System.Drawing.Size(119, 16);
this.label8.Size = new System.Drawing.Size(97, 13);
this.label8.TabIndex = 29;
this.label8.Text = "Default Provider ID";
//
@ -163,10 +154,9 @@
this.defaultProviderIDBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.defaultProviderIDBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.defaultProviderIDBox.ForeColor = System.Drawing.Color.Silver;
this.defaultProviderIDBox.Location = new System.Drawing.Point(545, 369);
this.defaultProviderIDBox.Margin = new System.Windows.Forms.Padding(4);
this.defaultProviderIDBox.Location = new System.Drawing.Point(409, 300);
this.defaultProviderIDBox.Name = "defaultProviderIDBox";
this.defaultProviderIDBox.Size = new System.Drawing.Size(525, 22);
this.defaultProviderIDBox.Size = new System.Drawing.Size(394, 20);
this.defaultProviderIDBox.TabIndex = 30;
//
// setDefaultProviderBtn
@ -174,10 +164,9 @@
this.setDefaultProviderBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.setDefaultProviderBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.setDefaultProviderBtn.ForeColor = System.Drawing.Color.Silver;
this.setDefaultProviderBtn.Location = new System.Drawing.Point(915, 545);
this.setDefaultProviderBtn.Margin = new System.Windows.Forms.Padding(4);
this.setDefaultProviderBtn.Location = new System.Drawing.Point(686, 443);
this.setDefaultProviderBtn.Name = "setDefaultProviderBtn";
this.setDefaultProviderBtn.Size = new System.Drawing.Size(156, 28);
this.setDefaultProviderBtn.Size = new System.Drawing.Size(117, 23);
this.setDefaultProviderBtn.TabIndex = 28;
this.setDefaultProviderBtn.Text = "Set Default Provider";
this.setDefaultProviderBtn.UseVisualStyleBackColor = true;
@ -188,10 +177,9 @@
this.testProviderBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.testProviderBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.testProviderBtn.ForeColor = System.Drawing.Color.Silver;
this.testProviderBtn.Location = new System.Drawing.Point(0, 542);
this.testProviderBtn.Margin = new System.Windows.Forms.Padding(4);
this.testProviderBtn.Location = new System.Drawing.Point(0, 440);
this.testProviderBtn.Name = "testProviderBtn";
this.testProviderBtn.Size = new System.Drawing.Size(100, 28);
this.testProviderBtn.Size = new System.Drawing.Size(75, 23);
this.testProviderBtn.TabIndex = 26;
this.testProviderBtn.Text = "Test Driver";
this.testProviderBtn.UseVisualStyleBackColor = true;
@ -202,10 +190,9 @@
this.shellcodeMaskBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.shellcodeMaskBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.shellcodeMaskBox.ForeColor = System.Drawing.Color.Silver;
this.shellcodeMaskBox.Location = new System.Drawing.Point(545, 316);
this.shellcodeMaskBox.Margin = new System.Windows.Forms.Padding(4);
this.shellcodeMaskBox.Location = new System.Drawing.Point(409, 257);
this.shellcodeMaskBox.Name = "shellcodeMaskBox";
this.shellcodeMaskBox.Size = new System.Drawing.Size(525, 22);
this.shellcodeMaskBox.Size = new System.Drawing.Size(394, 20);
this.shellcodeMaskBox.TabIndex = 24;
//
// driverWhqlSignedBox
@ -216,10 +203,9 @@
this.driverWhqlSignedBox.CheckColor = System.Drawing.Color.CornflowerBlue;
this.driverWhqlSignedBox.FlatAppearance.BorderSize = 0;
this.driverWhqlSignedBox.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.driverWhqlSignedBox.Location = new System.Drawing.Point(871, 399);
this.driverWhqlSignedBox.Margin = new System.Windows.Forms.Padding(4);
this.driverWhqlSignedBox.Location = new System.Drawing.Point(653, 324);
this.driverWhqlSignedBox.Name = "driverWhqlSignedBox";
this.driverWhqlSignedBox.Size = new System.Drawing.Size(200, 33);
this.driverWhqlSignedBox.Size = new System.Drawing.Size(150, 27);
this.driverWhqlSignedBox.TabIndex = 23;
this.driverWhqlSignedBox.Text = "Driver is WHQL Signed";
this.driverWhqlSignedBox.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
@ -230,10 +216,9 @@
this.minWinBuildBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.minWinBuildBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.minWinBuildBox.ForeColor = System.Drawing.Color.Silver;
this.minWinBuildBox.Location = new System.Drawing.Point(545, 261);
this.minWinBuildBox.Margin = new System.Windows.Forms.Padding(4);
this.minWinBuildBox.Location = new System.Drawing.Point(409, 212);
this.minWinBuildBox.Name = "minWinBuildBox";
this.minWinBuildBox.Size = new System.Drawing.Size(525, 22);
this.minWinBuildBox.Size = new System.Drawing.Size(394, 20);
this.minWinBuildBox.TabIndex = 21;
//
// maxWinBuildBox
@ -241,10 +226,9 @@
this.maxWinBuildBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.maxWinBuildBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.maxWinBuildBox.ForeColor = System.Drawing.Color.Silver;
this.maxWinBuildBox.Location = new System.Drawing.Point(545, 210);
this.maxWinBuildBox.Margin = new System.Windows.Forms.Padding(4);
this.maxWinBuildBox.Location = new System.Drawing.Point(409, 171);
this.maxWinBuildBox.Name = "maxWinBuildBox";
this.maxWinBuildBox.Size = new System.Drawing.Size(525, 22);
this.maxWinBuildBox.Size = new System.Drawing.Size(394, 20);
this.maxWinBuildBox.TabIndex = 19;
//
// signerNameBox
@ -252,10 +236,9 @@
this.signerNameBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.signerNameBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.signerNameBox.ForeColor = System.Drawing.Color.Silver;
this.signerNameBox.Location = new System.Drawing.Point(545, 159);
this.signerNameBox.Margin = new System.Windows.Forms.Padding(4);
this.signerNameBox.Location = new System.Drawing.Point(409, 129);
this.signerNameBox.Name = "signerNameBox";
this.signerNameBox.Size = new System.Drawing.Size(525, 22);
this.signerNameBox.Size = new System.Drawing.Size(394, 20);
this.signerNameBox.TabIndex = 17;
//
// deviceNameBox
@ -263,10 +246,9 @@
this.deviceNameBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.deviceNameBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.deviceNameBox.ForeColor = System.Drawing.Color.Silver;
this.deviceNameBox.Location = new System.Drawing.Point(545, 108);
this.deviceNameBox.Margin = new System.Windows.Forms.Padding(4);
this.deviceNameBox.Location = new System.Drawing.Point(409, 88);
this.deviceNameBox.Name = "deviceNameBox";
this.deviceNameBox.Size = new System.Drawing.Size(525, 22);
this.deviceNameBox.Size = new System.Drawing.Size(394, 20);
this.deviceNameBox.TabIndex = 15;
//
// driverNameBox
@ -274,10 +256,9 @@
this.driverNameBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.driverNameBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.driverNameBox.ForeColor = System.Drawing.Color.Silver;
this.driverNameBox.Location = new System.Drawing.Point(545, 60);
this.driverNameBox.Margin = new System.Windows.Forms.Padding(4);
this.driverNameBox.Location = new System.Drawing.Point(409, 49);
this.driverNameBox.Name = "driverNameBox";
this.driverNameBox.Size = new System.Drawing.Size(525, 22);
this.driverNameBox.Size = new System.Drawing.Size(394, 20);
this.driverNameBox.TabIndex = 13;
//
// providerExtraInfoBox
@ -285,11 +266,10 @@
this.providerExtraInfoBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.providerExtraInfoBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.providerExtraInfoBox.ForeColor = System.Drawing.Color.Silver;
this.providerExtraInfoBox.Location = new System.Drawing.Point(541, 436);
this.providerExtraInfoBox.Margin = new System.Windows.Forms.Padding(4);
this.providerExtraInfoBox.Location = new System.Drawing.Point(406, 354);
this.providerExtraInfoBox.Multiline = true;
this.providerExtraInfoBox.Name = "providerExtraInfoBox";
this.providerExtraInfoBox.Size = new System.Drawing.Size(529, 98);
this.providerExtraInfoBox.Size = new System.Drawing.Size(397, 80);
this.providerExtraInfoBox.TabIndex = 11;
//
// providerList
@ -301,11 +281,10 @@
this.providerList.ForeColor = System.Drawing.Color.Silver;
this.providerList.FullRowSelect = true;
this.providerList.HideSelection = false;
this.providerList.Location = new System.Drawing.Point(0, 43);
this.providerList.Margin = new System.Windows.Forms.Padding(4);
this.providerList.Location = new System.Drawing.Point(0, 35);
this.providerList.Name = "providerList";
this.providerList.OwnerDraw = true;
this.providerList.Size = new System.Drawing.Size(532, 490);
this.providerList.Size = new System.Drawing.Size(400, 399);
this.providerList.TabIndex = 10;
this.providerList.UseCompatibleStateImageBehavior = false;
this.providerList.View = System.Windows.Forms.View.Details;
@ -327,23 +306,21 @@
this.appIcon1.DragForm = null;
this.appIcon1.Image = ((System.Drawing.Image)(resources.GetObject("appIcon1.Image")));
this.appIcon1.Location = new System.Drawing.Point(0, 1);
this.appIcon1.Margin = new System.Windows.Forms.Padding(4);
this.appIcon1.Name = "appIcon1";
this.appIcon1.Scale = 3.5F;
this.appIcon1.Size = new System.Drawing.Size(37, 34);
this.appIcon1.Size = new System.Drawing.Size(28, 28);
this.appIcon1.TabIndex = 9;
this.appIcon1.TabStop = false;
//
// transparentLabel1
// titleLbl
//
this.transparentLabel1.AutoSize = true;
this.transparentLabel1.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.transparentLabel1.Location = new System.Drawing.Point(43, 5);
this.transparentLabel1.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);
this.transparentLabel1.Name = "transparentLabel1";
this.transparentLabel1.Size = new System.Drawing.Size(295, 25);
this.transparentLabel1.TabIndex = 8;
this.transparentLabel1.Text = "KsDumper 11 Provider Selection";
this.titleLbl.AutoSize = true;
this.titleLbl.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.titleLbl.Location = new System.Drawing.Point(32, 4);
this.titleLbl.Name = "titleLbl";
this.titleLbl.Size = new System.Drawing.Size(237, 20);
this.titleLbl.TabIndex = 8;
this.titleLbl.Text = "KsDumper 11 Provider Selection";
//
// closeBtn
//
@ -354,10 +331,9 @@
this.closeBtn.HoverIconColor = System.Drawing.Color.Black;
this.closeBtn.IconColor = System.Drawing.Color.Black;
this.closeBtn.IconLineThickness = 2;
this.closeBtn.Location = new System.Drawing.Point(1031, 0);
this.closeBtn.Margin = new System.Windows.Forms.Padding(4);
this.closeBtn.Location = new System.Drawing.Point(773, 0);
this.closeBtn.Name = "closeBtn";
this.closeBtn.Size = new System.Drawing.Size(53, 49);
this.closeBtn.Size = new System.Drawing.Size(40, 40);
this.closeBtn.TabIndex = 7;
this.closeBtn.Text = "windowsDefaultTitleBarButton1";
this.closeBtn.UseVisualStyleBackColor = true;
@ -368,9 +344,10 @@
this.wipeSettingsBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.wipeSettingsBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.wipeSettingsBtn.ForeColor = System.Drawing.Color.Silver;
this.wipeSettingsBtn.Location = new System.Drawing.Point(796, 545);
this.wipeSettingsBtn.Location = new System.Drawing.Point(597, 443);
this.wipeSettingsBtn.Margin = new System.Windows.Forms.Padding(2, 2, 2, 2);
this.wipeSettingsBtn.Name = "wipeSettingsBtn";
this.wipeSettingsBtn.Size = new System.Drawing.Size(112, 28);
this.wipeSettingsBtn.Size = new System.Drawing.Size(84, 23);
this.wipeSettingsBtn.TabIndex = 31;
this.wipeSettingsBtn.Text = "Wipe Settings";
this.wipeSettingsBtn.UseVisualStyleBackColor = true;
@ -379,10 +356,10 @@
// ProviderSelector
//
this.AllowDrop = true;
this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F);
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(1084, 580);
this.ClientSize = new System.Drawing.Size(813, 471);
this.Controls.Add(this.wipeSettingsBtn);
this.Controls.Add(this.defaultProviderIDBox);
this.Controls.Add(this.label8);
@ -406,12 +383,11 @@
this.Controls.Add(this.providerExtraInfoBox);
this.Controls.Add(this.providerList);
this.Controls.Add(this.appIcon1);
this.Controls.Add(this.transparentLabel1);
this.Controls.Add(this.titleLbl);
this.Controls.Add(this.closeBtn);
this.DoubleBuffered = true;
this.ForeColor = System.Drawing.Color.Silver;
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.Margin = new System.Windows.Forms.Padding(4);
this.Name = "ProviderSelector";
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "KsDumper 11 Provider Selection";
@ -424,7 +400,7 @@
#endregion
private DarkControls.Controls.WindowsDefaultTitleBarButton closeBtn;
private DarkControls.Controls.TransparentLabel transparentLabel1;
private DarkControls.Controls.TransparentLabel titleLbl;
private DarkControls.Controls.AppIcon appIcon1;
private DarkControls.Controls.DarkListView providerList;
private System.Windows.Forms.ColumnHeader provNameCol;

58
KsDumper11/ProviderSelector.cs
View File

@ -13,6 +13,7 @@ using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using static System.Windows.Forms.VisualStyles.VisualStyleElement;
using static System.Windows.Forms.VisualStyles.VisualStyleElement.Button;
namespace KsDumper11
{
@ -31,11 +32,15 @@ namespace KsDumper11
KduWrapper wrapper;
JsonSettingsManager settingsManager;
LabelDrawer labelDrawer;
public ProviderSelector()
{
InitializeComponent();
settingsManager = new JsonSettingsManager();
this.FormBorderStyle = FormBorderStyle.None;
this.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, Width, Height, 10, 10));
this.closeBtn.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, closeBtn.Width, closeBtn.Height, 10, 10));
@ -52,6 +57,19 @@ namespace KsDumper11
wrapper.LoadProviders();
}
private void setdriverLoadedLblVisible(bool visible)
{
for (int i = 0; i < labelDrawer.labelInfos.Length; i++)
{
if (labelDrawer.labelInfos[i].Name == "driverLoadedLbl")
{
labelDrawer.labelInfos[i].Visible = visible;
}
}
this.Invalidate();
}
private void Wrapper_IsDirtyChanged(object sender, EventArgs e)
{
@ -161,7 +179,14 @@ namespace KsDumper11
item.ForeColor = Color.Red;
}
driverLoadedLbl.Visible = true;
if (settingsManager.JsonSettings.enableAntiAntiDebuggerTools)
{
setdriverLoadedLblVisible(true);
}
else
{
driverLoadedLbl.Visible = true;
}
driverLoadedLblTimer.Start();
}
}
@ -242,7 +267,16 @@ namespace KsDumper11
private void driverLoadedLblTimer_Tick(object sender, EventArgs e)
{
testProviderBtn.Enabled = true;
driverLoadedLbl.Visible = false;
if (settingsManager.JsonSettings.enableAntiAntiDebuggerTools)
{
setdriverLoadedLblVisible(false);
}
else
{
driverLoadedLbl.Visible = false;
}
driverLoadedLblTimer.Stop();
}
@ -260,6 +294,8 @@ namespace KsDumper11
wrapper.Start();
Program.ProviderIsClosing = true;
this.Close();
}
}
@ -278,6 +314,22 @@ namespace KsDumper11
private void ProviderSelector_Load(object sender, EventArgs e)
{
this.wipeSettingsBtn.Enabled = wrapper.IsDirty;
if (settingsManager.JsonSettings.enableAntiAntiDebuggerTools)
{
labelDrawer = new LabelDrawer(this);
setdriverLoadedLblVisible(false);
SnifferBypass.SelfTitle(this.Handle);
foreach (Control ctrl in this.Controls)
{
if (ctrl is System.Windows.Forms.TextBox) continue;
SnifferBypass.SelfTitle(ctrl.Handle);
}
this.Text = SnifferBypass.GenerateRandomString(this.Text.Length);
}
}
private void closeBtn_Click(object sender, EventArgs e)

40
KsDumper11/SnifferBypass.cs Normal file
View File

@ -0,0 +1,40 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace KsDumper11
{
public class SnifferBypass
{
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern bool SetWindowText(IntPtr hWnd, string lpString);
[DllImport("user32.dll", SetLastError = true)]
private static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
public string FilePath { get; set; }
private string renamedPath = "";
public static void SelfTitle(IntPtr hWnd)
{
bool result = SetWindowText(hWnd, GenerateRandomString(12));
}
public SnifferBypass(string filePath)
{
FilePath = filePath;
}
public static string GenerateRandomString(int length)
{
const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
Random random = new Random();
return new string(Enumerable.Repeat(chars, length).Select(s => s[random.Next(s.Length)]).ToArray());
}
}
}

92
KsDumper11/SplashForm.Designer.cs generated
View File

@ -1,92 +0,0 @@
namespace KsDumper11
{
partial class SplashForm
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.statusLbl = new DarkControls.Controls.TransparentLabel();
this.progressBar = new DarkControls.Controls.ProgressBarEx();
this.transparentLabel1 = new DarkControls.Controls.TransparentLabel();
this.SuspendLayout();
//
// statusLbl
//
this.statusLbl.AutoSize = true;
this.statusLbl.Font = new System.Drawing.Font("Microsoft Sans Serif", 14.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.statusLbl.Location = new System.Drawing.Point(12, 72);
this.statusLbl.Name = "statusLbl";
this.statusLbl.Size = new System.Drawing.Size(0, 24);
this.statusLbl.TabIndex = 10;
//
// progressBar
//
this.progressBar.Location = new System.Drawing.Point(12, 108);
this.progressBar.MarqueeAnimationSpeed = 750;
this.progressBar.Name = "progressBar";
this.progressBar.Size = new System.Drawing.Size(660, 23);
this.progressBar.TabIndex = 9;
//
// transparentLabel1
//
this.transparentLabel1.AutoSize = true;
this.transparentLabel1.Font = new System.Drawing.Font("Microsoft Sans Serif", 21.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.transparentLabel1.Location = new System.Drawing.Point(265, 9);
this.transparentLabel1.Name = "transparentLabel1";
this.transparentLabel1.Size = new System.Drawing.Size(193, 33);
this.transparentLabel1.TabIndex = 8;
this.transparentLabel1.Text = "KsDumper 11";
//
// SplashForm
//
this.AllowDrop = true;
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(684, 150);
this.Controls.Add(this.statusLbl);
this.Controls.Add(this.progressBar);
this.Controls.Add(this.transparentLabel1);
this.DoubleBuffered = true;
this.ForeColor = System.Drawing.Color.Silver;
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.Name = "SplashForm";
this.ShowInTaskbar = false;
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "Basic File Box";
this.Load += new System.EventHandler(this.SplashForm_Load);
this.ResumeLayout(false);
this.PerformLayout();
}
#endregion
private DarkControls.Controls.TransparentLabel transparentLabel1;
private DarkControls.Controls.ProgressBarEx progressBar;
private DarkControls.Controls.TransparentLabel statusLbl;
}
}

512
KsDumper11/SplashForm.cs
View File

@ -1,512 +0,0 @@
using System;
using System.IO;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Drawing.Drawing2D;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
using DarkControls;
using KsDumper11.Driver;
using System.Runtime.Remoting.Contexts;
using System.Runtime.InteropServices.ComTypes;
using Microsoft.Win32;
namespace KsDumper11
{
public partial class SplashForm : Form
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FlushFileBuffers(IntPtr handle);
protected override CreateParams CreateParams
{
get
{
// Activate double buffering at the form level. All child controls will be double buffered as well.
CreateParams cp = base.CreateParams;
cp.ExStyle |= 0x02000000; // Turn on WS_EX_COMPOSITED
return cp;
}
}
public bool IsAfterburnerRunning
{
get
{
Process[] procs = Process.GetProcessesByName("MSIAfterburner");
if (procs != null)
{
if (procs.Length > 0)
{
if (procs[0].ProcessName == "MSIAfterburner")
{
return true;
}
}
}
return false;
}
}
int maxProviders = 31;
//int maxProviders = 9;
List<int> workingProviders = new List<int>();
string logFolder = Environment.CurrentDirectory + "\\Logs";
string workingProvidersPath = Environment.CurrentDirectory + "\\Providers.txt";
string scanningPath = Environment.CurrentDirectory + "\\Scanning.txt";
Random rnd = new Random();
void saveProviders(int providerID)
{
StringBuilder b = new StringBuilder();
for (int i = 0; i < workingProviders.Count; i++)
{
if (i == workingProviders.Count - 1)
{
b.Append(workingProviders[i]);
}
else
{
b.Append(workingProviders[i].ToString() + "|");
}
}
if (providerID != maxProviders)
{
writeToDisk(scanningPath, providerID.ToString());
}
else
{
File.Delete(scanningPath);
}
writeToDisk(workingProvidersPath, b.ToString());
Thread.Sleep(1000);
}
private void writeToDisk(string path, string text)
{
if (!File.Exists(path))
{
FileStream fs = File.Create(path);
StreamWriter sw = new StreamWriter(fs);
sw.Write(text);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
else
{
File.Delete(path);
FileStream fs = File.Create(path);
StreamWriter sw = new StreamWriter(fs);
sw.Write(text);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
}
private void StartDriver()
{
if (!Directory.Exists(logFolder))
{
Directory.CreateDirectory(logFolder);
}
int timeout = 5;
int retryCountDown = 5;
if (IsAfterburnerRunning)
{
while (true)
{
if (retryCountDown == 0)
{
retryCountDown = timeout;
if (!IsAfterburnerRunning)
{
break;
}
}
UpdateStatus($"Waiting MSI Afterburner to be closed... Retry in {retryCountDown}s", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"Sleeping {retryCountDown}s to ensure MSI Afterburner driver is unloaded", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
}
int idx = 0;
int providerID = 0;
if (File.Exists(scanningPath))
{
if (File.Exists(workingProvidersPath))
{
string provsStr = File.ReadAllText(workingProvidersPath);
if (provsStr != String.Empty && provsStr != null)
{
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
}
}
providerID = int.Parse(File.ReadAllText(scanningPath));
// Save the crash providerID to a blacklist.
providerID++;
if (scan(providerID))
{
File.Delete(scanningPath);
return;
}
}
if (File.Exists(workingProvidersPath))
{
UpdateStatus($"Saved providers found, trying each provider until one works...", 50);
Thread.Sleep(1000);
string provsStr = File.ReadAllText(workingProvidersPath);
if (provsStr != String.Empty && provsStr != null)
{
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
}
while (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (idx == workingProviders.Count)
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"Driver failed to start, no saved providers worked! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
break;
}
providerID = workingProviders[idx];
tryLoad(providerID);
if (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
UpdateStatus($"Saved Provider: {providerID} failed!", 50);
Thread.Sleep(1000);
idx++;
continue;
}
else
{
UpdateStatus($"Saved Provider: {providerID} worked!", 100);
Thread.Sleep(1000);
LoadedDriver();
return;
}
}
}
string logPath = Environment.CurrentDirectory + "\\driverLoading.log";
//Thread.Sleep(750);
//{
// UpdateStatus("Starting driver with default provider #1", 50);
// string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
// ProcessStartInfo inf = new ProcessStartInfo("cmd")
// {
// Arguments = args,
// CreateNoWindow = true,
// UseShellExecute = false,
// };
// Process proc = Process.Start(inf);
// proc.WaitForExit();
//}
scan(0);
UpdateStatus("Driver Started!", 100);
Thread.Sleep(750);
LoadedDriver();
}
public static void DisableDriverBlockList()
{
RegistryKey configKey = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\CI\Config", true);
if (configKey == null)
{
configKey = Registry.LocalMachine.CreateSubKey(@"SYSTEM\CurrentControlSet\Control\CI\Config");
}
if (configKey != null)
{
if (configKey.GetValue("VulnerableDriverBlocklistEnable") == null)
{
configKey.SetValue("VulnerableDriverBlocklistEnable", 0);
}
}
}
bool scan(int providerID)
{
int retryCountDown = 3;
if (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
retryCountDown = 3;
UpdateStatus("Scanning for working providers...", 50);
while (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (providerID == maxProviders)
{
if (workingProviders.Count > 0)
{
UpdateStatus("Saving working providers!", 50);
Thread.Sleep(500);
saveProviders(providerID);
providerID = workingProviders[rnd.Next(0, workingProviders.Count - 1)];
tryLoad(providerID);
if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
LoadedDriver();
return true;
}
else
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"Providers found, but driver not loaded! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
else
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"No working providers found! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
if (providerID == 7)// || providerID == 29 || providerID == 28)
{
providerID++;
continue;
}
saveProviders(providerID);
tryLoad(providerID);
if (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
UpdateStatus($"Provider: {providerID} failed!", 50);
Thread.Sleep(1000);
providerID++;
continue;
}
else
{
UpdateStatus($"Provider: {providerID} works", 50);
workingProviders.Add(providerID);
KsDumperDriverInterface.OpenKsDumperDriver().UnloadDriver();
Thread.Sleep(1000);
providerID++;
continue;
}
}
if (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
while (retryCountDown != 0)
{
UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
return false;
}
void tryLoad(int providerID)
{
UpdateStatus($"Starting driver with provider: {providerID}", 50);
string logPath = logFolder + $"\\driverLoading_ProviderID_{providerID}.log";
string args = " /c " + Environment.CurrentDirectory + $"\\Driver\\kdu.exe -prv {providerID} -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
ProcessStartInfo inf = new ProcessStartInfo("cmd.exe")
{
Arguments = args,
CreateNoWindow = true,
UseShellExecute = false,
};
Process proc = Process.Start(inf);
proc.WaitForExit(12500);
inf = new ProcessStartInfo("cmd.exe")
{
Arguments = "/c taskkill /IM \"kdu.exe\"",
CreateNoWindow = true,
UseShellExecute = false,
};
proc = Process.Start(inf);
proc.WaitForExit(12500);
inf = new ProcessStartInfo("cmd")
{
Arguments = " /c \"taskkill /im kdu.exe\"",
CreateNoWindow = true,
UseShellExecute = false,
};
proc = Process.Start(inf);
if (!proc.WaitForExit(12500))
{
proc.Kill();
}
//}
//if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
//{
// retryCountDown = 3;
// while (retryCountDown != 0)
// {
// UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0);
// Thread.Sleep(1000);
// retryCountDown -= 1;
// }
// Environment.Exit(0);
//}
//UpdateStatus("Driver Started!...", 100);
}
public SplashForm()
{
InitializeComponent();
this.FormBorderStyle = FormBorderStyle.None;
this.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, Width, Height, 10, 10));
}
private void SplashForm_Load(object sender, EventArgs e)
{
//StartProgressBar();
Task.Run(() =>
{
try
{
StartDriver();
}
catch (Exception ex)
{
return;
}
});
}
private void StartProgressBar()
{
progressBar.Style = ProgressBarStyle.Marquee;
progressBar.Show();
}
private void StopProgressBar()
{
progressBar.Style = ProgressBarStyle.Blocks;
}
public delegate void UpdateStatusDel(string txt, int progress);
public void UpdateStatus(string txt, int progress)
{
if (this.InvokeRequired)
{
this.Invoke(new UpdateStatusDel(UpdateStatus), new object[] { txt, progress });
}
else
{
this.statusLbl.Text = txt;
this.progressBar.Value = progress;
}
}
public delegate void LoadedDriverDel();
public void LoadedDriver()
{
if (this.InvokeRequired)
{
this.Invoke(new LoadedDriverDel(LoadedDriver), new object[] { });
}
else
{
StopProgressBar();
this.Close();
}
}
protected override void WndProc(ref Message m)
{
base.WndProc(ref m);
if (m.Msg == Utils.WM_NCHITTEST)
m.Result = (IntPtr)(Utils.HT_CAPTION);
}
}
}

120
KsDumper11/SplashForm.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

2
KsDumper11/Trigger.cs
View File

@ -36,7 +36,7 @@ namespace KsDumper11
if (!triggerFrm.Visible)
{
triggerFrm.ShowDialog(this.ParentForm);
triggerFrm.ShowDialog();
}
}
}

17
KsDumper11/TriggerForm.Designer.cs generated
View File

@ -30,7 +30,6 @@
{
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(TriggerForm));
this.textBox1 = new System.Windows.Forms.TextBox();
this.acceptBtn = new System.Windows.Forms.Button();
this.appIcon1 = new DarkControls.Controls.AppIcon();
this.transparentLabel1 = new DarkControls.Controls.TransparentLabel();
this.closeBtn = new DarkControls.Controls.WindowsDefaultTitleBarButton();
@ -49,19 +48,10 @@
this.textBox1.TabIndex = 10;
this.textBox1.Text = resources.GetString("textBox1.Text");
//
// acceptBtn
//
this.acceptBtn.Location = new System.Drawing.Point(295, 13);
this.acceptBtn.Name = "acceptBtn";
this.acceptBtn.Size = new System.Drawing.Size(75, 23);
this.acceptBtn.TabIndex = 11;
this.acceptBtn.Text = "OK";
this.acceptBtn.UseVisualStyleBackColor = true;
this.acceptBtn.Visible = false;
//
// appIcon1
//
this.appIcon1.AppIconImage = ((System.Drawing.Image)(resources.GetObject("appIcon1.AppIconImage")));
this.appIcon1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.appIcon1.DragForm = null;
this.appIcon1.Image = ((System.Drawing.Image)(resources.GetObject("appIcon1.Image")));
this.appIcon1.Location = new System.Drawing.Point(0, 1);
@ -95,6 +85,7 @@
this.closeBtn.TabIndex = 7;
this.closeBtn.Text = "windowsDefaultTitleBarButton1";
this.closeBtn.UseVisualStyleBackColor = true;
this.closeBtn.Click += new System.EventHandler(this.closeBtn_Click);
//
// TriggerForm
//
@ -103,7 +94,6 @@
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(429, 198);
this.Controls.Add(this.acceptBtn);
this.Controls.Add(this.textBox1);
this.Controls.Add(this.appIcon1);
this.Controls.Add(this.transparentLabel1);
@ -113,7 +103,7 @@
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.Name = "TriggerForm";
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
this.Text = "Basic File Box";
this.Load += new System.EventHandler(this.TriggerForm_Load);
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).EndInit();
this.ResumeLayout(false);
this.PerformLayout();
@ -125,7 +115,6 @@
private DarkControls.Controls.TransparentLabel transparentLabel1;
private DarkControls.Controls.AppIcon appIcon1;
private System.Windows.Forms.TextBox textBox1;
private System.Windows.Forms.Button acceptBtn;
}
}

45
KsDumper11/TriggerForm.cs
View File

@ -12,6 +12,7 @@ using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
using DarkControls;
using static System.Windows.Forms.VisualStyles.VisualStyleElement.Button;
namespace KsDumper11
{
@ -28,34 +29,50 @@ namespace KsDumper11
}
}
JsonSettingsManager settingsManager;
LabelDrawer labelDrawer;
public TriggerForm()
{
InitializeComponent();
//this.AcceptButton = acceptBtn;
settingsManager = new JsonSettingsManager();
this.appIcon1.DragForm = this;
this.FormClosing += TriggerForm_FormClosing;
this.Shown += TriggerForm_Shown;
this.FormBorderStyle = FormBorderStyle.None;
this.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, Width, Height, 10, 10));
this.closeBtn.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, closeBtn.Width, closeBtn.Height, 10, 10));
}
private void TriggerForm_Shown(object sender, EventArgs e)
{
//Debugger.Break();
}
private void TriggerForm_FormClosing(object sender, FormClosingEventArgs e)
{
this.DialogResult = DialogResult.OK;
}
protected override void WndProc(ref Message m)
{
base.WndProc(ref m);
if (m.Msg == Utils.WM_NCHITTEST)
m.Result = (IntPtr)(Utils.HT_CAPTION);
}
private void closeBtn_Click(object sender, EventArgs e)
{
this.DialogResult = DialogResult.OK;
this.Close();
}
private void TriggerForm_Load(object sender, EventArgs e)
{
if (settingsManager.JsonSettings.enableAntiAntiDebuggerTools)
{
labelDrawer = new LabelDrawer(this);
SnifferBypass.SelfTitle(this.Handle);
foreach (Control ctrl in this.Controls)
{
if (ctrl is System.Windows.Forms.TextBox) continue;
SnifferBypass.SelfTitle(ctrl.Handle);
}
this.Text = SnifferBypass.GenerateRandomString(this.Text.Length);
}
}
}
}

18
KsDumper11/app.config
View File

@ -1,18 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="KsDumper11.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false"/>
</sectionGroup>
</configSections>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
</startup>
<userSettings>
<KsDumper11.Properties.Settings>
<setting name="closeDriverOnExitSettings" serializeAs="String">
<value>False</value>
</setting>
</KsDumper11.Properties.Settings>
</userSettings>
</configuration>

12
README.md
View File

@ -1,5 +1,15 @@
# KsDumper-11
https://github.com/mastercodeon314/KsDumper-11/assets/78676320/56f0a8f5-409c-4d89-8a07-989e98994745
https://github.com/mastercodeon314/KsDumper-11/assets/78676320/9452970c-27cf-44df-b091-0d18a07937e5
## Whats new v1.3.4
+ Added new feature Anti Anti Debugging Tools Detection
Randomized MainWindow Title, most Control Titles, and the exe file name during runtime.
The process name is reverted to KsDumper11.exe upon program closing.
Enable Anti Anti Debugging Tools Detection check box setting added
+ Lots of source code cleanup
+ Fixed Easter Egg window that would not close upon clicking of the close button
+ Changed all labels in every form to be manually drawn to get around label text being changed when Anti Anti Debugging Tools Detection feature is enabled
+ Migrated from Application Settings to custom Settings.json for saving and loading of settings.
## Whats new v1.3.3
+ Updated KDU to v1.4.1