Cool_Tools/KsDumper-11
1
0
Fork 0
mirror of https://github.com/mastercodeon314/KsDumper-11.git synced 2024-11-23 22:41:06 +01:00
Code Releases Activity

v1.3 update.

Browse Source 
Updated to KDU v1.3.4
Added new Provider Selector
Updated DarkControls
Many bug fixes
This commit is contained in:
mastercodeon314 2023-10-06 18:53:56 -06:00
parent daed28f811
commit 785233a68f
62 changed files with 3332 additions and 824 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -395,9 +395,4 @@ FodyWeavers.xsd
*.msp
# JetBrains Rider
*.sln.iml
/DriverChecker/DriverChecker.csproj
/PEHeadersTesting
/DriverChecker
/DumpTest
/KsDumper11/SemiWorkingKDU
*.sln.iml

25
DarkControls/Controls/AppIcon.cs
View File

@ -29,7 +29,9 @@ Description("The value used to scale down the icon"),
set
{
_Scale = value;
this.Size = Size.Empty;
SizeF sz = calcImgSize();
this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
base.Size = new Size((int)sz.Width, (int)sz.Height);
}
}
@ -45,9 +47,10 @@ Description("The value used to scale down the icon"),
}
set
{
SizeF sz = calcImgSize();
this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
base.Size = new Size((int)sz.Width, (int)sz.Height);
//SizeF sz = calcImgSize();
//this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
//base.Size = new Size((int)sz.Width, (int)sz.Height);
base.Size = value;
}
}
private bool drag = false; // determine if we should be moving the form
@ -75,14 +78,14 @@ Description("The image that will be used for the icon"),
public AppIcon()
{
SetStyle(ControlStyles.SupportsTransparentBackColor, true);
//BackColor = Color.Transparent;
BackColor = Color.FromArgb(33, 33, 33);
this.MouseDown += AppLogo_MouseDown;
this.MouseUp += AppLogo_MouseUp;
this.MouseMove += AppLogo_MouseMove;
SizeF sz = calcImgSize();
this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
this.Size = new Size((int)sz.Width, (int)sz.Height);
//this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
//this.Size = new Size((int)sz.Width, (int)sz.Height);
if (this.DesignMode == false)
{
@ -102,8 +105,8 @@ Description("The image that will be used for the icon"),
private void DragForm_Load(object sender, EventArgs e)
{
SizeF sz = calcImgSize();
this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
this.Size = new Size((int)sz.Width, (int)sz.Height);
//this.Image = ResizeImage(appIconImg, (int)sz.Width, (int)sz.Height);
//this.Size = new Size((int)sz.Width, (int)sz.Height);
this.Invalidate();
}
@ -148,6 +151,8 @@ Description("The image that will be used for the icon"),
var destRect = new Rectangle(0, 0, width, height);
var destImage = new Bitmap(width, height);
destImage.MakeTransparent();
destImage.SetResolution(image.HorizontalResolution, image.VerticalResolution);
using (var graphics = Graphics.FromImage(destImage))
@ -160,6 +165,8 @@ Description("The image that will be used for the icon"),
using (var wrapMode = new ImageAttributes())
{
//Color cl = Color.White;
wrapMode.SetColorKey(Color.FromArgb(230, 230, 230), Color.White, ColorAdjustType.Bitmap);
wrapMode.SetWrapMode(WrapMode.TileFlipXY);
graphics.DrawImage(image, destRect, 0, 0, image.Width, image.Height, GraphicsUnit.Pixel, wrapMode);
}

20
DarkControls/Controls/DarkButton.cs
View File

@ -18,6 +18,26 @@ namespace DarkControls.Controls
this.Size = new Size(75, 23);
this.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.UseVisualStyleBackColor = true;
//this.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, Width, Height, 25, 25));
}
protected override void OnEnabledChanged(EventArgs e)
{
if (this.Enabled)
{
this.ForeColor = Color.Silver;
this.Update();
this.Invalidate();
}
else
{
this.ForeColor = Color.FromArgb(Color.Silver.R - 32, Color.Silver.G - 32, Color.Silver.B - 32);
this.Update();
this.Invalidate();
}
base.OnEnabledChanged(e);
}
}
}

61
DarkControls/Controls/DarkListView.cs Normal file
View File

@ -0,0 +1,61 @@
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace DarkControls.Controls
{
public class DarkListView : ListView
{
public DarkListView()
{
this.BackColor = Color.FromArgb(33, 33, 33);
this.ForeColor = Color.Silver;
this.DoubleBuffered = true;
//this.SetStyle(ControlStyles.UserPaint, true);
this.SetStyle(ControlStyles.DoubleBuffer, true);
//this.SetStyle(ControlStyles.AllPaintingInWmPaint, true);
System.Windows.Forms.ListView view = this;
colorListViewHeader(ref view, this.BackColor, this.ForeColor);
}
public static void colorListViewHeader(ref System.Windows.Forms.ListView list, Color backColor, Color foreColor)
{
list.OwnerDraw = true;
list.DrawColumnHeader +=
new DrawListViewColumnHeaderEventHandler
(
(sender, e) => headerDraw(sender, e, backColor, foreColor)
);
list.DrawItem += new DrawListViewItemEventHandler(bodyDraw);
}
private static void headerDraw(object sender, DrawListViewColumnHeaderEventArgs e, Color backColor, Color foreColor)
{
using (SolidBrush backBrush = new SolidBrush(backColor))
{
e.Graphics.FillRectangle(backBrush, e.Bounds);
}
using (SolidBrush foreBrush = new SolidBrush(foreColor))
{
e.Graphics.DrawString(e.Header.Text, e.Font, foreBrush, e.Bounds);
}
}
private static void bodyDraw(object sender, DrawListViewItemEventArgs e)
{
e.DrawDefault = true;
}
protected override void OnPaint(PaintEventArgs e)
{
base.OnPaint(e);
}
}
}

5
DarkControls/Controls/DarkTextBox.cs
View File

@ -20,6 +20,9 @@ namespace DarkControls.Controls
this.ForeColor = Color.Silver;
this.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.SetStyle(
ControlStyles.AllPaintingInWmPaint |
ControlStyles.DoubleBuffer, true);
}
protected override void OnPaint(PaintEventArgs e)
@ -27,7 +30,7 @@ namespace DarkControls.Controls
//Debugger.Break();
if (ScrollBarRenderer.IsSupported)
{
Debugger.Break();
//Debugger.Break();
// Draw the custom scrollbar
ScrollBarRenderer.DrawUpperVerticalTrack(e.Graphics, new Rectangle(this.Right - 18, this.Top, 18, this.Height), ScrollBarState.Normal);
ScrollBarRenderer.DrawLowerVerticalTrack(e.Graphics, new Rectangle(this.Right - 18, this.Top, 18, this.Height), ScrollBarState.Normal);

171
DarkControls/Controls/FlatComboBox.cs Normal file
View File

@ -0,0 +1,171 @@
using System;
using System.ComponentModel;
using System.Drawing;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace DarkControls.Controls
{
public class FlatComboBox : ComboBox
{
private Color borderColor = Color.Gray;
[DefaultValue(typeof(Color), "Gray")]
public Color BorderColor
{
get { return borderColor; }
set
{
if (borderColor != value)
{
borderColor = value;
Invalidate();
}
}
}
private Color buttonColor = Color.LightGray;
[DefaultValue(typeof(Color), "LightGray")]
public Color ButtonColor
{
get { return buttonColor; }
set
{
if (buttonColor != value)
{
buttonColor = value;
Invalidate();
}
}
}
protected override void WndProc(ref Message m)
{
if (m.Msg == WM_PAINT && DropDownStyle != ComboBoxStyle.Simple)
{
var clientRect = ClientRectangle;
var dropDownButtonWidth = SystemInformation.HorizontalScrollBarArrowWidth;
var outerBorder = new Rectangle(clientRect.Location,
new Size(clientRect.Width - 1, clientRect.Height - 1));
var innerBorder = new Rectangle(outerBorder.X + 1, outerBorder.Y + 1,
outerBorder.Width - dropDownButtonWidth - 2, outerBorder.Height - 2);
var innerInnerBorder = new Rectangle(innerBorder.X + 1, innerBorder.Y + 1,
innerBorder.Width - 2, innerBorder.Height - 2);
var dropDownRect = new Rectangle(innerBorder.Right + 1, innerBorder.Y,
dropDownButtonWidth, innerBorder.Height + 1);
if (RightToLeft == RightToLeft.Yes)
{
innerBorder.X = clientRect.Width - innerBorder.Right;
innerInnerBorder.X = clientRect.Width - innerInnerBorder.Right;
dropDownRect.X = clientRect.Width - dropDownRect.Right;
dropDownRect.Width += 1;
}
var innerBorderColor = Enabled ? BackColor : SystemColors.Control;
var outerBorderColor = Enabled ? BorderColor : SystemColors.ControlDark;
var buttonColor = Enabled ? ButtonColor : SystemColors.Control;
var middle = new Point(dropDownRect.Left + dropDownRect.Width / 2,
dropDownRect.Top + dropDownRect.Height / 2);
var arrow = new Point[]
{
new Point(middle.X - 3, middle.Y - 2),
new Point(middle.X + 4, middle.Y - 2),
new Point(middle.X, middle.Y + 2)
};
var ps = new PAINTSTRUCT();
bool shoulEndPaint = false;
IntPtr dc;
if (m.WParam == IntPtr.Zero)
{
dc = BeginPaint(Handle, ref ps);
m.WParam = dc;
shoulEndPaint = true;
}
else
{
dc = m.WParam;
}
var rgn = CreateRectRgn(innerInnerBorder.Left, innerInnerBorder.Top,
innerInnerBorder.Right, innerInnerBorder.Bottom);
SelectClipRgn(dc, rgn);
DefWndProc(ref m);
DeleteObject(rgn);
rgn = CreateRectRgn(clientRect.Left, clientRect.Top,
clientRect.Right, clientRect.Bottom);
SelectClipRgn(dc, rgn);
using (var g = Graphics.FromHdc(dc))
{
using (var b = new SolidBrush(buttonColor))
{
g.FillRectangle(b, dropDownRect);
}
using (var b = new SolidBrush(outerBorderColor))
{
g.FillPolygon(b, arrow);
}
using (var p = new Pen(innerBorderColor))
{
g.DrawRectangle(p, innerBorder);
g.DrawRectangle(p, innerInnerBorder);
}
using (var p = new Pen(outerBorderColor))
{
g.DrawRectangle(p, outerBorder);
}
}
if (shoulEndPaint)
EndPaint(Handle, ref ps);
DeleteObject(rgn);
}
else
base.WndProc(ref m);
}
private const int WM_PAINT = 0xF;
[StructLayout(LayoutKind.Sequential)]
public struct RECT
{
public int L, T, R, B;
}
[StructLayout(LayoutKind.Sequential)]
public struct PAINTSTRUCT
{
public IntPtr hdc;
public bool fErase;
public int rcPaint_left;
public int rcPaint_top;
public int rcPaint_right;
public int rcPaint_bottom;
public bool fRestore;
public bool fIncUpdate;
public int reserved1;
public int reserved2;
public int reserved3;
public int reserved4;
public int reserved5;
public int reserved6;
public int reserved7;
public int reserved8;
}
[DllImport("user32.dll")]
private static extern IntPtr BeginPaint(IntPtr hWnd,
[In, Out] ref PAINTSTRUCT lpPaint);
[DllImport("user32.dll")]
private static extern bool EndPaint(IntPtr hWnd, ref PAINTSTRUCT lpPaint);
[DllImport("gdi32.dll")]
public static extern int SelectClipRgn(IntPtr hDC, IntPtr hRgn);
[DllImport("user32.dll")]
public static extern int GetUpdateRgn(IntPtr hwnd, IntPtr hrgn, bool fErase);
public enum RegionFlags
{
ERROR = 0,
NULLREGION = 1,
SIMPLEREGION = 2,
COMPLEXREGION = 3,
}
[DllImport("gdi32.dll")]
internal static extern bool DeleteObject(IntPtr hObject);
[DllImport("gdi32.dll")]
private static extern IntPtr CreateRectRgn(int x1, int y1, int x2, int y2);
}
}

4
DarkControls/Controls/MaximizeButton.cs
View File

@ -11,9 +11,9 @@ namespace DarkControls.Controls
public MaximizeButton()
{
this.ButtonType = DarkControls.Controls.WindowsDefaultTitleBarButton.Type.Maximize;
this.ClickColor = System.Drawing.Color.Red;
this.ClickColor = System.Drawing.Color.DodgerBlue;
this.ClickIconColor = System.Drawing.Color.Black;
this.HoverColor = System.Drawing.Color.OrangeRed;
this.HoverColor = System.Drawing.Color.SkyBlue;
this.HoverIconColor = System.Drawing.Color.Black;
this.IconColor = System.Drawing.Color.Black;
this.IconLineThickness = 2;

4
DarkControls/Controls/MinimizeButton.cs
View File

@ -11,9 +11,9 @@ namespace DarkControls.Controls
public MinimizeButton()
{
this.ButtonType = DarkControls.Controls.WindowsDefaultTitleBarButton.Type.Minimize;
this.ClickColor = System.Drawing.Color.Red;
this.ClickColor = System.Drawing.Color.DodgerBlue;
this.ClickIconColor = System.Drawing.Color.Black;
this.HoverColor = System.Drawing.Color.OrangeRed;
this.HoverColor = System.Drawing.Color.SkyBlue;
this.HoverIconColor = System.Drawing.Color.Black;
this.IconColor = System.Drawing.Color.Black;
this.IconLineThickness = 2;

78
DarkControls/Controls/ProgressBarEx.cs
View File

@ -2,21 +2,14 @@
using System.Windows.Forms;
using System.Drawing;
using System.Drawing.Drawing2D;
using System.Runtime.InteropServices;
namespace DarkControls.Controls
{
public class ProgressBarEx : ProgressBar
{
private Timer _marqueeTimer;
public ProgressBarEx()
{
this.SetStyle(ControlStyles.UserPaint, true);
_marqueeTimer = new Timer();
_marqueeTimer.Interval = MarqueeAnimationSpeed;
_marqueeTimer.Tick += new EventHandler(marqueeTimer_Tick);
_marqueeTimer.Start();
}
protected override void OnPaintBackground(PaintEventArgs pevent)
@ -24,70 +17,31 @@ namespace DarkControls.Controls
// None... Helps control the flicker.
}
private void marqueeTimer_Tick(object sender, EventArgs e)
{
if (this.Style == ProgressBarStyle.Marquee) this.Invalidate();
}
protected override void OnPaint(PaintEventArgs e)
{
if (this.Style == ProgressBarStyle.Marquee)
const int inset = 2; // A single inset value to control teh sizing of the inner rect.
using (Image offscreenImage = new Bitmap(this.Width, this.Height))
{
int blockWidth = 5;
int blockSpacing = 2;
int blockCount = (this.Width - 2) / (blockWidth + blockSpacing);
int offset = DateTime.Now.Millisecond % (blockCount + blockSpacing);
using (Image offscreenImage = new Bitmap(this.Width, this.Height))
using (Graphics offscreen = Graphics.FromImage(offscreenImage))
{
using (Graphics offscreen = Graphics.FromImage(offscreenImage))
{
offscreen.Clear(this.BackColor);
for (int i = 0; i < blockCount; i++)
{
int x = 2 + (i * (blockWidth + blockSpacing)) - offset;
int y = 2;
int width = blockWidth;
int height = this.Height - 4;
if (x + width > this.Width)
width = this.Width - x;
if (x < 2)
{
width -= 2 - x;
x = 2;
}
offscreen.FillRectangle(new SolidBrush(this.ForeColor), x, y, width, height);
}
e.Graphics.DrawImage(offscreenImage, 0, 0);
}
}
}
else
{
const int inset = 2; // A single inset value to control the sizing of the inner rect.
offscreen.Clear(this.BackColor);
Rectangle rect = new Rectangle(0, 0, this.Width, this.Height);
offscreen.DrawRectangle(new Pen(Color.Silver, 2), rect);
using (Image offscreenImage = new Bitmap(this.Width, this.Height))
{
using (Graphics offscreen = Graphics.FromImage(offscreenImage))
{
offscreen.Clear(this.BackColor);
Rectangle rect = new Rectangle(0, 0, this.Width, this.Height);
offscreen.DrawRectangle(new Pen(Color.Silver, 2), rect);
//if (ProgressBarRenderer.IsSupported)
// ProgressBarRenderer.DrawHorizontalBar(offscreen, rect);
//if (ProgressBarRenderer.IsSupported)
// ProgressBarRenderer.DrawHorizontalBar(offscreen, rect);
rect.Inflate(new Size(-inset, -inset)); // Deflate inner rect.
rect.Width = (int)(rect.Width * ((double)this.Value / this.Maximum));
if (rect.Width == 0) rect.Width = 1; // Can't draw rec with width of 0.
rect.Inflate(new Size(-inset, -inset)); // Deflate inner rect.
rect.Width = (int)(rect.Width * ((double)this.Value / this.Maximum));
if (rect.Width == 0) rect.Width = 1; // Can't draw rec with width of 0.
//LinearGradientBrush brush = new LinearGradientBrush(rect, this.BackColor, this.ForeColor, LinearGradientMode.Horizontal);
SolidBrush brush = new SolidBrush(this.ForeColor);
//LinearGradientBrush brush = new LinearGradientBrush(rect, this.BackColor, this.ForeColor, LinearGradientMode.Horizontal);
SolidBrush brush = new SolidBrush(this.ForeColor);
offscreen.FillRectangle(brush, inset, inset, rect.Width, rect.Height);
offscreen.FillRectangle(brush, inset, inset, rect.Width, rect.Height);
e.Graphics.DrawImage(offscreenImage, 0, 0);
}
e.Graphics.DrawImage(offscreenImage, 0, 0);
}
}
}

469
DarkControls/Controls/VisualStudioTabControl.cs Normal file
View File

@ -0,0 +1,469 @@
using System;
using System.ComponentModel;
using System.Drawing;
using System.Drawing.Drawing2D;
using System.Drawing.Text;
using System.Windows.Forms;
namespace VisualStudioTabControl
{
public class VisualStudioTabControl : TabControl
{
//protected override CreateParams CreateParams
//{
// get
// {
// // Activate double buffering at the form level. All child controls will be double buffered as well.
// CreateParams cp = base.CreateParams;
// cp.ExStyle |= 0x02000000; // Turn on WS_EX_COMPOSITED
// return cp;
// }
//}
/// <summary>
/// Format of the title of the TabPage
/// </summary>
private readonly StringFormat CenterSringFormat = new StringFormat
{
Alignment = StringAlignment.Near,
LineAlignment = StringAlignment.Center
};
/// <summary>
/// The color of the active tab header
/// </summary>
private Color activeColor = Color.FromArgb(0, 122, 204);
/// <summary>
/// The color of the background of the Tab
/// </summary>
private Color backTabColor = Color.FromArgb(33, 33, 33);
/// <summary>
/// The color of the border of the control
/// </summary>
private Color borderColor = Color.FromArgb(35, 35, 35);
/// <summary>
/// Color of the closing button
/// </summary>
private Color closingButtonColor = Color.WhiteSmoke;
/// <summary>
/// Message for the user before losing
/// </summary>
private string closingMessage;
/// <summary>
/// The color of the tab header
/// </summary>
private Color headerColor = Color.FromArgb(45, 45, 48);
/// <summary>
/// The color of the horizontal line which is under the headers of the tab pages
/// </summary>
private Color horizLineColor = Color.FromArgb(0, 122, 204);
/// <summary>
/// A random page will be used to store a tab that will be deplaced in the run-time
/// </summary>
private TabPage predraggedTab;
/// <summary>
/// The color of the text
/// </summary>
private Color textColor = Color.FromArgb(255, 255, 255);
///<summary>
/// Shows closing buttons
/// </summary>
public bool ShowClosingButton { get; set; }
/// <summary>
/// Selected tab text color
/// </summary>
public Color selectedTextColor = Color.FromArgb(255, 255, 255);
/// <summary>
/// Init
/// </summary>
public VisualStudioTabControl()
{
SetStyle(
ControlStyles.AllPaintingInWmPaint | ControlStyles.UserPaint | ControlStyles.ResizeRedraw
| ControlStyles.DoubleBuffer,
true);
DoubleBuffered = true;
SizeMode = TabSizeMode.Normal;
ItemSize = new Size(240, 16);
AllowDrop = true;
}
[Category("Colors"), Browsable(true), Description("The color of the selected page")]
public Color ActiveColor
{
get
{
return this.activeColor;
}
set
{
this.activeColor = value;
}
}
[Category("Colors"), Browsable(true), Description("The color of the background of the tab")]
public Color BackTabColor
{
get
{
return this.backTabColor;
}
set
{
this.backTabColor = value;
}
}
[Category("Colors"), Browsable(true), Description("The color of the border of the control")]
public Color BorderColor
{
get
{
return this.borderColor;
}
set
{
this.borderColor = value;
}
}
/// <summary>
/// The color of the closing button
/// </summary>
[Category("Colors"), Browsable(true), Description("The color of the closing button")]
public Color ClosingButtonColor
{
get
{
return this.closingButtonColor;
}
set
{
this.closingButtonColor = value;
}
}
/// <summary>
/// The message that will be shown before closing.
/// </summary>
[Category("Options"), Browsable(true), Description("The message that will be shown before closing.")]
public string ClosingMessage
{
get
{
return this.closingMessage;
}
set
{
this.closingMessage = value;
}
}
[Category("Colors"), Browsable(true), Description("The color of the header.")]
public Color HeaderColor
{
get
{
return this.headerColor;
}
set
{
this.headerColor = value;
}
}
[Category("Colors"), Browsable(true),
Description("The color of the horizontal line which is located under the headers of the pages.")]
public Color HorizontalLineColor
{
get
{
return this.horizLineColor;
}
set
{
this.horizLineColor = value;
}
}
/// <summary>
/// Show a Yes/No message before closing?
/// </summary>
[Category("Options"), Browsable(true), Description("Show a Yes/No message before closing?")]
public bool ShowClosingMessage { get; set; }
[Category("Colors"), Browsable(true), Description("The color of the title of the page")]
public Color SelectedTextColor
{
get
{
return this.selectedTextColor;
}
set
{
this.selectedTextColor = value;
}
}
[Category("Colors"), Browsable(true), Description("The color of the title of the page")]
public Color TextColor
{
get
{
return this.textColor;
}
set
{
this.textColor = value;
}
}
/// <summary>
/// Sets the Tabs on the top
/// </summary>
protected override void CreateHandle()
{
base.CreateHandle();
Alignment = TabAlignment.Top;
}
/// <summary>
/// Drags the selected tab
/// </summary>
/// <param name="drgevent"></param>
protected override void OnDragOver(DragEventArgs drgevent)
{
var draggedTab = (TabPage)drgevent.Data.GetData(typeof(TabPage));
var pointedTab = getPointedTab();
if (ReferenceEquals(draggedTab, predraggedTab) && pointedTab != null)
{
drgevent.Effect = DragDropEffects.Move;
if (!ReferenceEquals(pointedTab, draggedTab))
{
this.ReplaceTabPages(draggedTab, pointedTab);
}
}
base.OnDragOver(drgevent);
}
/// <summary>
/// Handles the selected tab|closes the selected page if wanted.
/// </summary>
/// <param name="e"></param>
protected override void OnMouseDown(MouseEventArgs e)
{
predraggedTab = getPointedTab();
var p = e.Location;
if (!this.ShowClosingButton)
{
}
else
{
for (var i = 0; i < this.TabCount; i++)
{
var r = this.GetTabRect(i);
r.Offset(r.Width - 15, 2);
r.Width = 10;
r.Height = 10;
if (!r.Contains(p))
{
continue;
}
if (this.ShowClosingMessage)
{
if (DialogResult.Yes == MessageBox.Show(this.ClosingMessage, "Close", MessageBoxButtons.YesNo))
{
this.TabPages.RemoveAt(i);
}
}
else
{
this.TabPages.RemoveAt(i);
}
}
}
base.OnMouseDown(e);
}
/// <summary>
/// Holds the selected page until it sets down
/// </summary>
/// <param name="e"></param>
protected override void OnMouseMove(MouseEventArgs e)
{
if (e.Button == MouseButtons.Left && predraggedTab != null)
{
this.DoDragDrop(predraggedTab, DragDropEffects.Move);
}
base.OnMouseMove(e);
}
/// <summary>
/// Abandons the selected tab
/// </summary>
/// <param name="e"></param>
protected override void OnMouseUp(MouseEventArgs e)
{
predraggedTab = null;
base.OnMouseUp(e);
}
/// <summary>
/// Draws the control
/// </summary>
/// <param name="e"></param>
protected override void OnPaint(PaintEventArgs e)
{
var g = e.Graphics;
var Drawer = g;
Drawer.SmoothingMode = SmoothingMode.HighQuality;
Drawer.PixelOffsetMode = PixelOffsetMode.HighQuality;
Drawer.TextRenderingHint = TextRenderingHint.ClearTypeGridFit;
Drawer.Clear(this.headerColor);
try
{
if (SelectedTab != null)
{
SelectedTab.BackColor = this.backTabColor;
}
}
catch (Exception ex)
{
// ignored
}
try
{
SelectedTab.BorderStyle = BorderStyle.None;
}
catch (Exception ex)
{
// ignored
}
for (var i = 0; i <= TabCount - 1; i++)
{
var Header = new Rectangle(
new Point(GetTabRect(i).Location.X + 2, GetTabRect(i).Location.Y),
new Size(GetTabRect(i).Width, GetTabRect(i).Height));
var HeaderSize = new Rectangle(Header.Location, new Size(Header.Width, Header.Height));
Brush ClosingColorBrush = new SolidBrush(this.closingButtonColor);
if (i == SelectedIndex)
{
// Draws the back of the header
Drawer.FillRectangle(new SolidBrush(this.headerColor), HeaderSize);
// Draws the back of the color when it is selected
Drawer.FillRectangle(
new SolidBrush(this.activeColor),
new Rectangle(Header.X - 5, Header.Y - 3, Header.Width, Header.Height + 5));
// Draws the title of the page
Drawer.DrawString(
TabPages[i].Text,
Font,
new SolidBrush(this.selectedTextColor),
HeaderSize,
this.CenterSringFormat);
// Draws the closing button
if (this.ShowClosingButton)
{
e.Graphics.DrawString("X", Font, ClosingColorBrush, HeaderSize.Right - 17, 3);
}
}
else
{
// Simply draws the header when it is not selected
Drawer.DrawString(
TabPages[i].Text,
Font,
new SolidBrush(this.textColor),
HeaderSize,
this.CenterSringFormat);
}
}
// Draws the horizontal line
Drawer.DrawLine(new Pen(this.horizLineColor, 5), new Point(0, 19), new Point(Width, 19));
// Draws the background of the tab control
Drawer.FillRectangle(new SolidBrush(this.backTabColor), new Rectangle(0, 20, Width, Height - 20));
// Draws the border of the TabControl
Drawer.DrawRectangle(new Pen(this.borderColor, 2), new Rectangle(0, 0, Width, Height));
Drawer.InterpolationMode = InterpolationMode.HighQualityBicubic;
}
/// <summary>
/// Gets the pointed tab
/// </summary>
/// <returns></returns>
private TabPage getPointedTab()
{
for (var i = 0; i <= this.TabPages.Count - 1; i++)
{
if (this.GetTabRect(i).Contains(this.PointToClient(Cursor.Position)))
{
return this.TabPages[i];
}
}
return null;
}
/// <summary>
/// Swaps the two tabs
/// </summary>
/// <param name="Source"></param>
/// <param name="Destination"></param>
private void ReplaceTabPages(TabPage Source, TabPage Destination)
{
var SourceIndex = this.TabPages.IndexOf(Source);
var DestinationIndex = this.TabPages.IndexOf(Destination);
this.TabPages[DestinationIndex] = Source;
this.TabPages[SourceIndex] = Destination;
if (this.SelectedIndex == SourceIndex)
{
this.SelectedIndex = DestinationIndex;
}
else if (this.SelectedIndex == DestinationIndex)
{
this.SelectedIndex = SourceIndex;
}
this.Refresh();
}
}
}

43
DarkControls/Controls/WindowsDefaultTitleBarButton.cs
View File

@ -24,6 +24,7 @@ namespace DarkControls.Controls
private Pen activeIconColorPen;
private Brush activeIconColorBrush;
private Brush activeColorBrush;
private Type btnType;
/// <summary>
/// The type which defines the buttons behaviour.
@ -34,7 +35,16 @@ namespace DarkControls.Controls
[Browsable(true)]
[Category("Appearance")]
[Description("The type which defines the buttons behaviour.")]
public Type ButtonType { get; set; }
public Type ButtonType {
get
{
return btnType;
}
set
{
btnType = value;
}
}
/// <summary>
/// The background color of the button when the mouse is inside the buttons bounds.
@ -50,7 +60,7 @@ namespace DarkControls.Controls
/// <summary>
/// The background color of the button when the button is clicked.
/// </summary>
[RefreshProperties(System.ComponentModel.RefreshProperties.All)]
[EditorBrowsable(EditorBrowsableState.Always)]
[Browsable(true)]
@ -61,7 +71,7 @@ namespace DarkControls.Controls
/// <summary>
/// The default color of the icon.
/// </summary>
[RefreshProperties(System.ComponentModel.RefreshProperties.All)]
[EditorBrowsable(EditorBrowsableState.Always)]
[Browsable(true)]
@ -72,7 +82,7 @@ namespace DarkControls.Controls
/// <summary>
/// The color of the icon when the mouse is inside the buttons bounds.
/// </summary>
[RefreshProperties(System.ComponentModel.RefreshProperties.All)]
[EditorBrowsable(EditorBrowsableState.Always)]
[Browsable(true)]
@ -83,7 +93,7 @@ namespace DarkControls.Controls
/// <summary>
/// The color of the icon when the mouse is inside the buttons bounds.
/// </summary>
[RefreshProperties(System.ComponentModel.RefreshProperties.All)]
[EditorBrowsable(EditorBrowsableState.Always)]
[Browsable(true)]
@ -95,7 +105,7 @@ namespace DarkControls.Controls
/// <summary>
/// The color of the icon when the button is clicked.
/// </summary>
[RefreshProperties(System.ComponentModel.RefreshProperties.All)]
[EditorBrowsable(EditorBrowsableState.Always)]
[Browsable(true)]
@ -106,8 +116,8 @@ namespace DarkControls.Controls
/// <summary>
/// Property which returns the active background color of the button depending on if the button is clicked or hovered.
/// </summary>
///
///
[RefreshProperties(System.ComponentModel.RefreshProperties.All)]
[EditorBrowsable(EditorBrowsableState.Always)]
[Browsable(true)]
@ -221,22 +231,7 @@ namespace DarkControls.Controls
protected override void OnClick(EventArgs e)
{
if (ButtonType == Type.Close)
{
Form frm = this.FindForm();
if (frm != null)
{
if (frm.AcceptButton != null)
{
frm.DialogResult = DialogResult.OK;
frm.Dispose();
}
else
{
frm.Dispose();
}
}
}
this.FindForm()?.Close();
else if (ButtonType == Type.Maximize)
this.FindForm().WindowState = this.FindForm().WindowState == FormWindowState.Maximized ? FormWindowState.Normal : FormWindowState.Maximized;
else

12
DarkControls/DarkControls.csproj
View File

@ -9,7 +9,7 @@
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>DarkControls</RootNamespace>
<AssemblyName>DarkControls</AssemblyName>
<TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
<TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<TargetFrameworkProfile />
@ -83,13 +83,20 @@
<Compile Include="Controls\DarkCheckBox.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\DarkListView.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\DarkSelectFileButton.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\DarkTextBox.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\FlatComboBox.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\FlatScrollBar.cs" />
<Compile Include="Controls\FlatScrollBar1.cs" />
<Compile Include="Controls\MaximizeButton.cs">
<SubType>Component</SubType>
</Compile>
@ -106,6 +113,9 @@
<Compile Include="Controls\TransparentLabel.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\VisualStudioTabControl.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Controls\WindowsDefaultTitleBarButton.cs">
<SubType>Component</SubType>
</Compile>

61
DriverInterface/BSOD.cs Normal file
View File

@ -0,0 +1,61 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace KsDumper11
{
public class BSOD
{
public static bool JustHappened()
{
List<DateTime> detectedCrashTimes = new List<DateTime>();
string eventLogName = "System";
EventLog eventLog = new EventLog();
eventLog.Log = eventLogName;
foreach (EventLogEntry log in eventLog.Entries)
{
if (log.EventID == 1001)
{
detectedCrashTimes.Add(log.TimeGenerated);
}
}
detectedCrashTimes = detectedCrashTimes.OrderByDescending(x => x).ToList();
foreach (DateTime crashTime in detectedCrashTimes)
{
if (CheckIfWithinFiveMinutes(crashTime, 5))
{
return true;
}
}
return false;
}
static bool CheckIfWithinFiveMinutes(DateTime dateTimeToCheck, int minutesAgo)
{
// Get the current time
DateTime currentTime = DateTime.Now;
// Calculate the time difference
TimeSpan timeDifference = currentTime - dateTimeToCheck;
// Check if the time difference is within 5 minutes
if (timeDifference.TotalMinutes <= minutesAgo)
{
return true;
}
else
{
return false;
}
}
}
}

47
DriverInterface/CancelableTask.cs Normal file
View File

@ -0,0 +1,47 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
public class CancelableTask<T>
{
private CancellationTokenSource cancellationTokenSource;
public CancelableTask(CancellationToken cancellationToken)
{
cancellationTokenSource = new CancellationTokenSource();
cancellationToken.Register(() => cancellationTokenSource.Cancel());
}
public Task<T> CreateTask(Func<CancellationToken, T> taskFunction)
{
var taskCompletionSource = new TaskCompletionSource<T>();
Task.Run(() =>
{
try
{
T result = taskFunction(cancellationTokenSource.Token);
taskCompletionSource.TrySetResult(result);
}
catch (OperationCanceledException)
{
taskCompletionSource.TrySetCanceled();
}
catch (Exception ex)
{
taskCompletionSource.TrySetException(ex);
}
});
return taskCompletionSource.Task;
}
public void Cancel()
{
cancellationTokenSource.Cancel();
}
}

73
DriverInterface/CrashMon.cs Normal file
View File

@ -0,0 +1,73 @@
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using static System.Net.Mime.MediaTypeNames;
namespace KsDumper11
{
public class CrashMon
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FlushFileBuffers(IntPtr handle);
private int _checkingProvider = -1;
public int CheckingProvider
{
get
{
return _checkingProvider;
}
set
{
_checkingProvider = value;
Save();
}
}
string savePath = KduSelfExtract.AssemblyDirectory + @"\\Setings.json";
public CrashMon()
{
if (File.Exists(savePath))
{
_checkingProvider = JsonConvert.DeserializeObject<int>(File.ReadAllText(savePath));
}
else
{
_checkingProvider = -1;
}
}
private void Save()
{
string json = JsonConvert.SerializeObject(_checkingProvider);
if (!File.Exists(savePath))
{
FileStream fs = File.Create(savePath);
StreamWriter sw = new StreamWriter(fs);
sw.Write(json);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
else
{
File.Delete(savePath);
FileStream fs = File.Create(savePath);
StreamWriter sw = new StreamWriter(fs);
sw.Write(json);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
}
}
}

0
KsDumper11/Driver/KsDumperDriver.sys → DriverInterface/Driver/KsDumperDriver.sys
View File

BIN
DriverInterface/Driver/Taigei64.dll Normal file
View File

Binary file not shown.

BIN
DriverInterface/Driver/drv64.dll Normal file
View File

Binary file not shown.

BIN
DriverInterface/Driver/kdu.exe Normal file
View File

Binary file not shown.

97
DriverInterface/DriverInterface.csproj Normal file
View File

@ -0,0 +1,97 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6F8B2A35-060D-4EB1-A6BA-A3057179304B}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>DriverInterface</RootNamespace>
<AssemblyName>DriverInterface</AssemblyName>
<TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
<HintPath>..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Net.Http" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="BSOD.cs" />
<Compile Include="CancelableTask.cs" />
<Compile Include="CrashMon.cs" />
<Compile Include="KduProviderSettings.cs" />
<Compile Include="KsDumperDriverInterface.cs" />
<Compile Include="KduProvider.cs" />
<Compile Include="KduSelfExtract.cs" />
<Compile Include="KduWrapper.cs" />
<Compile Include="Operations.cs" />
<Compile Include="PE\32\PE32File.cs" />
<Compile Include="PE\32\PE32Header.cs" />
<Compile Include="PE\64\PE64File.cs" />
<Compile Include="PE\64\PE64Header.cs" />
<Compile Include="PE\DOSHeader.cs" />
<Compile Include="PE\NativePEStructs.cs" />
<Compile Include="PE\PEFile.cs" />
<Compile Include="PE\PESection.cs" />
<Compile Include="ProcessDumper.cs" />
<Compile Include="ProcessSummary.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Properties\Resources.Designer.cs">
<AutoGen>True</AutoGen>
<DesignTime>True</DesignTime>
<DependentUpon>Resources.resx</DependentUpon>
</Compile>
<Compile Include="Utility\Logger.cs" />
<Compile Include="Utility\MarshalUtility.cs" />
<Compile Include="Utility\ProcessListView.cs">
<SubType>Component</SubType>
</Compile>
<Compile Include="Utility\WinApi.cs" />
</ItemGroup>
<ItemGroup>
<None Include="Driver\KsDumperDriver.sys" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="Driver\drv64.dll" />
<Content Include="Driver\kdu.exe" />
<Content Include="Driver\Taigei64.dll" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Properties\Resources.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
</EmbeddedResource>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

107
DriverInterface/KduProvider.cs Normal file
View File

@ -0,0 +1,107 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace KsDumper11
{
public class KduProvider
{
public int ProviderIndex { get; set; }
public string ProviderName { get; set; }
public string DriverName { get; set; }
public string DeviceName { get; set; }
public string SignerName { get; set; }
public bool IsWHQL_Signed { get; set; }
public string ShellcodeSupportMask { get; set; }
public string MaxWindowsBuild { get; set; }
public string MinWindowsBuild { get; set; }
public string[] ExtraInfo { get; set; }
public bool IsNonWorking
{
get
{
return this.ProviderName.Contains("NOT WORKING");
}
}
public KduProvider()
{
}
public KduProvider(string provider)
{
processProvider(provider);
}
private void processProvider(string prov)
{
string[] lines = prov.Split('\n');
string id = lines[0].Split(',')[0];
ProviderIndex = int.Parse(id);
string[] provInfo = lines[1].Split(',');
ProviderName = provInfo[0];
string drvName = provInfo[1].Trim().Replace("DriverName ", "").Replace('"'.ToString(), "");
string devName = provInfo[2].Trim().Replace("DeviceName ", "").Replace('"'.ToString(), "");
DriverName = drvName;
DeviceName = devName;
string signer = lines[2].Trim().Replace("Signed by: ", "").Replace('"'.ToString(), "");
SignerName = signer;
string shellCodeMask = lines[3].Trim().Replace("Shellcode support mask: ", "").Replace('"'.ToString(), "");
ShellcodeSupportMask = shellCodeMask;
foreach (string ln in lines)
{
if (ln.Contains("Driver is WHQL signed"))
{
IsWHQL_Signed = true;
}
if (ln.StartsWith("Maximum Windows build undefined"))
{
MaxWindowsBuild = "No Restrictions";
}
if (ln.StartsWith("Maximum supported Windows build: "))
{
MaxWindowsBuild = ln.Replace("Maximum supported Windows build: ", "");
}
if (ln.StartsWith("Minimum supported Windows build: "))
{
MinWindowsBuild = ln.Replace("Minimum supported Windows build: ", "");
}
}
List<string> extraInfoLines = new List<string>();
for (int i = 4; i < lines.Length; i++)
{
if (lines[i].StartsWith("Minimum"))
{
break;
}
else if (!lines[i].Contains("Driver is WHQL signed"))
{
extraInfoLines.Add(lines[i]);
}
}
ExtraInfo = extraInfoLines.ToArray();
}
}
}

16
DriverInterface/KduProviderSettings.cs Normal file
View File

@ -0,0 +1,16 @@
using KsDumper11;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace KsDumper11
{
public class KduProviderSettings
{
public List<KduProvider> Providers { get; set; }
public int DefaultProvider { get; set; } = -1;
}
}

154
DriverInterface/KduSelfExtract.cs Normal file
View File

@ -0,0 +1,154 @@
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
namespace KsDumper11
{
public class KduSelfExtract
{
public static void DisableDriverBlockList()
{
RegistryKey configKey = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\CI\Config", true);
if (configKey == null)
{
configKey = Registry.LocalMachine.CreateSubKey(@"SYSTEM\CurrentControlSet\Control\CI\Config");
}
if (configKey != null)
{
if (configKey.GetValue("VulnerableDriverBlocklistEnable") == null)
{
configKey.SetValue("VulnerableDriverBlocklistEnable", 0);
}
}
}
static string asmDir = "";
static string driverDir = "";
static KduSelfExtract()
{
DisableDriverBlockList();
asmDir = AssemblyDirectory;
driverDir = asmDir + @"\Driver";
}
public static string AssemblyDirectory
{
get
{
string codeBase = Assembly.GetExecutingAssembly().CodeBase;
UriBuilder uri = new UriBuilder(codeBase);
string path = Uri.UnescapeDataString(uri.Path);
return Path.GetDirectoryName(path);
}
}
public static string KduPath
{
get
{
return driverDir + @"\kdu.exe";
}
}
private static bool Extracted()
{
bool result = false;
string driverPath = driverDir + @"\KsDumperDriver.sys";
string kduPath = driverDir + @"\kdu.exe";
string drv64Path = driverDir + @"\drv64.dll";
string taigei64Path = driverDir + @"\Taigei64.dll";
if (!Directory.Exists(driverDir))
{
return false;
}
else
{
if (!File.Exists(driverPath))
{
return false;
}
else
{
result = true;
}
if (!File.Exists(kduPath))
{
return false;
}
else
{
result = true;
}
if (!File.Exists(drv64Path))
{
return false;
}
else
{
result = true;
}
if (!File.Exists(taigei64Path))
{
return false;
}
else
{
result = true;
}
}
return result;
}
public static void Extract()
{
if (!Extracted())
{
string asmDir = AssemblyDirectory;
string driverDir = asmDir + @"\Driver";
if (!Directory.Exists(driverDir))
{
Directory.CreateDirectory(driverDir);
}
string driverPath = driverDir + @"\KsDumperDriver.sys";
string kduPath = driverDir + @"\kdu.exe";
string drv64Path = driverDir + @"\drv64.dll";
string taigei64Path = driverDir + @"\Taigei64.dll";
if (!File.Exists(driverPath))
{
File.WriteAllBytes(driverPath, DriverInterface.Properties.Resources.KsDumperDriver);
}
if (!File.Exists(kduPath))
{
File.WriteAllBytes(kduPath, DriverInterface.Properties.Resources.kdu);
}
if (!File.Exists(drv64Path))
{
File.WriteAllBytes(drv64Path, DriverInterface.Properties.Resources.drv64);
}
if (!File.Exists(taigei64Path))
{
File.WriteAllBytes(taigei64Path, DriverInterface.Properties.Resources.Taigei64);
}
}
}
}
}

379
DriverInterface/KduWrapper.cs Normal file
View File

@ -0,0 +1,379 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using KsDumper11.Driver;
using Newtonsoft.Json;
namespace KsDumper11
{
public class KduWrapper
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FlushFileBuffers(IntPtr handle);
string logFolder = Environment.CurrentDirectory + "\\Logs";
public string KduPath { get; set; }
private CancellationToken checkerTaskCancelToken;
private CancelableTask<int> checkerTask;
public event EventHandler<object[]> DriverLoaded;
public event EventHandler ProvidersLoaded;
private KduProviderSettings kduSettingsJson;
public List<KduProvider> providers = new List<KduProvider>();
CrashMon crashMon;
public int DefaultProvider
{
get
{
return kduSettingsJson.DefaultProvider;
}
}
public KduWrapper(string kduPath)
{
KduPath = kduPath;
crashMon = new CrashMon();
kduSettingsJson = new KduProviderSettings();
Application.ThreadExit += Application_ThreadExit;
}
public void SetDefaultProvider(int providerID)
{
kduSettingsJson.DefaultProvider = providerID;
SaveProviders();
}
private void Application_ThreadExit(object sender, EventArgs e)
{
// Create a setting for the user to determine if they want to unload the driver upon exit of KsDumper 11
//if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
//{
// KsDumperDriverInterface.OpenKsDumperDriver().UnloadDriver();
//}
}
public void LoadProviders()
{
if (!File.Exists(KduSelfExtract.AssemblyDirectory + @"\\Providers.json"))
{
populateProviders();
}
else
{
kduSettingsJson = JsonConvert.DeserializeObject<KduProviderSettings>(File.ReadAllText(KduSelfExtract.AssemblyDirectory + @"\\Providers.json"));
providers = kduSettingsJson.Providers;
if (crashMon.CheckingProvider != -1)
{
//if (KsDumper11.BSOD.JustHappened())
{
providers[crashMon.CheckingProvider].ProviderName = "[NOT WORKING] " + providers[crashMon.CheckingProvider].ProviderName;
SaveProviders();
crashMon.CheckingProvider = -1;
}
}
FireProvidersLoaded();
}
}
private void populateProviders()
{
ProcessStartInfo inf = new ProcessStartInfo();
inf.FileName = KduPath;
inf.Arguments = "-list";
inf.CreateNoWindow = true;
inf.WindowStyle = ProcessWindowStyle.Hidden;
inf.RedirectStandardOutput = true;
inf.UseShellExecute = false;
Process proc = Process.Start(inf);
string str = proc.StandardOutput.ReadToEnd();
List<string> parts = new List<string>(str.Split(new string[] { "Provider #" }, StringSplitOptions.RemoveEmptyEntries));
parts.RemoveAt(0);
for (int i = 0; i < parts.Count; i++)
{
parts[i] = parts[i].Trim().Replace('\r'.ToString(), "").Replace('\t'.ToString(), "");
}
foreach (string prov in parts)
{
KduProvider p = new KduProvider(prov);
providers.Add(p);
}
SaveProviders();
FireProvidersLoaded();
}
private void FireProvidersLoaded()
{
if (ProvidersLoaded != null)
{
ProvidersLoaded(this, EventArgs.Empty);
}
}
private void SaveProviders()
{
kduSettingsJson.Providers = providers;
string json = JsonConvert.SerializeObject(kduSettingsJson);
string savePath = KduSelfExtract.AssemblyDirectory + @"\\Providers.json";
if (!File.Exists(savePath))
{
FileStream fs = File.Create(savePath);
StreamWriter sw = new StreamWriter(fs);
sw.Write(json);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
else
{
File.Delete(savePath);
FileStream fs = File.Create(savePath);
StreamWriter sw = new StreamWriter(fs);
sw.Write(json);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
}
private void runChecker(int providerID)
{
checkerTaskCancelToken = new CancellationToken();
checkerTask = new CancelableTask<int>(checkerTaskCancelToken);
// Create a cancelable task
var task = checkerTask.CreateTask(token =>
{
while (!KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
try
{
// Checks to see if we need to cancel the checker
token.ThrowIfCancellationRequested();
}
catch (Exception)
{
break;
}
}
if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (DriverLoaded != null)
{
updateProvider(true, providerID);
DriverLoaded(this, new object[] { true, providerID });
}
return 1;
}
else
{
if (DriverLoaded != null)
{
updateProvider(false, providerID);
DriverLoaded(this, new object[] { false, providerID });
}
return 0;
}
});
}
private void updateProvider(bool res, int idx)
{
crashMon.CheckingProvider = -1;
KduProvider p = providers[idx];
if (res)
{
KsDumperDriverInterface ksDriver = new KsDumperDriverInterface("\\\\.\\KsDumper");
ksDriver.UnloadDriver();
ksDriver.Dispose();
providers[idx].ProviderName = "[WORKING] " + providers[idx].ProviderName;
}
else
{
providers[idx].ProviderName = "[NOT WORKING] " + providers[idx].ProviderName;
}
SaveProviders();
}
static string AppendDateTimeToFileName(string originalFileName)
{
// Get the current date and time
DateTime currentTime = DateTime.Now;
// Format the date and time as a string
string formattedDateTime = currentTime.ToString("yyyyMMddHHmmss");
// Get the file extension from the original filename (if any)
string fileExtension = System.IO.Path.GetExtension(originalFileName);
// Remove the file extension from the original filename
string fileNameWithoutExtension = System.IO.Path.GetFileNameWithoutExtension(originalFileName);
// Append the formatted date and time to the filename
string newFileName = $"{formattedDateTime}_{fileNameWithoutExtension}{fileExtension}";
return newFileName;
}
public void Start()
{
int providerID = kduSettingsJson.DefaultProvider;
if (providerID != -1)
{
if (providers[providerID].ProviderName.Contains("[NON WORKING]"))
{
return;
}
string fileName = $"KsDumper11Driver_ProviderID_{providerID}.log";
fileName = AppendDateTimeToFileName(fileName);
string logPath = logFolder + "\\" + fileName;
if (!Directory.Exists(logFolder))
{
Directory.CreateDirectory(logFolder);
}
ProcessStartInfo inf = new ProcessStartInfo(KduPath)
{
Arguments = $"-prv {providerID} -map .\\Driver\\KsDumperDriver.sys",
CreateNoWindow = true,
UseShellExecute = false,
WorkingDirectory = Environment.CurrentDirectory,
RedirectStandardOutput = true
};
Process proc = Process.Start(inf);
proc.Exited += Proc_Exited;
proc.EnableRaisingEvents = true;
proc.WaitForExit(12500);
string output = proc.StandardOutput.ReadToEnd();
File.WriteAllText(logPath, output);
}
else
{
// alert the user to the fact they probaly need to clear the settings jsons
}
}
public void tryLoad(int providerID)
{
if (providers[providerID].ProviderName.Contains("[WORKING]") || providers[providerID].ProviderName.Contains("[NON WORKING]"))
{
return;
}
crashMon.CheckingProvider = providerID;
Task.Run(() =>
{
runChecker(providerID);
string fileName = $"KsDumper11Driver_ProviderID_{providerID}.log";
fileName = AppendDateTimeToFileName(fileName);
string logPath = logFolder + "\\" + fileName;
if (!Directory.Exists(logFolder))
{
Directory.CreateDirectory(logFolder);
}
ProcessStartInfo inf = new ProcessStartInfo(KduPath)
{
Arguments = $"-prv {providerID} -map .\\Driver\\KsDumperDriver.sys",
CreateNoWindow = true,
UseShellExecute = false,
WorkingDirectory = Environment.CurrentDirectory,
RedirectStandardOutput = true
};
Process proc = Process.Start(inf);
proc.Exited += Proc_Exited;
proc.EnableRaisingEvents = true;
proc.WaitForExit(12500);
string output = proc.StandardOutput.ReadToEnd();
File.WriteAllText(logPath, output);
});
}
private void Proc_Exited(object sender, EventArgs e)
{
if (checkerTask != null)
{
try
{
checkerTask.Cancel();
}
catch { }
}
ProcessStartInfo inf = new ProcessStartInfo("cmd.exe")
{
Arguments = "/c taskkill /IM \"kdu.exe\"",
CreateNoWindow = true,
UseShellExecute = false,
};
Process proc = Process.Start(inf);
proc.WaitForExit(12500);
inf = new ProcessStartInfo("cmd")
{
Arguments = " /c \"taskkill /im kdu.exe\"",
CreateNoWindow = true,
UseShellExecute = false,
};
proc = Process.Start(inf);
if (!proc.WaitForExit(12500))
{
proc.Kill();
}
}
}
}

21
KsDumper11/Driver/DriverInterface.cs → DriverInterface/KsDumperDriverInterface.cs
View File

@ -5,34 +5,30 @@ using KsDumper11.Utility;
namespace KsDumper11.Driver
{
// Token: 0x02000014 RID: 20
public class DriverInterface
public class KsDumperDriverInterface
{
public static DriverInterface OpenKsDumperDriver()
public static KsDumperDriverInterface OpenKsDumperDriver()
{
return new DriverInterface("\\\\.\\KsDumper");
return new KsDumperDriverInterface("\\\\.\\KsDumper");
}
public static bool IsDriverOpen(string registryPath)
public static bool IsDriverOpen(string driverPath)
{
IntPtr handle = WinApi.CreateFileA(registryPath, FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, (FileAttributes)0, IntPtr.Zero);
IntPtr handle = WinApi.CreateFileA(driverPath, FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, (FileAttributes)0, IntPtr.Zero);
bool result = handle != WinApi.INVALID_HANDLE_VALUE;
WinApi.CloseHandle(handle);
return result;
}
// Token: 0x060000D9 RID: 217 RVA: 0x00005D59 File Offset: 0x00003F59
public DriverInterface(string registryPath)
public KsDumperDriverInterface(string registryPath)
{
this.driverHandle = WinApi.CreateFileA(registryPath, FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, (FileAttributes)0, IntPtr.Zero);
}
// Token: 0x060000DA RID: 218 RVA: 0x00005D80 File Offset: 0x00003F80
public bool HasValidHandle()
{
return this.driverHandle != WinApi.INVALID_HANDLE_VALUE;
}
// Token: 0x060000DB RID: 219 RVA: 0x00005DA4 File Offset: 0x00003FA4
public bool GetProcessSummaryList(out ProcessSummary[] result)
{
result = new ProcessSummary[0];
@ -77,7 +73,6 @@ namespace KsDumper11.Driver
return false;
}
// Token: 0x060000DC RID: 220 RVA: 0x00005EF4 File Offset: 0x000040F4
private int GetProcessListRequiredBufferSize()
{
IntPtr operationPointer = MarshalUtility.AllocEmptyStruct<Operations.KERNEL_PROCESS_LIST_OPERATION>();
@ -95,7 +90,6 @@ namespace KsDumper11.Driver
return 0;
}
// Token: 0x060000DD RID: 221 RVA: 0x00005F68 File Offset: 0x00004168
public bool CopyVirtualMemory(int targetProcessId, IntPtr targetAddress, IntPtr bufferAddress, int bufferSize)
{
bool flag = this.driverHandle != WinApi.INVALID_HANDLE_VALUE;
@ -132,7 +126,6 @@ namespace KsDumper11.Driver
return false;
}
// Token: 0x04000075 RID: 117
private readonly IntPtr driverHandle;
public void Dispose()
@ -147,7 +140,7 @@ namespace KsDumper11.Driver
}
}
~DriverInterface()
~KsDumperDriverInterface()
{
try
{

0
KsDumper11/Driver/Operations.cs → DriverInterface/Operations.cs
View File

0
KsDumper11/PE/32/PE32File.cs → DriverInterface/PE/32/PE32File.cs
View File

0
KsDumper11/PE/32/PE32Header.cs → DriverInterface/PE/32/PE32Header.cs
View File

0
KsDumper11/PE/64/PE64File.cs → DriverInterface/PE/64/PE64File.cs
View File

0
KsDumper11/PE/64/PE64Header.cs → DriverInterface/PE/64/PE64Header.cs
View File

0
KsDumper11/PE/DOSHeader.cs → DriverInterface/PE/DOSHeader.cs
View File

0
KsDumper11/PE/NativePEStructs.cs → DriverInterface/PE/NativePEStructs.cs
View File

0
KsDumper11/PE/PEFile.cs → DriverInterface/PE/PEFile.cs
View File

0
KsDumper11/PE/PESection.cs → DriverInterface/PE/PESection.cs
View File

299
DriverInterface/ProcessDumper.cs Normal file
View File

@ -0,0 +1,299 @@
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using KsDumper11.Driver;
using KsDumper11.PE;
using KsDumper11.Utility;
namespace KsDumper11
{
// Token: 0x02000003 RID: 3
public class ProcessDumper
{
// Token: 0x0600002E RID: 46 RVA: 0x000038AD File Offset: 0x00001AAD
public ProcessDumper(KsDumperDriverInterface kernelDriver)
{
this.kernelDriver = kernelDriver;
}
// Token: 0x0600002F RID: 47 RVA: 0x000038C0 File Offset: 0x00001AC0
private static bool IsWin64Emulator(Process process)
{
bool flag = Environment.OSVersion.Version.Major > 5 || (Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 1);
bool retVal;
return flag && (ProcessDumper.NativeMethods.IsWow64Process(process.Handle, out retVal) && retVal);
}
// Token: 0x06000030 RID: 48 RVA: 0x0000392C File Offset: 0x00001B2C
public bool DumpProcess(Process processSummary, out PEFile outputFile)
{
IntPtr basePointer = processSummary.MainModule.BaseAddress;
NativePEStructs.IMAGE_DOS_HEADER dosHeader = this.ReadProcessStruct<NativePEStructs.IMAGE_DOS_HEADER>(processSummary.Id, basePointer);
outputFile = null;
Logger.SkipLine();
Logger.Log("Targeting Process: {0} ({1})", new object[] { processSummary.ProcessName, processSummary.Id });
bool isValid = dosHeader.IsValid;
if (isValid)
{
IntPtr peHeaderPointer = basePointer + dosHeader.e_lfanew;
Logger.Log("PE Header Found: 0x{0:x8}", new object[] { peHeaderPointer.ToInt64() });
IntPtr dosStubPointer = basePointer + Marshal.SizeOf<NativePEStructs.IMAGE_DOS_HEADER>();
byte[] dosStub = this.ReadProcessBytes(processSummary.Id, dosStubPointer, dosHeader.e_lfanew - Marshal.SizeOf<NativePEStructs.IMAGE_DOS_HEADER>());
bool flag = !ProcessDumper.IsWin64Emulator(processSummary);
PEFile peFile;
if (flag)
{
peFile = this.Dump64BitPE(processSummary.Id, dosHeader, dosStub, peHeaderPointer);
}
else
{
peFile = this.Dump32BitPE(processSummary.Id, dosHeader, dosStub, peHeaderPointer);
}
bool flag2 = peFile != null;
if (flag2)
{
IntPtr sectionHeaderPointer = peHeaderPointer + peFile.GetFirstSectionHeaderOffset();
Logger.Log("Header is valid ({0}) !", new object[] { peFile.Type });
Logger.Log("Parsing {0} Sections...", new object[] { peFile.Sections.Length });
for (int i = 0; i < peFile.Sections.Length; i++)
{
NativePEStructs.IMAGE_SECTION_HEADER sectionHeader = this.ReadProcessStruct<NativePEStructs.IMAGE_SECTION_HEADER>(processSummary.Id, sectionHeaderPointer);
peFile.Sections[i] = new PESection
{
Header = PESection.PESectionHeader.FromNativeStruct(sectionHeader),
InitialSize = (int)sectionHeader.VirtualSize
};
this.ReadSectionContent(processSummary.Id, new IntPtr(basePointer.ToInt64() + (long)((ulong)sectionHeader.VirtualAddress)), peFile.Sections[i]);
sectionHeaderPointer += Marshal.SizeOf<NativePEStructs.IMAGE_SECTION_HEADER>();
}
Logger.Log("Aligning Sections...", Array.Empty<object>());
peFile.AlignSectionHeaders();
Logger.Log("Fixing PE Header...", Array.Empty<object>());
peFile.FixPEHeader();
Logger.Log("Dump Completed !", Array.Empty<object>());
outputFile = peFile;
return true;
}
Logger.Log("Bad PE Header !", Array.Empty<object>());
}
return false;
}
// Token: 0x06000031 RID: 49 RVA: 0x00003B80 File Offset: 0x00001D80
public bool DumpProcess(ProcessSummary processSummary, out PEFile outputFile)
{
IntPtr basePointer = (IntPtr)((long)processSummary.MainModuleBase);
NativePEStructs.IMAGE_DOS_HEADER dosHeader = this.ReadProcessStruct<NativePEStructs.IMAGE_DOS_HEADER>(processSummary.ProcessId, basePointer);
outputFile = null;
Logger.SkipLine();
Logger.Log("Targeting Process: {0} ({1})", new object[] { processSummary.ProcessName, processSummary.ProcessId });
bool isValid = dosHeader.IsValid;
if (isValid)
{
IntPtr peHeaderPointer = basePointer + dosHeader.e_lfanew;
Logger.Log("PE Header Found: 0x{0:x8}", new object[] { peHeaderPointer.ToInt64() });
IntPtr dosStubPointer = basePointer + Marshal.SizeOf<NativePEStructs.IMAGE_DOS_HEADER>();
byte[] dosStub = this.ReadProcessBytes(processSummary.ProcessId, dosStubPointer, dosHeader.e_lfanew - Marshal.SizeOf<NativePEStructs.IMAGE_DOS_HEADER>());
bool flag = !processSummary.IsWOW64;
PEFile peFile;
if (flag)
{
peFile = this.Dump64BitPE(processSummary.ProcessId, dosHeader, dosStub, peHeaderPointer);
}
else
{
peFile = this.Dump32BitPE(processSummary.ProcessId, dosHeader, dosStub, peHeaderPointer);
}
bool flag2 = peFile != null;
if (flag2)
{
IntPtr sectionHeaderPointer = peHeaderPointer + peFile.GetFirstSectionHeaderOffset();
Logger.Log("Header is valid ({0}) !", new object[] { peFile.Type });
Logger.Log("Parsing {0} Sections...", new object[] { peFile.Sections.Length });
for (int i = 0; i < peFile.Sections.Length; i++)
{
NativePEStructs.IMAGE_SECTION_HEADER sectionHeader = this.ReadProcessStruct<NativePEStructs.IMAGE_SECTION_HEADER>(processSummary.ProcessId, sectionHeaderPointer);
peFile.Sections[i] = new PESection
{
Header = PESection.PESectionHeader.FromNativeStruct(sectionHeader),
InitialSize = (int)sectionHeader.VirtualSize
};
this.ReadSectionContent(processSummary.ProcessId, new IntPtr(basePointer.ToInt64() + (long)((ulong)sectionHeader.VirtualAddress)), peFile.Sections[i]);
sectionHeaderPointer += Marshal.SizeOf<NativePEStructs.IMAGE_SECTION_HEADER>();
}
Logger.Log("Aligning Sections...", Array.Empty<object>());
peFile.AlignSectionHeaders();
Logger.Log("Fixing PE Header...", Array.Empty<object>());
peFile.FixPEHeader();
Logger.Log("Dump Completed !", Array.Empty<object>());
outputFile = peFile;
return true;
}
Logger.Log("Bad PE Header !", Array.Empty<object>());
}
return false;
}
// Token: 0x06000032 RID: 50 RVA: 0x00003DD4 File Offset: 0x00001FD4
private PEFile Dump64BitPE(int processId, NativePEStructs.IMAGE_DOS_HEADER dosHeader, byte[] dosStub, IntPtr peHeaderPointer)
{
NativePEStructs.IMAGE_NT_HEADERS64 peHeader = this.ReadProcessStruct<NativePEStructs.IMAGE_NT_HEADERS64>(processId, peHeaderPointer);
bool isValid = peHeader.IsValid;
PEFile pefile;
if (isValid)
{
pefile = new PE64File(dosHeader, peHeader, dosStub);
}
else
{
pefile = null;
}
return pefile;
}
// Token: 0x06000033 RID: 51 RVA: 0x00003E08 File Offset: 0x00002008
private PEFile Dump32BitPE(int processId, NativePEStructs.IMAGE_DOS_HEADER dosHeader, byte[] dosStub, IntPtr peHeaderPointer)
{
NativePEStructs.IMAGE_NT_HEADERS32 peHeader = this.ReadProcessStruct<NativePEStructs.IMAGE_NT_HEADERS32>(processId, peHeaderPointer);
bool isValid = peHeader.IsValid;
PEFile pefile;
if (isValid)
{
pefile = new PE32File(dosHeader, peHeader, dosStub);
}
else
{
pefile = null;
}
return pefile;
}
// Token: 0x06000034 RID: 52 RVA: 0x00003E3C File Offset: 0x0000203C
private T ReadProcessStruct<T>(int processId, IntPtr address) where T : struct
{
IntPtr buffer = MarshalUtility.AllocEmptyStruct<T>();
bool flag = this.kernelDriver.CopyVirtualMemory(processId, address, buffer, Marshal.SizeOf<T>());
T t;
if (flag)
{
t = MarshalUtility.GetStructFromMemory<T>(buffer, true);
}
else
{
t = default(T);
}
return t;
}
// Token: 0x06000035 RID: 53 RVA: 0x00003E80 File Offset: 0x00002080
private bool ReadSectionContent(int processId, IntPtr sectionPointer, PESection section)
{
int readSize = section.InitialSize;
bool flag = sectionPointer == IntPtr.Zero || readSize == 0;
bool flag2;
if (flag)
{
flag2 = true;
}
else
{
bool flag3 = readSize <= 100;
if (flag3)
{
section.DataSize = readSize;
section.Content = this.ReadProcessBytes(processId, sectionPointer, readSize);
flag2 = true;
}
else
{
this.CalculateRealSectionSize(processId, sectionPointer, section);
bool flag4 = section.DataSize != 0;
if (flag4)
{
section.Content = this.ReadProcessBytes(processId, sectionPointer, section.DataSize);
flag2 = true;
}
else
{
flag2 = false;
}
}
}
return flag2;
}
// Token: 0x06000036 RID: 54 RVA: 0x00003F18 File Offset: 0x00002118
private byte[] ReadProcessBytes(int processId, IntPtr address, int size)
{
IntPtr unmanagedBytePointer = MarshalUtility.AllocZeroFilled(size);
this.kernelDriver.CopyVirtualMemory(processId, address, unmanagedBytePointer, size);
byte[] buffer = new byte[size];
Marshal.Copy(unmanagedBytePointer, buffer, 0, size);
Marshal.FreeHGlobal(unmanagedBytePointer);
return buffer;
}
// Token: 0x06000037 RID: 55 RVA: 0x00003F5C File Offset: 0x0000215C
private void CalculateRealSectionSize(int processId, IntPtr sectionPointer, PESection section)
{
int readSize = section.InitialSize;
int currentReadSize = readSize % 100;
bool flag = currentReadSize == 0;
if (flag)
{
currentReadSize = 100;
}
IntPtr currentOffset = sectionPointer + readSize - currentReadSize;
while (currentOffset.ToInt64() >= sectionPointer.ToInt64())
{
byte[] buffer = this.ReadProcessBytes(processId, currentOffset, currentReadSize);
int codeByteCount = this.GetInstructionByteCount(buffer);
bool flag2 = codeByteCount != 0;
if (flag2)
{
currentOffset += codeByteCount;
bool flag3 = sectionPointer.ToInt64() < currentOffset.ToInt64();
if (flag3)
{
section.DataSize = (int)(currentOffset.ToInt64() - sectionPointer.ToInt64());
section.DataSize += 4;
bool flag4 = section.InitialSize < section.DataSize;
if (flag4)
{
section.DataSize = section.InitialSize;
}
}
break;
}
currentReadSize = 100;
currentOffset -= currentReadSize;
}
}
// Token: 0x06000038 RID: 56 RVA: 0x0000404C File Offset: 0x0000224C
private int GetInstructionByteCount(byte[] dataBlock)
{
for (int i = dataBlock.Length - 1; i >= 0; i--)
{
bool flag = dataBlock[i] > 0;
if (flag)
{
return i + 1;
}
}
return 0;
}
// Token: 0x0400002B RID: 43
private KsDumperDriverInterface kernelDriver;
// Token: 0x02000023 RID: 35
internal static class NativeMethods
{
// Token: 0x060000EF RID: 239
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool IsWow64Process([In] IntPtr process, out bool wow64Process);
}
}
}

113
DriverInterface/ProcessSummary.cs Normal file
View File

@ -0,0 +1,113 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.CompilerServices;
using System.Text;
using KsDumper11.Driver;
using KsDumper11.Utility;
namespace KsDumper11
{
// Token: 0x02000004 RID: 4
public class ProcessSummary
{
// Token: 0x17000002 RID: 2
// (get) Token: 0x06000039 RID: 57 RVA: 0x00004089 File Offset: 0x00002289
// (set) Token: 0x0600003A RID: 58 RVA: 0x00004091 File Offset: 0x00002291
public int ProcessId { get; set; }
// Token: 0x17000003 RID: 3
// (get) Token: 0x0600003B RID: 59 RVA: 0x0000409A File Offset: 0x0000229A
// (set) Token: 0x0600003C RID: 60 RVA: 0x000040A2 File Offset: 0x000022A2
public string ProcessName { get; set; }
// Token: 0x17000004 RID: 4
// (get) Token: 0x0600003D RID: 61 RVA: 0x000040AB File Offset: 0x000022AB
// (set) Token: 0x0600003E RID: 62 RVA: 0x000040B3 File Offset: 0x000022B3
public ulong MainModuleBase { get; set; }
// Token: 0x17000005 RID: 5
// (get) Token: 0x0600003F RID: 63 RVA: 0x000040BC File Offset: 0x000022BC
// (set) Token: 0x06000040 RID: 64 RVA: 0x000040C4 File Offset: 0x000022C4
public string MainModuleFileName { get; set; }
// Token: 0x17000006 RID: 6
// (get) Token: 0x06000041 RID: 65 RVA: 0x000040CD File Offset: 0x000022CD
// (set) Token: 0x06000042 RID: 66 RVA: 0x000040D5 File Offset: 0x000022D5
public uint MainModuleImageSize { get; set; }
// Token: 0x17000007 RID: 7
// (get) Token: 0x06000043 RID: 67 RVA: 0x000040DE File Offset: 0x000022DE
// (set) Token: 0x06000044 RID: 68 RVA: 0x000040E6 File Offset: 0x000022E6
public ulong MainModuleEntryPoint { get; set; }
// Token: 0x17000008 RID: 8
// (get) Token: 0x06000045 RID: 69 RVA: 0x000040EF File Offset: 0x000022EF
// (set) Token: 0x06000046 RID: 70 RVA: 0x000040F7 File Offset: 0x000022F7
public bool IsWOW64 { get; set; }
// Token: 0x06000047 RID: 71 RVA: 0x00004100 File Offset: 0x00002300
public static ProcessSummary ProcessSummaryFromID(KsDumperDriverInterface driver, string processName)
{
ProcessSummary result = null;
ProcessSummary[] processes;
driver.GetProcessSummaryList(out processes);
bool flag = processes != null;
if (flag)
{
foreach (ProcessSummary process in processes)
{
bool flag2 = process.ProcessName.ToLower().Contains(processName.ToLower());
if (flag2)
{
Logger.Log(process.ProcessName + " " + processName, Array.Empty<object>());
return process;
}
}
}
return result;
}
// Token: 0x06000048 RID: 72 RVA: 0x0000418C File Offset: 0x0000238C
private ProcessSummary(int processId, ulong mainModuleBase, string mainModuleFileName, uint mainModuleImageSize, ulong mainModuleEntryPoint, bool isWOW64)
{
this.ProcessId = processId;
this.MainModuleBase = mainModuleBase;
this.MainModuleFileName = this.FixFileName(mainModuleFileName);
this.MainModuleImageSize = mainModuleImageSize;
this.MainModuleEntryPoint = mainModuleEntryPoint;
this.ProcessName = Path.GetFileName(this.MainModuleFileName);
this.IsWOW64 = isWOW64;
}
// Token: 0x06000049 RID: 73 RVA: 0x000041EC File Offset: 0x000023EC
private string FixFileName(string fileName)
{
bool flag = fileName.StartsWith("\\");
string text;
if (flag)
{
text = fileName;
}
else
{
StringBuilder sb = new StringBuilder(256);
int length = WinApi.GetLongPathName(fileName, sb, sb.Capacity);
bool flag2 = length > sb.Capacity;
if (flag2)
{
sb.Capacity = length;
length = WinApi.GetLongPathName(fileName, sb, sb.Capacity);
}
text = sb.ToString();
}
return text;
}
// Token: 0x0600004A RID: 74 RVA: 0x00004258 File Offset: 0x00002458
public static ProcessSummary FromStream(BinaryReader reader)
{
return new ProcessSummary(reader.ReadInt32(), reader.ReadUInt64(), Encoding.Unicode.GetString(reader.ReadBytes(512)).Split(new char[1])[0], reader.ReadUInt32(), reader.ReadUInt64(), reader.ReadBoolean());
}
}
}

36
DriverInterface/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DriverInterface")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("DriverInterface")]
[assembly: AssemblyCopyright("Copyright © 2023")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("6f8b2a35-060d-4eb1-a6ba-a3057179304b")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

103
DriverInterface/Properties/Resources.Designer.cs generated Normal file
View File

@ -0,0 +1,103 @@
//------------------------------------------------------------------------------
// <auto-generated>
// This code was generated by a tool.
// Runtime Version:4.0.30319.42000
//
// Changes to this file may cause incorrect behavior and will be lost if
// the code is regenerated.
// </auto-generated>
//------------------------------------------------------------------------------
namespace DriverInterface.Properties {
using System;
/// <summary>
/// A strongly-typed resource class, for looking up localized strings, etc.
/// </summary>
// This class was auto-generated by the StronglyTypedResourceBuilder
// class via a tool like ResGen or Visual Studio.
// To add or remove a member, edit your .ResX file then rerun ResGen
// with the /str option, or rebuild your VS project.
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")]
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
internal class Resources {
private static global::System.Resources.ResourceManager resourceMan;
private static global::System.Globalization.CultureInfo resourceCulture;
[global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
internal Resources() {
}
/// <summary>
/// Returns the cached ResourceManager instance used by this class.
/// </summary>
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
internal static global::System.Resources.ResourceManager ResourceManager {
get {
if (object.ReferenceEquals(resourceMan, null)) {
global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("DriverInterface.Properties.Resources", typeof(Resources).Assembly);
resourceMan = temp;
}
return resourceMan;
}
}
/// <summary>
/// Overrides the current thread's CurrentUICulture property for all
/// resource lookups using this strongly typed resource class.
/// </summary>
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
internal static global::System.Globalization.CultureInfo Culture {
get {
return resourceCulture;
}
set {
resourceCulture = value;
}
}
/// <summary>
/// Looks up a localized resource of type System.Byte[].
/// </summary>
internal static byte[] drv64 {
get {
object obj = ResourceManager.GetObject("drv64", resourceCulture);
return ((byte[])(obj));
}
}
/// <summary>
/// Looks up a localized resource of type System.Byte[].
/// </summary>
internal static byte[] kdu {
get {
object obj = ResourceManager.GetObject("kdu", resourceCulture);
return ((byte[])(obj));
}
}
/// <summary>
/// Looks up a localized resource of type System.Byte[].
/// </summary>
internal static byte[] KsDumperDriver {
get {
object obj = ResourceManager.GetObject("KsDumperDriver", resourceCulture);
return ((byte[])(obj));
}
}
/// <summary>
/// Looks up a localized resource of type System.Byte[].
/// </summary>
internal static byte[] Taigei64 {
get {
object obj = ResourceManager.GetObject("Taigei64", resourceCulture);
return ((byte[])(obj));
}
}
}
}

13
KsDumper11/SplashForm.resx → DriverInterface/Properties/Resources.resx
View File

@ -117,4 +117,17 @@
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<data name="drv64" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Driver\drv64.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
<data name="kdu" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Driver\kdu.exe;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
<data name="KsDumperDriver" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Driver\KsDumperDriver.sys;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
<data name="Taigei64" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Driver\Taigei64.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
</root>

0
KsDumper11/Utility/Logger.cs → DriverInterface/Utility/Logger.cs
View File

0
KsDumper11/Utility/MarshalUtility.cs → DriverInterface/Utility/MarshalUtility.cs
View File

0
KsDumper11/Utility/ProcessListView.cs → DriverInterface/Utility/ProcessListView.cs
View File

0
KsDumper11/Utility/WinApi.cs → DriverInterface/Utility/WinApi.cs
View File

4
DriverInterface/packages.config Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Newtonsoft.Json" version="13.0.3" targetFramework="net48" />
</packages>

40
KsDumper11.sln
View File

@ -12,11 +12,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
README.md = README.md
EndProjectSection
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DriverChecker", "DriverChecker\DriverChecker.csproj", "{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KsDumperDriver", "KsDumperDriver\KsDumperDriver.vcxproj", "{8EADAB93-F111-43AF-9E10-2376AE515491}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DumpTest", "DumpTest\DumpTest.csproj", "{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}"
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DriverInterface", "DriverInterface\DriverInterface.csproj", "{6F8B2A35-060D-4EB1-A6BA-A3057179304B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@ -52,18 +50,6 @@ Global
{66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|x64.Build.0 = Release|x64
{66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|x86.ActiveCfg = Release|Any CPU
{66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|x86.Build.0 = Release|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Debug|x64.ActiveCfg = Debug|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Debug|x64.Build.0 = Debug|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Debug|x86.ActiveCfg = Debug|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Debug|x86.Build.0 = Debug|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Release|Any CPU.Build.0 = Release|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Release|x64.ActiveCfg = Release|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Release|x64.Build.0 = Release|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Release|x86.ActiveCfg = Release|Any CPU
{0E2A2FA3-6443-49F7-9DD6-E66291C68D7F}.Release|x86.Build.0 = Release|Any CPU
{8EADAB93-F111-43AF-9E10-2376AE515491}.Debug|Any CPU.ActiveCfg = Debug|x64
{8EADAB93-F111-43AF-9E10-2376AE515491}.Debug|Any CPU.Build.0 = Debug|x64
{8EADAB93-F111-43AF-9E10-2376AE515491}.Debug|x64.ActiveCfg = Debug|x64
@ -76,18 +62,18 @@ Global
{8EADAB93-F111-43AF-9E10-2376AE515491}.Release|x64.Build.0 = Release|x64
{8EADAB93-F111-43AF-9E10-2376AE515491}.Release|x86.ActiveCfg = Release|x64
{8EADAB93-F111-43AF-9E10-2376AE515491}.Release|x86.Build.0 = Release|x64
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Debug|x64.ActiveCfg = Debug|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Debug|x64.Build.0 = Debug|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Debug|x86.ActiveCfg = Debug|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Debug|x86.Build.0 = Debug|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Release|Any CPU.Build.0 = Release|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Release|x64.ActiveCfg = Release|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Release|x64.Build.0 = Release|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Release|x86.ActiveCfg = Release|Any CPU
{DEB68CB2-27B4-41EC-8DE9-3A7EAADEE83B}.Release|x86.Build.0 = Release|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Debug|x64.ActiveCfg = Debug|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Debug|x64.Build.0 = Debug|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Debug|x86.ActiveCfg = Debug|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Debug|x86.Build.0 = Debug|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Release|Any CPU.Build.0 = Release|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Release|x64.ActiveCfg = Release|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Release|x64.Build.0 = Release|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Release|x86.ActiveCfg = Release|Any CPU
{6F8B2A35-060D-4EB1-A6BA-A3057179304B}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE

BIN
KsDumper11/Driver/Taigei64.dll
View File

Binary file not shown.

BIN
KsDumper11/Driver/drv64.dll
View File

Binary file not shown.

BIN
KsDumper11/Driver/kdu.exe
View File

Binary file not shown.

21
KsDumper11/Dumper.Designer.cs generated
View File

@ -46,6 +46,7 @@
this.ImageTypeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.debuggerTrigger = new KsDumper11.Trigger();
this.trigger1 = new KsDumper11.Trigger();
this.providerBtn = new DarkControls.Controls.DarkButton();
this.groupBox1.SuspendLayout();
this.contextMenuStrip1.SuspendLayout();
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).BeginInit();
@ -202,7 +203,7 @@
this.hideSystemProcessBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.hideSystemProcessBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.hideSystemProcessBtn.ForeColor = System.Drawing.Color.Silver;
this.hideSystemProcessBtn.Location = new System.Drawing.Point(862, 49);
this.hideSystemProcessBtn.Location = new System.Drawing.Point(750, 49);
this.hideSystemProcessBtn.Name = "hideSystemProcessBtn";
this.hideSystemProcessBtn.Size = new System.Drawing.Size(137, 23);
this.hideSystemProcessBtn.TabIndex = 12;
@ -218,7 +219,7 @@
this.closeDriverOnExitBox.CheckColor = System.Drawing.Color.CornflowerBlue;
this.closeDriverOnExitBox.FlatAppearance.BorderSize = 0;
this.closeDriverOnExitBox.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.closeDriverOnExitBox.Location = new System.Drawing.Point(723, 49);
this.closeDriverOnExitBox.Location = new System.Drawing.Point(611, 49);
this.closeDriverOnExitBox.Name = "closeDriverOnExitBox";
this.closeDriverOnExitBox.Size = new System.Drawing.Size(133, 23);
this.closeDriverOnExitBox.TabIndex = 13;
@ -230,6 +231,7 @@
// appIcon1
//
this.appIcon1.AppIconImage = global::KsDumper11.Properties.Resources.icons8_crossed_axes_100;
this.appIcon1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.appIcon1.DragForm = this;
this.appIcon1.Image = ((System.Drawing.Image)(resources.GetObject("appIcon1.Image")));
this.appIcon1.Location = new System.Drawing.Point(5, 4);
@ -318,12 +320,26 @@
this.trigger1.TabIndex = 16;
this.trigger1.Load += new System.EventHandler(this.trigger1_Load);
//
// providerBtn
//
this.providerBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.providerBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.providerBtn.ForeColor = System.Drawing.Color.Silver;
this.providerBtn.Location = new System.Drawing.Point(893, 49);
this.providerBtn.Name = "providerBtn";
this.providerBtn.Size = new System.Drawing.Size(106, 23);
this.providerBtn.TabIndex = 17;
this.providerBtn.Text = "Provider Selector";
this.providerBtn.UseVisualStyleBackColor = true;
this.providerBtn.Click += new System.EventHandler(this.providerBtn_Click);
//
// Dumper
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(1009, 746);
this.Controls.Add(this.providerBtn);
this.Controls.Add(this.trigger1);
this.Controls.Add(this.debuggerTrigger);
this.Controls.Add(this.closeDriverOnExitBox);
@ -428,5 +444,6 @@
private DarkControls.Controls.DarkCheckBox closeDriverOnExitBox;
private Trigger debuggerTrigger;
private Trigger trigger1;
private DarkControls.Controls.DarkButton providerBtn;
}
}

18
KsDumper11/Dumper.cs
View File

@ -118,7 +118,7 @@ namespace KsDumper11
}
this.processList.HeaderStyle = ColumnHeaderStyle.Clickable;
this.processList.ColumnWidthChanging += this.processList_ColumnWidthChanging;
this.driver = new DriverInterface("\\\\.\\KsDumper");
this.driver = new KsDumperDriverInterface("\\\\.\\KsDumper");
this.dumper = new ProcessDumper(this.driver);
this.LoadProcessList();
@ -576,7 +576,7 @@ namespace KsDumper11
private const uint PROCESS_QUERY_INFORMATION = 1024U;
// Token: 0x0400000F RID: 15
private readonly DriverInterface driver;
private readonly KsDumperDriverInterface driver;
// Token: 0x04000010 RID: 16
private readonly ProcessDumper dumper;
@ -753,5 +753,19 @@ namespace KsDumper11
{
}
private void providerBtn_Click(object sender, EventArgs e)
{
KsDumperDriverInterface drv = KsDumperDriverInterface.OpenKsDumperDriver();
drv.UnloadDriver();
drv.Dispose();
ProviderSelector prov = new ProviderSelector();
prov.ShowDialog();
StartDriver.Start();
}
}
}

67
KsDumper11/KsDumper11.csproj
View File

@ -8,7 +8,7 @@
<OutputType>WinExe</OutputType>
<RootNamespace>KsDumper11</RootNamespace>
<AssemblyName>KsDumper11</AssemblyName>
<TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
<TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
<Deterministic>true</Deterministic>
@ -39,7 +39,7 @@
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
<DebugSymbols>true</DebugSymbols>
<OutputPath>..\..\..\..\..\..\VM Share\KsDumper VM\KsDumper v1.1\</OutputPath>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>TRACE;DEBUG;WIN64</DefineConstants>
<DebugType>full</DebugType>
<PlatformTarget>AnyCPU</PlatformTarget>
@ -49,7 +49,7 @@
<Prefer32Bit>true</Prefer32Bit>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|AnyCPU'">
<OutputPath>..\..\..\..\..\..\VM Share\KsDumper VM\KsDumper v1.1\</OutputPath>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE;WIN64</DefineConstants>
<Optimize>true</Optimize>
<DebugType>pdbonly</DebugType>
@ -85,6 +85,9 @@
<ApplicationIcon>Default.ico</ApplicationIcon>
</PropertyGroup>
<ItemGroup>
<Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
<HintPath>..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
@ -98,36 +101,25 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="ProviderSelector.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="ProviderSelector.Designer.cs">
<DependentUpon>ProviderSelector.cs</DependentUpon>
</Compile>
<Compile Include="StartDriver.cs" />
<Compile Include="TriggerForm.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="TriggerForm.Designer.cs">
<DependentUpon>TriggerForm.cs</DependentUpon>
</Compile>
<Compile Include="SplashForm.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="SplashForm.Designer.cs">
<DependentUpon>SplashForm.cs</DependentUpon>
</Compile>
<Compile Include="Driver\DriverInterface.cs" />
<Compile Include="Driver\Operations.cs" />
<Compile Include="Dumper.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="Dumper.Designer.cs">
<DependentUpon>Dumper.cs</DependentUpon>
</Compile>
<Compile Include="PE\32\PE32File.cs" />
<Compile Include="PE\32\PE32Header.cs" />
<Compile Include="PE\DOSHeader.cs" />
<Compile Include="PE\NativePEStructs.cs" />
<Compile Include="PE\64\PE64File.cs" />
<Compile Include="PE\64\PE64Header.cs" />
<Compile Include="PE\PEFile.cs" />
<Compile Include="ProcessDumper.cs" />
<Compile Include="PE\PESection.cs" />
<Compile Include="ProcessSummary.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Properties\Resources.Designer.cs">
@ -141,12 +133,9 @@
<Compile Include="Trigger.Designer.cs">
<DependentUpon>Trigger.cs</DependentUpon>
</Compile>
<Compile Include="Utility\WinApi.cs" />
<Compile Include="Utility\Logger.cs" />
<Compile Include="Utility\MarshalUtility.cs" />
<Compile Include="Utility\ProcessListView.cs">
<SubType>Component</SubType>
</Compile>
<EmbeddedResource Include="ProviderSelector.resx">
<DependentUpon>ProviderSelector.cs</DependentUpon>
</EmbeddedResource>
<EmbeddedResource Include="TriggerForm.resx">
<DependentUpon>TriggerForm.cs</DependentUpon>
</EmbeddedResource>
@ -157,19 +146,15 @@
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
</EmbeddedResource>
<EmbeddedResource Include="SplashForm.resx">
<DependentUpon>SplashForm.cs</DependentUpon>
</EmbeddedResource>
<EmbeddedResource Include="Trigger.resx">
<DependentUpon>Trigger.cs</DependentUpon>
</EmbeddedResource>
<None Include="app.manifest" />
<None Include="Driver\KsDumperDriver.sys">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Include="Driver\KsDumperDriver.sys" />
<None Include="Driver\ManualLoader.bat">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Include="packages.config" />
<None Include="Properties\Settings.settings">
<Generator>SettingsSingleFileGenerator</Generator>
<LastGenOutput>Settings.Designer.cs</LastGenOutput>
@ -185,15 +170,9 @@
</ItemGroup>
<ItemGroup>
<Content Include="Default.ico" />
<Content Include="Driver\drv64.dll">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="Driver\kdu.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="Driver\Taigei64.dll">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="Driver\drv64.dll" />
<Content Include="Driver\kdu.exe" />
<Content Include="Driver\Taigei64.dll" />
<None Include="icons8-crossed-axes-100.png" />
</ItemGroup>
<ItemGroup>
@ -201,6 +180,10 @@
<Project>{66c94acb-63c7-42a3-9d83-a3801ced4f1c}</Project>
<Name>DarkControls</Name>
</ProjectReference>
<ProjectReference Include="..\DriverInterface\DriverInterface.csproj">
<Project>{6f8b2a35-060d-4eb1-a6ba-a3057179304b}</Project>
<Name>DriverInterface</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

92
KsDumper11/Program.cs
View File

@ -7,81 +7,49 @@ using KsDumper11.Driver;
namespace KsDumper11
{
// Token: 0x02000005 RID: 5
internal static class Program
public class Program
{
// Token: 0x0600004B RID: 75 RVA: 0x000042AF File Offset: 0x000024AF
[STAThread]
private static void Main()
{
{
KduSelfExtract.DisableDriverBlockList();
KduSelfExtract.Extract();
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
bool driverOpen = DriverInterface.IsDriverOpen("\\\\.\\KsDumper");
bool driverOpen = KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper");
//Debugger.Break();
if (!driverOpen)
{
Application.Run(new SplashForm());
Application.Run(new Dumper());
if (!File.Exists(KduSelfExtract.AssemblyDirectory + @"\\Providers.json"))
{
// Run the selector here to populate the providers and set a default provider.
Application.Run(new ProviderSelector());
Application.Run(new Dumper());
}
else
{
KduWrapper wr = new KduWrapper(KduSelfExtract.AssemblyDirectory + @"\Driver\kdu.exe");
wr.LoadProviders();
wr.Start();
if (KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
Application.Run(new Dumper());
}
else
{
Environment.Exit(0);
}
}
}
else
{
Application.Run(new Dumper());
}
}
// Token: 0x0600004C RID: 76 RVA: 0x000042D0 File Offset: 0x000024D0
private static void StartDriver()
{
string logPath = Environment.CurrentDirectory + "\\driverLoading.log";
bool flag = !File.Exists(logPath);
FileStream outputStream;
if (flag)
{
outputStream = File.Create(logPath);
}
else
{
outputStream = File.OpenWrite(logPath);
}
StreamWriter wr = new StreamWriter(outputStream);
bool driverOpen = DriverInterface.IsDriverOpen("\\\\.\\KsDumper");
if (!driverOpen)
{
ProcessStartInfo inf = new ProcessStartInfo(Environment.CurrentDirectory + "\\Driver\\kdu.exe", " -prv 1 -map .\\Driver\\KsDumperDriver.sys")
{
CreateNoWindow = true,
UseShellExecute = false,
//RedirectStandardOutput = true,
//RedirectStandardError = true
};
Process proc = Process.Start(inf);
proc.OutputDataReceived += delegate(object sender, DataReceivedEventArgs e)
{
if (!string.IsNullOrEmpty(e.Data))
{
wr.WriteLine(e.Data);
}
};
proc.ErrorDataReceived += delegate(object sender, DataReceivedEventArgs e)
{
if (!string.IsNullOrEmpty(e.Data))
{
wr.WriteLine(e.Data);
}
};
proc.WaitForExit();
wr.Flush();
wr.Close();
outputStream.Close();
outputStream.Dispose();
driverOpen = DriverInterface.IsDriverOpen("\\\\.\\KsDumper");
if (!driverOpen)
{
MessageBox.Show("Error! Tried to start driver, and it failed to start!");
Environment.Exit(0);
}
}
}
}
}

2
KsDumper11/Properties/Settings.Designer.cs generated
View File

@ -12,7 +12,7 @@ namespace KsDumper11.Properties {
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "17.4.0.0")]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "17.7.0.0")]
internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));

413
KsDumper11/ProviderSelector.Designer.cs generated Normal file
View File

@ -0,0 +1,413 @@
namespace KsDumper11
{
partial class ProviderSelector
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(ProviderSelector));
this.transparentLabel1 = new DarkControls.Controls.TransparentLabel();
this.closeBtn = new DarkControls.Controls.WindowsDefaultTitleBarButton();
this.appIcon1 = new DarkControls.Controls.AppIcon();
this.providerList = new DarkControls.Controls.DarkListView();
this.provIdCol = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.provNameCol = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.providerExtraInfoBox = new DarkControls.Controls.DarkTextBox();
this.label1 = new System.Windows.Forms.Label();
this.driverNameBox = new DarkControls.Controls.DarkTextBox();
this.label2 = new System.Windows.Forms.Label();
this.label3 = new System.Windows.Forms.Label();
this.deviceNameBox = new DarkControls.Controls.DarkTextBox();
this.label4 = new System.Windows.Forms.Label();
this.signerNameBox = new DarkControls.Controls.DarkTextBox();
this.label5 = new System.Windows.Forms.Label();
this.minWinBuildBox = new DarkControls.Controls.DarkTextBox();
this.label6 = new System.Windows.Forms.Label();
this.maxWinBuildBox = new DarkControls.Controls.DarkTextBox();
this.driverWhqlSignedBox = new DarkControls.Controls.DarkCheckBox();
this.label7 = new System.Windows.Forms.Label();
this.shellcodeMaskBox = new DarkControls.Controls.DarkTextBox();
this.testProviderBtn = new DarkControls.Controls.DarkButton();
this.driverLoadedLbl = new System.Windows.Forms.Label();
this.driverLoadedLblTimer = new System.Windows.Forms.Timer(this.components);
this.setDefaultProviderBtn = new DarkControls.Controls.DarkButton();
this.label8 = new System.Windows.Forms.Label();
this.defaultProviderIDBox = new DarkControls.Controls.DarkTextBox();
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).BeginInit();
this.SuspendLayout();
//
// transparentLabel1
//
this.transparentLabel1.AutoSize = true;
this.transparentLabel1.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.transparentLabel1.Location = new System.Drawing.Point(32, 4);
this.transparentLabel1.Name = "transparentLabel1";
this.transparentLabel1.Size = new System.Drawing.Size(237, 20);
this.transparentLabel1.TabIndex = 8;
this.transparentLabel1.Text = "KsDumper 11 Provider Selection";
//
// closeBtn
//
this.closeBtn.ButtonType = DarkControls.Controls.WindowsDefaultTitleBarButton.Type.Close;
this.closeBtn.ClickColor = System.Drawing.Color.Red;
this.closeBtn.ClickIconColor = System.Drawing.Color.Black;
this.closeBtn.HoverColor = System.Drawing.Color.OrangeRed;
this.closeBtn.HoverIconColor = System.Drawing.Color.Black;
this.closeBtn.IconColor = System.Drawing.Color.Black;
this.closeBtn.IconLineThickness = 2;
this.closeBtn.Location = new System.Drawing.Point(773, 0);
this.closeBtn.Name = "closeBtn";
this.closeBtn.Size = new System.Drawing.Size(40, 40);
this.closeBtn.TabIndex = 7;
this.closeBtn.Text = "windowsDefaultTitleBarButton1";
this.closeBtn.UseVisualStyleBackColor = true;
//
// appIcon1
//
this.appIcon1.AppIconImage = ((System.Drawing.Image)(resources.GetObject("appIcon1.AppIconImage")));
this.appIcon1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.appIcon1.DragForm = null;
this.appIcon1.Image = ((System.Drawing.Image)(resources.GetObject("appIcon1.Image")));
this.appIcon1.Location = new System.Drawing.Point(0, 1);
this.appIcon1.Name = "appIcon1";
this.appIcon1.Scale = 3.5F;
this.appIcon1.Size = new System.Drawing.Size(28, 28);
this.appIcon1.TabIndex = 9;
this.appIcon1.TabStop = false;
//
// providerList
//
this.providerList.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.providerList.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.provIdCol,
this.provNameCol});
this.providerList.ForeColor = System.Drawing.Color.Silver;
this.providerList.FullRowSelect = true;
this.providerList.HideSelection = false;
this.providerList.Location = new System.Drawing.Point(0, 35);
this.providerList.Name = "providerList";
this.providerList.OwnerDraw = true;
this.providerList.Size = new System.Drawing.Size(400, 399);
this.providerList.TabIndex = 10;
this.providerList.UseCompatibleStateImageBehavior = false;
this.providerList.View = System.Windows.Forms.View.Details;
this.providerList.SelectedIndexChanged += new System.EventHandler(this.providerList_SelectedIndexChanged);
//
// provIdCol
//
this.provIdCol.Text = "ID";
//
// provNameCol
//
this.provNameCol.Text = "Provider Name";
this.provNameCol.Width = 396;
//
// providerExtraInfoBox
//
this.providerExtraInfoBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.providerExtraInfoBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.providerExtraInfoBox.ForeColor = System.Drawing.Color.Silver;
this.providerExtraInfoBox.Location = new System.Drawing.Point(406, 354);
this.providerExtraInfoBox.Multiline = true;
this.providerExtraInfoBox.Name = "providerExtraInfoBox";
this.providerExtraInfoBox.Size = new System.Drawing.Size(397, 80);
this.providerExtraInfoBox.TabIndex = 11;
//
// label1
//
this.label1.AutoSize = true;
this.label1.Location = new System.Drawing.Point(406, 338);
this.label1.Name = "label1";
this.label1.Size = new System.Drawing.Size(94, 13);
this.label1.TabIndex = 12;
this.label1.Text = "Provider Extra Info";
//
// driverNameBox
//
this.driverNameBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.driverNameBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.driverNameBox.ForeColor = System.Drawing.Color.Silver;
this.driverNameBox.Location = new System.Drawing.Point(409, 49);
this.driverNameBox.Name = "driverNameBox";
this.driverNameBox.Size = new System.Drawing.Size(394, 20);
this.driverNameBox.TabIndex = 13;
//
// label2
//
this.label2.AutoSize = true;
this.label2.Location = new System.Drawing.Point(406, 33);
this.label2.Name = "label2";
this.label2.Size = new System.Drawing.Size(66, 13);
this.label2.TabIndex = 14;
this.label2.Text = "Driver Name";
//
// label3
//
this.label3.AutoSize = true;
this.label3.Location = new System.Drawing.Point(406, 72);
this.label3.Name = "label3";
this.label3.Size = new System.Drawing.Size(72, 13);
this.label3.TabIndex = 16;
this.label3.Text = "Device Name";
//
// deviceNameBox
//
this.deviceNameBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.deviceNameBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.deviceNameBox.ForeColor = System.Drawing.Color.Silver;
this.deviceNameBox.Location = new System.Drawing.Point(409, 88);
this.deviceNameBox.Name = "deviceNameBox";
this.deviceNameBox.Size = new System.Drawing.Size(394, 20);
this.deviceNameBox.TabIndex = 15;
//
// label4
//
this.label4.AutoSize = true;
this.label4.Location = new System.Drawing.Point(406, 113);
this.label4.Name = "label4";
this.label4.Size = new System.Drawing.Size(68, 13);
this.label4.TabIndex = 18;
this.label4.Text = "Signer Name";
//
// signerNameBox
//
this.signerNameBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.signerNameBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.signerNameBox.ForeColor = System.Drawing.Color.Silver;
this.signerNameBox.Location = new System.Drawing.Point(409, 129);
this.signerNameBox.Name = "signerNameBox";
this.signerNameBox.Size = new System.Drawing.Size(394, 20);
this.signerNameBox.TabIndex = 17;
//
// label5
//
this.label5.AutoSize = true;
this.label5.Location = new System.Drawing.Point(406, 196);
this.label5.Name = "label5";
this.label5.Size = new System.Drawing.Size(120, 13);
this.label5.TabIndex = 22;
this.label5.Text = "Minimum Windows build";
//
// minWinBuildBox
//
this.minWinBuildBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.minWinBuildBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.minWinBuildBox.ForeColor = System.Drawing.Color.Silver;
this.minWinBuildBox.Location = new System.Drawing.Point(409, 212);
this.minWinBuildBox.Name = "minWinBuildBox";
this.minWinBuildBox.Size = new System.Drawing.Size(394, 20);
this.minWinBuildBox.TabIndex = 21;
//
// label6
//
this.label6.AutoSize = true;
this.label6.Location = new System.Drawing.Point(406, 155);
this.label6.Name = "label6";
this.label6.Size = new System.Drawing.Size(123, 13);
this.label6.TabIndex = 20;
this.label6.Text = "Maximum Windows build";
//
// maxWinBuildBox
//
this.maxWinBuildBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.maxWinBuildBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.maxWinBuildBox.ForeColor = System.Drawing.Color.Silver;
this.maxWinBuildBox.Location = new System.Drawing.Point(409, 171);
this.maxWinBuildBox.Name = "maxWinBuildBox";
this.maxWinBuildBox.Size = new System.Drawing.Size(394, 20);
this.maxWinBuildBox.TabIndex = 19;
//
// driverWhqlSignedBox
//
this.driverWhqlSignedBox.Appearance = System.Windows.Forms.Appearance.Button;
this.driverWhqlSignedBox.BoxBorderColor = System.Drawing.Color.DarkSlateBlue;
this.driverWhqlSignedBox.BoxFillColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.driverWhqlSignedBox.CheckColor = System.Drawing.Color.CornflowerBlue;
this.driverWhqlSignedBox.FlatAppearance.BorderSize = 0;
this.driverWhqlSignedBox.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.driverWhqlSignedBox.Location = new System.Drawing.Point(653, 324);
this.driverWhqlSignedBox.Name = "driverWhqlSignedBox";
this.driverWhqlSignedBox.Size = new System.Drawing.Size(150, 27);
this.driverWhqlSignedBox.TabIndex = 23;
this.driverWhqlSignedBox.Text = "Driver is WHQL Signed";
this.driverWhqlSignedBox.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
this.driverWhqlSignedBox.UseVisualStyleBackColor = true;
//
// label7
//
this.label7.AutoSize = true;
this.label7.Location = new System.Drawing.Point(406, 241);
this.label7.Name = "label7";
this.label7.Size = new System.Drawing.Size(120, 13);
this.label7.TabIndex = 25;
this.label7.Text = "Shellcode support mask";
//
// shellcodeMaskBox
//
this.shellcodeMaskBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.shellcodeMaskBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.shellcodeMaskBox.ForeColor = System.Drawing.Color.Silver;
this.shellcodeMaskBox.Location = new System.Drawing.Point(409, 257);
this.shellcodeMaskBox.Name = "shellcodeMaskBox";
this.shellcodeMaskBox.Size = new System.Drawing.Size(394, 20);
this.shellcodeMaskBox.TabIndex = 24;
//
// testProviderBtn
//
this.testProviderBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.testProviderBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.testProviderBtn.ForeColor = System.Drawing.Color.Silver;
this.testProviderBtn.Location = new System.Drawing.Point(0, 440);
this.testProviderBtn.Name = "testProviderBtn";
this.testProviderBtn.Size = new System.Drawing.Size(75, 23);
this.testProviderBtn.TabIndex = 26;
this.testProviderBtn.Text = "Test Driver";
this.testProviderBtn.UseVisualStyleBackColor = true;
this.testProviderBtn.Click += new System.EventHandler(this.testProviderBtn_Click);
//
// driverLoadedLbl
//
this.driverLoadedLbl.AutoSize = true;
this.driverLoadedLbl.Font = new System.Drawing.Font("Microsoft Sans Serif", 14F);
this.driverLoadedLbl.Location = new System.Drawing.Point(81, 440);
this.driverLoadedLbl.Name = "driverLoadedLbl";
this.driverLoadedLbl.Size = new System.Drawing.Size(133, 24);
this.driverLoadedLbl.TabIndex = 27;
this.driverLoadedLbl.Text = "Driver Loaded!";
this.driverLoadedLbl.Visible = false;
//
// driverLoadedLblTimer
//
this.driverLoadedLblTimer.Interval = 2500;
this.driverLoadedLblTimer.Tick += new System.EventHandler(this.driverLoadedLblTimer_Tick);
//
// setDefaultProviderBtn
//
this.setDefaultProviderBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.setDefaultProviderBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.setDefaultProviderBtn.ForeColor = System.Drawing.Color.Silver;
this.setDefaultProviderBtn.Location = new System.Drawing.Point(686, 443);
this.setDefaultProviderBtn.Name = "setDefaultProviderBtn";
this.setDefaultProviderBtn.Size = new System.Drawing.Size(117, 23);
this.setDefaultProviderBtn.TabIndex = 28;
this.setDefaultProviderBtn.Text = "Set Default Provider";
this.setDefaultProviderBtn.UseVisualStyleBackColor = true;
this.setDefaultProviderBtn.Click += new System.EventHandler(this.setDefaultProviderBtn_Click);
//
// label8
//
this.label8.AutoSize = true;
this.label8.Location = new System.Drawing.Point(406, 284);
this.label8.Name = "label8";
this.label8.Size = new System.Drawing.Size(97, 13);
this.label8.TabIndex = 29;
this.label8.Text = "Default Provider ID";
//
// defaultProviderIDBox
//
this.defaultProviderIDBox.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.defaultProviderIDBox.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
this.defaultProviderIDBox.ForeColor = System.Drawing.Color.Silver;
this.defaultProviderIDBox.Location = new System.Drawing.Point(409, 300);
this.defaultProviderIDBox.Name = "defaultProviderIDBox";
this.defaultProviderIDBox.Size = new System.Drawing.Size(394, 20);
this.defaultProviderIDBox.TabIndex = 30;
//
// Form1
//
this.AllowDrop = true;
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(813, 471);
this.Controls.Add(this.defaultProviderIDBox);
this.Controls.Add(this.label8);
this.Controls.Add(this.setDefaultProviderBtn);
this.Controls.Add(this.driverLoadedLbl);
this.Controls.Add(this.testProviderBtn);
this.Controls.Add(this.label7);
this.Controls.Add(this.shellcodeMaskBox);
this.Controls.Add(this.driverWhqlSignedBox);
this.Controls.Add(this.label5);
this.Controls.Add(this.minWinBuildBox);
this.Controls.Add(this.label6);
this.Controls.Add(this.maxWinBuildBox);
this.Controls.Add(this.label4);
this.Controls.Add(this.signerNameBox);
this.Controls.Add(this.label3);
this.Controls.Add(this.deviceNameBox);
this.Controls.Add(this.label2);
this.Controls.Add(this.driverNameBox);
this.Controls.Add(this.label1);
this.Controls.Add(this.providerExtraInfoBox);
this.Controls.Add(this.providerList);
this.Controls.Add(this.appIcon1);
this.Controls.Add(this.transparentLabel1);
this.Controls.Add(this.closeBtn);
this.DoubleBuffered = true;
this.ForeColor = System.Drawing.Color.Silver;
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.Name = "Form1";
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "KsDumper 11 Provider Selection";
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).EndInit();
this.ResumeLayout(false);
this.PerformLayout();
}
#endregion
private DarkControls.Controls.WindowsDefaultTitleBarButton closeBtn;
private DarkControls.Controls.TransparentLabel transparentLabel1;
private DarkControls.Controls.AppIcon appIcon1;
private DarkControls.Controls.DarkListView providerList;
private System.Windows.Forms.ColumnHeader provNameCol;
private DarkControls.Controls.DarkTextBox providerExtraInfoBox;
private System.Windows.Forms.Label label1;
private DarkControls.Controls.DarkTextBox driverNameBox;
private System.Windows.Forms.Label label2;
private System.Windows.Forms.Label label3;
private DarkControls.Controls.DarkTextBox deviceNameBox;
private System.Windows.Forms.Label label4;
private DarkControls.Controls.DarkTextBox signerNameBox;
private System.Windows.Forms.Label label5;
private DarkControls.Controls.DarkTextBox minWinBuildBox;
private System.Windows.Forms.Label label6;
private DarkControls.Controls.DarkTextBox maxWinBuildBox;
private DarkControls.Controls.DarkCheckBox driverWhqlSignedBox;
private System.Windows.Forms.ColumnHeader provIdCol;
private System.Windows.Forms.Label label7;
private DarkControls.Controls.DarkTextBox shellcodeMaskBox;
private DarkControls.Controls.DarkButton testProviderBtn;
private System.Windows.Forms.Label driverLoadedLbl;
private System.Windows.Forms.Timer driverLoadedLblTimer;
private DarkControls.Controls.DarkButton setDefaultProviderBtn;
private System.Windows.Forms.Label label8;
private DarkControls.Controls.DarkTextBox defaultProviderIDBox;
}
}

231
KsDumper11/ProviderSelector.cs Normal file
View File

@ -0,0 +1,231 @@
using DarkControls;
using KsDumper11.Driver;
using Newtonsoft.Json;
using System;
using System.IO;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using static System.Windows.Forms.VisualStyles.VisualStyleElement;
namespace KsDumper11
{
public partial class ProviderSelector : Form
{
protected override CreateParams CreateParams
{
get
{
// Activate double buffering at the form level. All child controls will be double buffered as well.
CreateParams cp = base.CreateParams;
cp.ExStyle |= 0x02000000; // Turn on WS_EX_COMPOSITED
return cp;
}
}
KduWrapper wrapper;
public ProviderSelector()
{
InitializeComponent();
this.FormBorderStyle = FormBorderStyle.None;
this.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, Width, Height, 10, 10));
this.closeBtn.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, closeBtn.Width, closeBtn.Height, 10, 10));
this.appIcon1.DragForm = this;
KduSelfExtract.Extract();
wrapper = new KduWrapper(KduSelfExtract.KduPath);
wrapper.DriverLoaded += Wrapper_DriverLoaded;
wrapper.ProvidersLoaded += Wrapper_ProvidersLoaded;
wrapper.LoadProviders();
}
private void Wrapper_ProvidersLoaded(object sender, EventArgs e)
{
foreach (KduProvider p in wrapper.providers)
{
ListViewItem item = new ListViewItem(p.ProviderIndex.ToString());
item.SubItems.Add(p.ProviderName);
if (p.ProviderName.Contains("[NOT WORKING]"))
{
item.ForeColor = Color.Red;
}
if (p.ProviderName.Contains("[WORKING]"))
{
item.ForeColor = Color.Green;
}
providerList.Items.Add(item);
}
if (wrapper.DefaultProvider != -1)
{
providerList.SelectedIndices.Add(wrapper.DefaultProvider);
}
else
{
providerList.SelectedIndices.Add(0);
}
}
private void Wrapper_DriverLoaded(object sender, object[] e)
{
if (this.InvokeRequired)
{
this.Invoke(new EventHandler<object[]>(Wrapper_DriverLoaded), new object[] { sender, e });
}
else
{
bool res = (bool)e[0];
int idx = (int)e[1];
ListViewItem item = providerList.Items[idx];
if (res)
{
driverLoadedLbl.ForeColor = Color.Green;
driverLoadedLbl.Text = "Driver Loaded!";
item.SubItems[1].Text = "[WORKING] " + item.SubItems[1].Text;
if (providerList.SelectedIndices.Count > 0 && providerList.SelectedIndices[0] == idx)
{
setDefaultProviderBtn.Enabled = true;
}
item.ForeColor = Color.Green;
}
else
{
driverLoadedLbl.ForeColor = Color.Red;
driverLoadedLbl.Text = "Driver failed to load!";
item.SubItems[1].Text = "[NOT WORKING] " + item.SubItems[1].Text;
if (providerList.SelectedIndices.Count > 0 && providerList.SelectedIndices[0] == idx)
{
setDefaultProviderBtn.Enabled = false;
}
item.ForeColor = Color.Red;
}
driverLoadedLbl.Visible = true;
driverLoadedLblTimer.Start();
}
}
protected override void WndProc(ref Message m)
{
base.WndProc(ref m);
if (m.Msg == Utils.WM_NCHITTEST)
m.Result = (IntPtr)(Utils.HT_CAPTION);
}
private void providerList_SelectedIndexChanged(object sender, EventArgs e)
{
if (providerList.SelectedIndices.Count > 0)
{
int idx = providerList.SelectedIndices[0];
KduProvider p = wrapper.providers[idx];
if (p.ProviderName.Contains("[NOT WORKING]") || p.ProviderName.Contains("[WORKING]"))
{
testProviderBtn.Enabled = false;
}
else
{
testProviderBtn.Enabled = true;
}
if (p.ProviderName.Contains("[NOT WORKING]") )
{
setDefaultProviderBtn.Enabled = false;
}
else if (p.ProviderName.Contains("[WORKING]"))
{
setDefaultProviderBtn.Enabled = true;
}
else
{
setDefaultProviderBtn.Enabled = false;
}
driverNameBox.Text = p.DriverName;
deviceNameBox.Text = p.DeviceName;
signerNameBox.Text = p.SignerName;
minWinBuildBox.Text = p.MinWindowsBuild;
maxWinBuildBox.Text = p.MaxWindowsBuild;
driverWhqlSignedBox.Checked = p.IsWHQL_Signed;
shellcodeMaskBox.Text = p.ShellcodeSupportMask;
defaultProviderIDBox.Text = wrapper.DefaultProvider.ToString();
if (p.ExtraInfo.Length > 0)
{
providerExtraInfoBox.Clear();
for (int i = 0; i < p.ExtraInfo.Length; i++)
{
providerExtraInfoBox.AppendText(p.ExtraInfo[i] + Environment.NewLine);
}
}
}
}
private void testProviderBtn_Click(object sender, EventArgs e)
{
if (providerList.SelectedIndices.Count > 0)
{
testProviderBtn.Enabled = false;
int idx = providerList.SelectedIndices[0];
KduProvider p = wrapper.providers[idx];
wrapper.tryLoad(p.ProviderIndex);
}
}
private void driverLoadedLblTimer_Tick(object sender, EventArgs e)
{
testProviderBtn.Enabled = true;
driverLoadedLbl.Visible = false;
driverLoadedLblTimer.Stop();
}
private void setDefaultProviderBtn_Click(object sender, EventArgs e)
{
if (providerList.SelectedIndices.Count > 0)
{
testProviderBtn.Enabled = false;
int idx = providerList.SelectedIndices[0];
wrapper.SetDefaultProvider(idx);
defaultProviderIDBox.Text = wrapper.DefaultProvider.ToString();
wrapper.Start();
this.Close();
}
}
}
}

242
KsDumper11/ProviderSelector.resx Normal file
View File

@ -0,0 +1,242 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="appIcon1.AppIconImage" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAYAAABw4pVUAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAL
DAAACwwBP0AiyAAAFCZJREFUeF7tXQl0lFWaDTraYzvTdJ8ZbRfEFpFNNgk7gSAECFsgQBaSACKLEPal
XRuxu1EYQA5JUeACsp2wJOyETTAhUaGitEoGgTmSEefM6T5OZ0bbdoOq4s79Ku9V3v+nQqUSSALWPeee
1P+++33ve+/W++tPHYMRYYQRRhhhhBFGGGGEEUYYYYQRRhhhhBFGGGGEETrunYZ+98/AlvtmoIg/998/
HZMiJ+M2Fa4ztFqI2++ficnsK1d6I7Pum44YFb4JsRC3PDANjgemAwF44r5p+BelrHXI3NKDrSfNTOld
SW8WoEHjaVj94DSgMjZOxyf3Tsa/qoRaQ+Op+NWD6fgwUE+a7H3dDW1Kkylo/VA6nm8yFZvIdU3SsY+E
wQ9+k44x1Gy0jE/Fxy1q8aTIXDKnrYdN0htff2AZlzXIWhiXtT2cjkdVmfqLZnyHN52KveQVEoH48FQU
tkrHP6mUCF4vtsSn1I4pMofMZZl7KpaocETbebiT8QIzbuOVplOwR9asUuoXWj6FR5o9hYvNpwBXYYFp
hkbzp7DYonvq+poitWUO25x+MzTapuFOxgosOhtlzbJ2lVI/0GwiHmo5Gf/NxlAZWzwV2AwNahbb9NfF
FKkptc25yApmaIgp0rtNbyXXLnugUuoWXefgjkcn42MSlXLS1c3QoHaxLfdkqwTcrsI1RtMZ+Blruixz
TKrcDA0xRdZgybNzEj56cBz+UaXUHdpOxNy2k4BKObFqZmi0mYjFZn6bSUhXoRqDtaeZtcmgZmiIKbIW
W76FrD9byesO7SfiPIlAbBeiGRrtJ2C9UeNtNVxjsNYxo7+31HCVIabImowaFrabgHNKWjfonIpfdJiA
KyQCsFpmCLi4UUadT9RwjdHhSZzWdWUONRwSxBTmF+g6Nl7p/iT+WUlrH49NQNNOTwJ2dhxffTPkM4P5
eUat3SpUY7DeHl2303jky2eKCoUEMUXW6K9lMHIsHlay2kdUCn7V5QnAxoLoapoRyw3qMg77zXqdxiJe
hWsM1h5p1iZzZU4VDgliCvMLbPUge6IktQP5IpALi+w6DlO6jsWBbuMATY4VSKNKGhJkY1gv16zXbSwO
qfA1Ahqwx8PmHDJnTUyRNdvqHZC9kT26Ll+aRo1Hkx5jMbbHGGSQ70WNxfckAvDd6t4/5TYVNQZ7A9S8
1CMNQ5Wsxug5BgO4hh/s83DsUHQ1H1m56T9n73n2mj6OwWXu3afkJnJWFE0K6Tuxnml4qFcqEnuNwbJe
aThOfsPXCEpq+9XgZLBGrq3mFf2aPf1A9lHyaiMqFX1Z58dAcyhW+6TI2n37Za0XmLKnZdplstey56pM
GTjYqXca9pN/JVEVRqfiR9LVOxWO3ilIio7GP6hyIUE2IDoNubbaO6LHIIrjXxtjX8byiU6lhQzJZa//
468ntVPQg69z9Jgar7YpsgeyF749ScNJ/vzBrB2Esvf7ue6OEX1SUdw3Fagq+6Rg8bW4N8bG4meslWur
vUPXZoNdeP2dP5aKNF9iNdA3DWONOb6V2jIum9g3BTk6puK50psvsQaQdbDWYrN2MIoXEf1ScJiE5oBU
uGc+fwULVnqxZIsXC7Z5LnC81NC4Y5KRqOatFmTBrJNr1BT6zdCIGY1tOs7XL6rhkBGTgoX+OinYqoZ9
EFNYO0fHFWtsiuwR67h1zf6p+Gp5lqf0tQ0eLF3mxdNPX/HttY4rHooYlIB7BozG2djRgOb8p715b+93
Y8dhD9a/48Efd3lKYmmKoXEPqKYpslDm5xq1EJtc0QzeZhqxr78YmidVKGSw9wm6jtTsn4QHVMgHMYXj
Of65ylhtU2RvmO/210rBV5nbPV/tPejG8T1ufJTjxgvzvYX+OCkeiBe+AvJiYDIHkgHNZ2jKsX1u7Drk
wUaasminp2TQaJQaGjcZkimywIFJyDVqYFBSRTNkwxi7YOoGp6CJCoeM2CQ8bNYiLwQyhb3kmDrpNVRT
mJdIyt74arDvrzO2e74VM/L3lpnxO5qh40Lf3mszNOLTcPfgRJwZkgRoPjvfm5/HIlJs8zEPlux0lwxJ
xpc6PjgJHuakqhJXRQIfbYckYq9Zn/kBTwbHPzN1iqe4uJB/6YpJQEPO66pQLxEXhyXhN0rmA3u8levJ
sumq/Eg8OBmjmOPWuXGjvX/jyfhxD9/UYsafaMbC+d7j/tok13o+Lhn3qRJWxMfj7mEJODMsEdB8fq43
X47ZfpqSdZT3vxx3CRfypY7HJcJDXtUUMYPavTrHl5eAHZNtZnD+Rox9ZupMcp6QTOG8DbkeV6BaQtYL
aArHs2zaoKZwPaOoc+uc4aPxzcpst0fMkDe1mPEHmqHjipWbocGG7okfhbPxCYDm7+Z58wppyoEDbmx9
m6Zke0riE1FqaNzDEwLfvmSBjO83tGD9CmZwYx7g+AVTx5pz+dNhjpEu2WiVVilEQ22Rmct6mapmeT3O
KXOrNB/k9kVdjqnjda6sRUksYCyRGrfWjhiNv/M2dWW3MuMUzXhpnrdQx33kHsteqxJXhwhHjsTZkaMA
zYVzvXnv7XbjUK4b24948Op2TwnHSw2NmzkVTOHkcYYGI0bhSCAzmHvB1PF6TlkUDfjaYcZY46qmSGzE
SBSZOayRKbUkLrVtsYCmSK823TAV9oNjiYy5tSYhCd9mZnt9n73v8DP41A6eDJrhr1FWp+pmaMjtK2EE
ziSOBGcs40uzvfkndrlxhE9gOTQlY5u7JHEUvvRrRsDDa8vti2NLzBqs+bfEeHRV4YikYXgggRti0zyr
wgpoQE2mqWHdUykBbl9iBvNdppbXr2kzNNjDbFNDXmQv/tsX60Qy7/8sGq5FhX1IiMcojrt1fHQyvveZ
wadTeSD6kGa8Mtd73J9fVuN8clyQ21RlEBeTR+AsCc0/zvbmuXa6cZSm7OTEGVs9JRwvNTTuZOOkJMfj
mBErYzy+ThrOW+gI9OD1BVtMnQw70IAxh6lNireeFHmdNAJFFs2I8pNhB2NzTS15QXoaPQLDpUdbTGq9
o1IjZI0cc+tYShJ+yMzx+vZEzPiAZiya6y3UccXQT4YdUiAlHmdJaC6a5c2TCeVIyn3SscVTwvFSQ+NO
Hi6moEHKcHxtjF8xXlfg6HgUVrZ5ZWA9mmLL85ki5OsiS2x45WaUwVfvXUtORZb3zLUsXIhbZG28duvx
Mcm4lKHMOKrMeGWOt9CfV8aam6ExjoXShuHsmOGcXHExTZH7ozzOyWPxappCTamhcY8ZhgX+62HwpHIh
/Pm9oanIYVgVbBOpcdjyXJy7yBxLq4IZ1DjNnApkr6pnjzEma3Lr63GJuCy3KfklWswo4t1jCc3w60nZ
O9lDNfG1wbhBuGdcHAsPYxOKS2Z68+QXnQJ5LOYT2JosTwk1pabGzzj8u9QZH492Y+Owj2Pfcux7/jzK
n6dM7dgqmEKdw8wxyfyMoPlxcNpyPmBfx1RP35J7xw5FW1FL76ZWczwfc7UZ8s2GmLF0lrfQopM94975
pr3WkMJPDMXZ8XFsRnEpTfkk2413+QQmj8Wvb/aUcLzU1AifiMN6VaYCJvN2w7oui35ocFOoWWPmqLyg
ZlDntOTE4URqbOXfJkvvpl44kb8UZ9AMebgRM+RzdRnNMDWyV9fNDI0pfPqaMARnJg5lU4pLp3vzi7e7
8b56LH4ry3NhYhy+NDUThmKqKhEQsiGse9KW80ZlmysmUu8y9WSFpykr0GDiEDhsOVc1QzBpCNLNnMkJ
Xq98gGfTDHniFDNW8gnU1HCe809W92kqVKTT9cmDcW7yEDanuHy6N+/MNjdOqsfitevd/2nGuahOKr1S
TI5BQ2pdlrzBFU8KbwW/ZL0iU8d+gp4MapxmDmufmBHEDIH0buZlbC8z4zDXKetdPsObb8Zlb2SPVHrt
YEo/3D1lEM5MHQxorpjmPf4pTZF7ac5bHv/41EG4xIVX6Us62SDmnPTnkpzHf1LEtCmD4TLjZNCTwR4c
lpxBVTNDwKej2znnjzp33WYvDvNOIGZkzvTmW+oOxvlptXUy7BBTptEUEporpnrzxZSsl73+MfIDlVIl
yEYx56SRL3xjFk/GtIFwWcYHBjeDOoeZkz6w6mZo8B3/oc5/fakX8gvyKpph1iXrzgwNOZozBuIcCc3M
dG/e6lle/zXpVPIqQ07C9Fi4jBrg9V/NazLobYoapy0nZDMEZp2Vc7x02FuorxVr/zZVGeazkVmxODc7
FtCcOxCX9es5/TFeSUPCMzRl9gC4zLoGg5oxawCctpxqmSGQNeg6cweVr00oa5c9UNL6AWlozgCcmzuA
Dds4rx9aK1nImBmDxtyMS5aa/YObQY3TlvPdzD74tRKEDFmDpZ6irLnemaHBpu8mz8zvDxj8Oz8UA35t
HQxyQpjvMuvN6x/8M2N+PzjMHIMF6dHV+68q5SsTru0bsx6vz/82po4/M4JhfjTueToG557pB/gYgzwV
CgliBlnkr1NWK+jJoMZpy/lfy3U/HFs4BD9XCSGBtfJ0HVmjrFWF6jek0ef6ouDZvvgvNt9LDVcZXHjD
Z2nGczGAwaBmUOO05ZxYGI1fstZGc5x9VcsU5kbLmsjjN4wZNYWY8XxfuF7oC2jyOuhtijqHmfNCH5qh
PsDldvN8H2ww46xZQLOqdfv6yUDMeLEPXCQ0Fzwe3IwXH4fDzOG13wwNMYW1Npi6BX3CplSKJTRj4eNw
vfQ4oMnr13AVMyT2Um84LDm9K5qhIaaw5gZTz/ywKXaIGb+PRtEfegN+RiMjmBnUOC055O97Y6mSBISY
wrk2WvKiq/9Bf9NBzFjUC66XowHNRdHBT8bLveAwcyzsFcSUCNzCOTbY8sInRcx4pReKFvcC/OwZ/GRQ
4zRzXumJk2SxOUbNIpUSEGIKczZacnrxpET+RE+KmLE0CkVLewKa/1YFM6hzWnKicCKjM37xchTuYr1i
S6wKplCz0cwhf3qmiBnLe8C1PAowuSwK23jbCPi3JmIGNQ5bjs8MJYnIoCmse9qi6VH57Ss7Abdyzo0W
fVlOwaqfyu1rSSQavtodrhU9gEpYwRQxY0V3OEzdqz2sZmiIKax/2tSSFUwRM1hzo03nJ+vf/Ka8TjNW
dkdRRndAk9eryKPG9cUVPXGvSvGZwXGnjvvYLbAZGmIK6xSbOSu7WW9fqzrhHo5/7o+zB3KTvlY8xp5v
ztuXmJHZDS5HN8Cg72nq1a64g6+POrrii9VR5X92IDGOOww9Mrte3QwNMYXznTZzSctJWdkDjVmvhCxY
1hZ3ymcKczZYcrqi8KY7KWLGqi4ocnYFDP5lbffyv9oVU5wdy//7WjFjVVc4LTldqmaGhpjCnGKzBmta
TgrrNZK51aWvV+pKzRzWuHlOiixwTWe4XusCVGBnvGeaoiFmMO4wtWtCNENjHU3hPKdttQJ+0G/iKaE2
39QavPFPipjxemcUvdEZ0OT1GfOazFJyH8QMjjltmmqZobGuPe56oxOKbTUrPBJzLMumuWC7vnFPipjx
Zie41nYCDL4m92mOO9X1F+s6Wj8zOOZQMR/f7IgTm2tghoaYsrYjTltqd7KeFPbcmGMlat618rTHnA1m
Dq8LV7W6wU6KmPFWRxSt7who8nqtbLjE5SevF63vUv6f/8vY+kg4LTmR18YMDTGFdYstc7APFfZBepIx
3au8gdjHVktO5A10UsSMDZFwbYwETHLs4vp21j8f05DFb+wAh01/Tc3QEFNY/7Rtrkp/eWQPjRj/zNSr
nMLs+n5SsmnG5sfg2twBCMRNHSqaImYw5rBpr4sZGmIK5zhtzrnpsYqmbG6DRox9ZupMMqf+miJmbHkM
RSQ0s9ojc0t7zPOPtcfFrYYhYgbHnf54mea6mqGRTVM4V7FtbsvtS3rNegyf63hWO/yWa9pk5vD62L76
dvsSM7a1h4uE5tb25V+hb2mHOVzcF1ltrB/g1DksOe1qxwwNMWVbO5w2eyAtJ4Vra8yxEvI5uZbPFPa5
wdAL689JYSO3Z7dDYU47wGCmNkNjT/Py3zckltMWTktO29o1Q0NM4fzFtl4sJ8W+2fI9GHWbLDntsFfM
UpK6w842eGlnW0BzR5uKZpiQ2A6aYcmpIzM0xBT2UGz2RFb4PcWEmMK1bzJzWGOCCtcN+ER1267W+Gp3
G0C4iw3Khq9+93Lk6uPuP68ucH++5nj5v/osMeqdWq944mDTujNDQ0xhb8WW3lpbTXnjKJq9mef+fG2e
+89vHbvUQUyh5pCh9/2VWJ1hT0t02dcaULwknyUyvvug+1X5Y1DhroMe3584ixl7aYahx95H64cZGgdp
yr5HUWzp0TDlwP7Lzx3MdUNxuYzlPoqWpn5Xi7r7325EsPmhbAjC/a1wXg1HnNx1OerkzsvfnNh5ufT9
nZdaixmMO7XWx1b1ywwNMYW9Fpu98tpnyp9yLrX9ePvl0o+2X/7m422Xe8iYfG4w7tZamtJCxusEB1sh
ioTi9/kPlv97IGeycfup13GbmHGAZhg68LpemqHB3u5in8W2nn2myJpkbT4hwVgrU3e0Lk/IiUa440gL
fHekJaDoO8Ya2RG4lfHVRlxYr83QEFMOt0SxrfclsiYliZA3IDVHdFz0KlR34DtiJSnvDB/fboFD5ERy
Oq8/tMSa3xhmaIgp7LvYXAMpa1pALuJ6/sMYx9Hm1f9H1q4ZZIPfaY5PSVyVzW4sMzQKaQr7P11hPTYe
a4499eL3EMGxh/Dr481wnEQl3HKkbfX+Gdn6gKNN0PD4I9gdYF3IbwYvf67hm63G/3DmNYV8ePPdNITc
UPgI3ufPwoJHsLqwGXxPIzcDCh5Gd65pBbmfa9xb0BQv5zep/l+HhRFGGGGEEUYYYYQRRhhhhBFGGGGE
EUYYYYRxcyIi4v8Bgkd5YGjdFSgAAAAASUVORK5CYII=
</value>
</data>
<data name="appIcon1.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABwAAAAcCAYAAAByDd+UAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAACwwAAAsMAT9AIsgAAASJSURBVEhL7ZVrUJRVGMdfK7WaJhomMvvApQkhLnKHhQV2
WWFZYDF2YRWWkOW2EkoiQQVoENhFRYRABBHiXojg1BgOiMOUM6iTOCjkNFLhTE3f+NQ0xVD/p3N2jlAw
CNjUJ39f9jn///95zp5333df6SH/OzYF9LwoV2Qt2SW8+DocHfbgiH0hJuxy0CYRrRPWUpjHMzzrkIOj
vFc4K2OXSo87Z6PTNZ/IMRvDTrvJ3nE3upyy0e9ioA0iNo9LKW3gniXDs6yH9/IZfJaILY97JrICi4g8
zBjQ5GKjkCW3DFz0yMBesZyHa26ZuCiWkkaDjbyXz3BPR5aQl2KjoKeC0xAQaMLNQDbAbKb1wpKC0vGC
PB3T/iYyCGkernGPZ4QkmX1ofSD7gnyWPBUyaw2eFpYkhRnxXowZQyoTfpQbcUeZhhKDy8KlU6SSvTIZ
42EZ6Gefp/7xW5bSI1xTZaKPZ3hWOBKfoUxFiTwJU9tM+FmbhSG+lxSqR8Oet4hqOkGxabjr7g4n0SOF
G8g2KhHfRRjJEKmn8OgkzAhrHq5FJSCCZ1h2SptCtsKSnJ2xJS4Td1vbifLeJApme1kMdTSqS0uImjrn
EJ+CmRAZvLkel4A72h1IM8SRD6vH9IkY1Ceg2dLEiE/Aaa7FGXCDZ2INZNIlYIp7QX7kudOEme5PiA4V
E0VoUW1puodGhZr32Uk72v9AchKm9RE4YNRhNkWHc0Y9kVGPMJ5L1GMwKQ5VyTo07tRjiGs7mMczlmw8
fterUfJqMn76tIfoQzZTzWbz3BJ0ClRXFRCd/Xhudt8uol2RKE7VISb9FXyQEYurZgNZ8VzadsyZtmOY
1xlqWGdocdXEMjzLeoryMon4ySrZLF3IopMtJkmOmgYWrNpHlOALhZClbC0O5ERjMDeaWl+LRi/XzOFk
lROF0ewYHLSEGEYvhB5h/bXsZClBy5xsMXuVOFmgZj90JDYLyUK+Gt/na/Alr3PZrV4YiR+Y9q3FFBTF
YhPvzVWIG2S1FKoQVspue7GUDqrQVrwNn/G6VEHPFKtwuURNbzOti3nzNxKxx4b3iuWDURGKk+VKDPCa
b3ZIgdsVCvx6RqJHuVamxFC5AnW8/tdUylHVEEZUFwi7YzI8URmEycMhKDwcjP3Mu1XD/sqOB5A9zxwL
wlHR9mDUy9BSK8MvJ0IQ85EcHnUBuFEjwzvCllhdUSej63VyuNYHQ3uCZwPQJOy10eqH9tN++KbRFwU9
Mlg3++LrJv+Fze7BtIoWX1xr9CGrU74oZD232/zQIuzV0e2B+l5XjHV4UNmIgh7r8sJEuzdKhb2EDm9U
dHniJkm0rsOLys64YLx7K2qFfX/6XLC/1x/XOqbnlH2BeK7fDRO9Wxees+U464Hyc24Y/9yHnu2Z/E3F
Zoz1OSNH2MvzhTN6Lvj9+e5g+2zigCsmzzsvvYzLcf5llA+44NZI82zSBR8cZ70rX9pBR/IcccToFVuM
Dm9BnpBXzbAT3uC9lxxx+ZLTwpvnvlzfTE9eccAmsVwzX70Em8m/vVMf8h8iSX8BwCCUC3RVqvIAAAAA
SUVORK5CYII=
</value>
</data>
<metadata name="driverLoadedLblTimer.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
</root>

92
KsDumper11/SplashForm.Designer.cs generated
View File

@ -1,92 +0,0 @@
namespace KsDumper11
{
partial class SplashForm
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.statusLbl = new DarkControls.Controls.TransparentLabel();
this.progressBar = new DarkControls.Controls.ProgressBarEx();
this.transparentLabel1 = new DarkControls.Controls.TransparentLabel();
this.SuspendLayout();
//
// statusLbl
//
this.statusLbl.AutoSize = true;
this.statusLbl.Font = new System.Drawing.Font("Microsoft Sans Serif", 14.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.statusLbl.Location = new System.Drawing.Point(12, 72);
this.statusLbl.Name = "statusLbl";
this.statusLbl.Size = new System.Drawing.Size(0, 24);
this.statusLbl.TabIndex = 10;
//
// progressBar
//
this.progressBar.Location = new System.Drawing.Point(12, 108);
this.progressBar.MarqueeAnimationSpeed = 750;
this.progressBar.Name = "progressBar";
this.progressBar.Size = new System.Drawing.Size(660, 23);
this.progressBar.TabIndex = 9;
//
// transparentLabel1
//
this.transparentLabel1.AutoSize = true;
this.transparentLabel1.Font = new System.Drawing.Font("Microsoft Sans Serif", 21.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.transparentLabel1.Location = new System.Drawing.Point(265, 9);
this.transparentLabel1.Name = "transparentLabel1";
this.transparentLabel1.Size = new System.Drawing.Size(193, 33);
this.transparentLabel1.TabIndex = 8;
this.transparentLabel1.Text = "KsDumper 11";
//
// SplashForm
//
this.AllowDrop = true;
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(684, 150);
this.Controls.Add(this.statusLbl);
this.Controls.Add(this.progressBar);
this.Controls.Add(this.transparentLabel1);
this.DoubleBuffered = true;
this.ForeColor = System.Drawing.Color.Silver;
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.Name = "SplashForm";
this.ShowInTaskbar = false;
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "Basic File Box";
this.Load += new System.EventHandler(this.SplashForm_Load);
this.ResumeLayout(false);
this.PerformLayout();
}
#endregion
private DarkControls.Controls.TransparentLabel transparentLabel1;
private DarkControls.Controls.ProgressBarEx progressBar;
private DarkControls.Controls.TransparentLabel statusLbl;
}
}

473
KsDumper11/SplashForm.cs
View File

@ -1,473 +0,0 @@
using System;
using System.IO;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Drawing.Drawing2D;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
using DarkControls;
using KsDumper11.Driver;
using System.Runtime.Remoting.Contexts;
using System.Runtime.InteropServices.ComTypes;
namespace KsDumper11
{
public partial class SplashForm : Form
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FlushFileBuffers(IntPtr handle);
protected override CreateParams CreateParams
{
get
{
// Activate double buffering at the form level. All child controls will be double buffered as well.
CreateParams cp = base.CreateParams;
cp.ExStyle |= 0x02000000; // Turn on WS_EX_COMPOSITED
return cp;
}
}
public bool IsAfterburnerRunning
{
get
{
Process[] procs = Process.GetProcessesByName("MSIAfterburner");
if (procs != null)
{
if (procs.Length > 0)
{
if (procs[0].ProcessName == "MSIAfterburner")
{
return true;
}
}
}
return false;
}
}
int maxProviders = 31;
//int maxProviders = 9;
List<int> workingProviders = new List<int>();
string logFolder = Environment.CurrentDirectory + "\\Logs";
string workingProvidersPath = Environment.CurrentDirectory + "\\Providers.txt";
string scanningPath = Environment.CurrentDirectory + "\\Scanning.txt";
Random rnd = new Random();
void saveProviders(int providerID)
{
StringBuilder b = new StringBuilder();
for (int i = 0; i < workingProviders.Count; i++)
{
if (i == workingProviders.Count - 1)
{
b.Append(workingProviders[i]);
}
else
{
b.Append(workingProviders[i].ToString() + "|");
}
}
if (providerID != maxProviders)
{
writeToDisk(scanningPath, providerID.ToString());
File.WriteAllText(scanningPath, b.ToString());
}
writeToDisk(workingProvidersPath, b.ToString());
Thread.Sleep(1000);
}
private void writeToDisk(string path, string text)
{
if (!File.Exists(path))
{
FileStream fs = File.Create(path);
StreamWriter sw = new StreamWriter(fs);
sw.Write(text);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
else
{
File.Delete(path);
FileStream fs = File.Create(path);
StreamWriter sw = new StreamWriter(fs);
sw.Write(text);
sw.Flush();
FlushFileBuffers(fs.Handle);
sw.Close();
sw.Dispose();
}
}
private void StartDriver()
{
if (!Directory.Exists(logFolder))
{
Directory.CreateDirectory(logFolder);
}
int timeout = 5;
int retryCountDown = 5;
if (IsAfterburnerRunning)
{
while (true)
{
if (retryCountDown == 0)
{
retryCountDown = timeout;
if (!IsAfterburnerRunning)
{
break;
}
}
UpdateStatus($"Waiting MSI Afterburner to be closed... Retry in {retryCountDown}s", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"Sleeping {retryCountDown}s to ensure MSI Afterburner driver is unloaded", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
}
int idx = 0;
int providerID = 0;
if (File.Exists(scanningPath))
{
if (File.Exists(workingProvidersPath))
{
string provsStr = File.ReadAllText(workingProvidersPath);
if (provsStr != String.Empty && provsStr != null)
{
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
}
}
providerID = int.Parse(File.ReadAllText(scanningPath));
// Save the crash providerID to a blacklist.
providerID++;
if (scan(providerID))
{
File.Delete(scanningPath);
return;
}
}
if (File.Exists(workingProvidersPath))
{
UpdateStatus($"Saved providers found, trying each provider until one works...", 50);
Thread.Sleep(1000);
string provsStr = File.ReadAllText(workingProvidersPath);
if (provsStr != String.Empty && provsStr != null)
{
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
}
while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (idx == workingProviders.Count)
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"Driver failed to start, no saved providers worked! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
break;
}
providerID = workingProviders[idx];
tryLoad(providerID);
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
UpdateStatus($"Saved Provider: {providerID} failed!", 50);
Thread.Sleep(1000);
idx++;
continue;
}
else
{
UpdateStatus($"Saved Provider: {providerID} worked!", 100);
Thread.Sleep(1000);
LoadedDriver();
return;
}
}
}
string logPath = Environment.CurrentDirectory + "\\driverLoading.log";
//Thread.Sleep(750);
//{
// UpdateStatus("Starting driver with default provider #1", 50);
// string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
// ProcessStartInfo inf = new ProcessStartInfo("cmd")
// {
// Arguments = args,
// CreateNoWindow = true,
// UseShellExecute = false,
// };
// Process proc = Process.Start(inf);
// proc.WaitForExit();
//}
scan(0);
UpdateStatus("Driver Started!", 100);
Thread.Sleep(750);
LoadedDriver();
}
bool scan(int providerID)
{
int retryCountDown = 3;
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
retryCountDown = 3;
UpdateStatus("Scanning for working providers...", 50);
while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (providerID == maxProviders)
{
if (workingProviders.Count > 0)
{
providerID = workingProviders[rnd.Next(0, workingProviders.Count - 1)];
UpdateStatus("Saving working providers!", 50);
Thread.Sleep(500);
saveProviders(providerID);
tryLoad(providerID);
if (DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
LoadedDriver();
return true;
}
else
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"No working providers found! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
else
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"No working providers found! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
if (providerID == 1)// || providerID == 7 || providerID == 29 || providerID == 28)
{
providerID++;
continue;
}
saveProviders(providerID);
tryLoad(providerID);
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
UpdateStatus($"Provider: {providerID} failed!", 50);
Thread.Sleep(1000);
providerID++;
continue;
}
else
{
UpdateStatus($"Provider: {providerID} works", 50);
workingProviders.Add(providerID);
DriverInterface.OpenKsDumperDriver().UnloadDriver();
Thread.Sleep(1000);
providerID++;
continue;
}
}
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
while (retryCountDown != 0)
{
UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
return false;
}
void tryLoad(int providerID)
{
UpdateStatus($"Starting driver with provider: {providerID}", 50);
int timeout = 5;
int retryCountDown = 5;
string logPath = logFolder + $"\\driverLoading_ProviderID_{providerID}.log";
string args = " /c " + Environment.CurrentDirectory + $"\\Driver\\kdu.exe -prv {providerID} -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
ProcessStartInfo inf = new ProcessStartInfo("cmd")
{
Arguments = args,
CreateNoWindow = true,
UseShellExecute = false,
};
Process proc = Process.Start(inf);
if (!proc.WaitForExit(10000))
{
proc.Kill();
}
if (proc.ExitCode == 1)
{
Thread.Sleep(750);
}
//if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
//{
// retryCountDown = 3;
// while (retryCountDown != 0)
// {
// UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0);
// Thread.Sleep(1000);
// retryCountDown -= 1;
// }
// Environment.Exit(0);
//}
//UpdateStatus("Driver Started!...", 100);
}
public SplashForm()
{
InitializeComponent();
this.FormBorderStyle = FormBorderStyle.None;
this.Region = Region.FromHrgn(Utils.CreateRoundRectRgn(0, 0, Width, Height, 10, 10));
}
private void SplashForm_Load(object sender, EventArgs e)
{
//StartProgressBar();
Task.Run(() =>
{
try
{
StartDriver();
}
catch (Exception ex)
{
return;
}
});
}
private void StartProgressBar()
{
progressBar.Style = ProgressBarStyle.Marquee;
progressBar.Show();
}
private void StopProgressBar()
{
progressBar.Style = ProgressBarStyle.Blocks;
}
public delegate void UpdateStatusDel(string txt, int progress);
public void UpdateStatus(string txt, int progress)
{
if (this.InvokeRequired)
{
this.Invoke(new UpdateStatusDel(UpdateStatus), new object[] { txt, progress });
}
else
{
this.statusLbl.Text = txt;
this.progressBar.Value = progress;
}
}
public delegate void LoadedDriverDel();
public void LoadedDriver()
{
if (this.InvokeRequired)
{
this.Invoke(new LoadedDriverDel(LoadedDriver), new object[] { });
}
else
{
StopProgressBar();
this.Close();
}
}
protected override void WndProc(ref Message m)
{
base.WndProc(ref m);
if (m.Msg == Utils.WM_NCHITTEST)
m.Result = (IntPtr)(Utils.HT_CAPTION);
}
}
}

28
KsDumper11/StartDriver.cs Normal file
View File

@ -0,0 +1,28 @@
using KsDumper11.Driver;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IO;
namespace KsDumper11
{
public class StartDriver
{
public static void Start()
{
bool driverOpen = KsDumperDriverInterface.IsDriverOpen("\\\\.\\KsDumper");
if (!driverOpen)
{
if (File.Exists(KduSelfExtract.AssemblyDirectory + @"\\Providers.json"))
{
KduWrapper wr = new KduWrapper(KduSelfExtract.AssemblyDirectory + @"\Driver\kdu.exe");
wr.LoadProviders();
wr.Start();
}
}
}
}
}

2
KsDumper11/app.config
View File

@ -6,7 +6,7 @@
</sectionGroup>
</configSections>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
</startup>
<userSettings>
<KsDumper11.Properties.Settings>

4
KsDumper11/packages.config Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Newtonsoft.Json" version="13.0.3" targetFramework="net48" />
</packages>

9
README.md
View File

@ -1,6 +1,13 @@
# KsDumper-11
https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4
## Whats new v1.3
+ Updated KDU to KDU V1.3.4! Over 40 different providers are now available!
+ Removed the old auto detection of working providers and replaced it with a new provider selector. Users can now select which provider they want to use to load the driver. As well as test providers to see if they work on your system!
+ Testing some Providers may BSOD crash the system, KsDumper now has support for being ran again after a crash and will mark the last checked provider as non-working!
+ Anytime kdu loads and it detects a saved providers list, it will try to load the KsDumper driver using the default provider
+ Providers list and selected default provider are now saved as JSON files!
## Whats new v1.2
+ KsDumper will now try and start the driver using the default kdu exploit provider #1 (RTCore64.sys)
+ If the default provider does not work, KsDumper will scan all kdu providers and save each one that works into a list.
@ -15,7 +22,7 @@ Please keep in mind that until others volunteer to help in development of this t
https://discord.gg/6kfWU3Ckya
## Features
- Auto detection of working kdu exploit providers.
- Selection of working kdu exploit providers.
- Auto dumping of selected exe.
- Unloading the KsDumper kernel driver is now supported! An option was added to unload on program exit, or system shutdown/restart.
- Splash screen for when driver is being loaded