Cool_Tools/KsDumper-11
1
0
Fork 0
mirror of https://github.com/mastercodeon314/KsDumper-11.git synced 2024-11-28 00:10:52 +01:00
Code Releases Activity

v1.2 Merge

Browse Source
This commit is contained in:
Mastercodeon 2023-01-30 18:31:12 -06:00
parent 7b917154b3
commit 91d6979869
7 changed files with 223 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
KsDumper11/Driver/DriverInterface.cs
View File

@ -8,6 +8,10 @@ namespace KsDumper11.Driver
// Token: 0x02000014 RID: 20 // Token: 0x02000014 RID: 20
public class DriverInterface public class DriverInterface
{ {
public static DriverInterface OpenKsDumperDriver()
{
return new DriverInterface("\\\\.\\KsDumper");
}
public static bool IsDriverOpen(string registryPath) public static bool IsDriverOpen(string registryPath)
{ {
IntPtr handle = WinApi.CreateFileA(registryPath, FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, (FileAttributes)0, IntPtr.Zero); IntPtr handle = WinApi.CreateFileA(registryPath, FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, (FileAttributes)0, IntPtr.Zero);

BIN
KsDumper11/Driver/Taigei64.dll
View File

Binary file not shown.

BIN
KsDumper11/Driver/drv64.dll
View File

Binary file not shown.

BIN
KsDumper11/Driver/kdu.exe
View File

Binary file not shown.

4
KsDumper11/Properties/AssemblyInfo.cs
View File

@ -5,7 +5,7 @@ using System.Runtime.CompilerServices;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Runtime.Versioning; using System.Runtime.Versioning;
[assembly: AssemblyVersion("1.1.0.0")] [assembly: AssemblyVersion("1.2")]
[assembly: AssemblyTitle("KsDumper 11")] [assembly: AssemblyTitle("KsDumper 11")]
[assembly: AssemblyDescription("Dump processes from kernel space !")] [assembly: AssemblyDescription("Dump processes from kernel space !")]
[assembly: AssemblyConfiguration("")] [assembly: AssemblyConfiguration("")]
@ -15,4 +15,4 @@ using System.Runtime.Versioning;
[assembly: AssemblyTrademark("")] [assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)] [assembly: ComVisible(false)]
[assembly: Guid("7881b99d-0b5a-44e7-af34-80a0ecffd5db")] [assembly: Guid("7881b99d-0b5a-44e7-af34-80a0ecffd5db")]
[assembly: AssemblyFileVersion("1.1.0.0")] [assembly: AssemblyFileVersion("1.2")]

218
KsDumper11/SplashForm.cs
View File

@ -51,9 +51,36 @@ namespace KsDumper11
} }
} }
List<int> workingProviders = new List<int>();
string logFolder = Environment.CurrentDirectory + "\\Logs";
string workingProvidersPath = Environment.CurrentDirectory + "\\Providers.txt";
Random rnd = new Random();
void saveProviders()
{
StringBuilder b = new StringBuilder();
for (int i = 0; i < workingProviders.Count; i++)
{
if (i == workingProviders.Count - 1)
{
b.Append(workingProviders[i]);
}
else
{
b.Append(workingProviders[i].ToString() + "|");
}
}
Debugger.Break();
File.WriteAllText(workingProvidersPath, b.ToString());
}
private void StartDriver() private void StartDriver()
{ {
if (!Directory.Exists(logFolder))
{
Directory.CreateDirectory(logFolder);
}
int timeout = 5; int timeout = 5;
int retryCountDown = 5; int retryCountDown = 5;
if (IsAfterburnerRunning) if (IsAfterburnerRunning)
@ -83,11 +110,61 @@ namespace KsDumper11
} }
} }
int idx = 0;
int providerID = 0;
if (File.Exists(workingProvidersPath))
{
UpdateStatus($"Saved providers found, trying each provider until one works...", 50);
Thread.Sleep(1000);
string provsStr = File.ReadAllText(workingProvidersPath);
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (idx == workingProviders.Count)
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"Driver failed to start, no saved providers worked! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
break;
}
providerID = workingProviders[idx];
tryLoad(providerID);
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
UpdateStatus($"Saved Provider: {providerID} failed!", 50);
Thread.Sleep(1000);
idx++;
continue;
}
else
{
UpdateStatus($"Saved Provider: {providerID} worked!", 100);
Thread.Sleep(1000);
LoadedDriver();
return;
}
}
}
string logPath = Environment.CurrentDirectory + "\\driverLoading.log"; string logPath = Environment.CurrentDirectory + "\\driverLoading.log";
Thread.Sleep(750); Thread.Sleep(750);
UpdateStatus("Starting driver...", 50); UpdateStatus("Starting driver with default provider #1", 50);
string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\""; string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
@ -99,26 +176,144 @@ namespace KsDumper11
}; };
Process proc = Process.Start(inf); Process proc = Process.Start(inf);
proc.WaitForExit(); proc.WaitForExit();
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper")) if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{ {
retryCountDown = 3; retryCountDown = 3;
while (retryCountDown != 0) UpdateStatus("Scanning for working providers...", 50);
while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{ {
UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0); if (providerID == 31)
Thread.Sleep(1000); {
retryCountDown -= 1; if (workingProviders.Count > 0)
{
providerID = workingProviders[rnd.Next(0, workingProviders.Count - 1)];
UpdateStatus("Saving working providers!", 50);
Thread.Sleep(500);
saveProviders();
tryLoad(providerID);
if (DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
LoadedDriver();
return;
}
else
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"No working providers found! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
else
{
retryCountDown = 3;
while (retryCountDown != 0)
{
UpdateStatus($"No working providers found! Exiting in {retryCountDown}s", 50);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
}
if (providerID == 1 || providerID == 7 || providerID == 29 || providerID == 28)
{
providerID++;
continue;
}
tryLoad(providerID);
if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
UpdateStatus($"Provider: {providerID} failed!", 50);
Thread.Sleep(1000);
providerID++;
continue;
}
else
{
UpdateStatus($"Provider: {providerID} works", 50);
workingProviders.Add(providerID);
DriverInterface.OpenKsDumperDriver().UnloadDriver();
Thread.Sleep(1000);
providerID++;
continue;
}
} }
Environment.Exit(0); if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
while (retryCountDown != 0)
{
UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0);
Thread.Sleep(1000);
retryCountDown -= 1;
}
Environment.Exit(0);
}
} }
UpdateStatus("Driver Started!...", 100); UpdateStatus("Driver Started!", 100);
Thread.Sleep(750); Thread.Sleep(750);
LoadedDriver(); LoadedDriver();
} }
void tryLoad(int providerID)
{
UpdateStatus($"Starting driver with provider: {providerID}", 50);
int timeout = 5;
int retryCountDown = 5;
string logPath = logFolder + $"\\driverLoading_ProviderID_{providerID}.log";
string args = " /c " + Environment.CurrentDirectory + $"\\Driver\\kdu.exe -prv {providerID} -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
ProcessStartInfo inf = new ProcessStartInfo("cmd")
{
Arguments = args,
CreateNoWindow = true,
UseShellExecute = false,
};
Process proc = Process.Start(inf);
if (!proc.WaitForExit(10000))
{
proc.Kill();
}
if (proc.ExitCode == 1)
{
Thread.Sleep(750);
}
//if (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
//{
// retryCountDown = 3;
// while (retryCountDown != 0)
// {
// UpdateStatus($"Driver failed to start! Exiting in {retryCountDown}s", 0);
// Thread.Sleep(1000);
// retryCountDown -= 1;
// }
// Environment.Exit(0);
//}
//UpdateStatus("Driver Started!...", 100);
}
public SplashForm() public SplashForm()
{ {
InitializeComponent(); InitializeComponent();
@ -132,7 +327,14 @@ namespace KsDumper11
//StartProgressBar(); //StartProgressBar();
Task.Run(() => Task.Run(() =>
{ {
StartDriver(); try
{
StartDriver();
}
catch (Exception ex)
{
return;
}
}); });
} }

7
README.md
View File

@ -1,6 +1,12 @@
# KsDumper-11 # KsDumper-11
https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4 https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4
## Whats new v1.2
- KsDumper will now try and start the driver using the default kdu exploit provider #1 (RTCore64.sys)
- If the default provider does not work, KsDumper will scan all kdu providers and save each one that works into a list.
- Anytime kdu loads and it detects a saved providers list, it will try to load the KsDumper driver using each saved provider until one works.
- This technique should increase the amount of systems that the driver will be able to be loaded on.
## Support ## Support
You can join the official KsDumper 11 discord server where I will be managing ongoing issues. You can join the official KsDumper 11 discord server where I will be managing ongoing issues.
I am starting to see multiple people who's system the Rtcore64 exploit fails to work on. I am starting to see multiple people who's system the Rtcore64 exploit fails to work on.
@ -9,6 +15,7 @@ Please keep in mind that until others volunteer to help in development of this t
https://discord.gg/6kfWU3Ckya https://discord.gg/6kfWU3Ckya
## Features ## Features
- Auto detection of working kdu exploit providers.
- Auto dumping of selected exe. - Auto dumping of selected exe.
- Unloading the KsDumper kernel driver is now supported! An option was added to unload on program exit, or system shutdown/restart. - Unloading the KsDumper kernel driver is now supported! An option was added to unload on program exit, or system shutdown/restart.
- Splash screen for when driver is being loaded - Splash screen for when driver is being loaded