From daed28f8118452bd81e4a6a360a2b96bfe18e2ac Mon Sep 17 00:00:00 2001 From: Mastercodeon Date: Tue, 31 Jan 2023 02:20:38 -0600 Subject: [PATCH] Easter egg and readme update --- DarkControls/DarkControls.csproj | 4 ++- KsDumper11/Dumper.Designer.cs | 26 +++++++++++---- KsDumper11/Dumper.cs | 5 +++ KsDumper11/SplashForm.cs | 57 ++++++++++++++++++++------------ README.md | 13 +++----- 5 files changed, 67 insertions(+), 38 deletions(-) diff --git a/DarkControls/DarkControls.csproj b/DarkControls/DarkControls.csproj index 9256772..5f58242 100644 --- a/DarkControls/DarkControls.csproj +++ b/DarkControls/DarkControls.csproj @@ -128,7 +128,9 @@ - + + Designer + ResXFileCodeGenerator Resources.Designer.cs diff --git a/KsDumper11/Dumper.Designer.cs b/KsDumper11/Dumper.Designer.cs index 59cdf76..894ccf6 100644 --- a/KsDumper11/Dumper.Designer.cs +++ b/KsDumper11/Dumper.Designer.cs @@ -45,6 +45,7 @@ this.ImageSizeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.ImageTypeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.debuggerTrigger = new KsDumper11.Trigger(); + this.trigger1 = new KsDumper11.Trigger(); this.groupBox1.SuspendLayout(); this.contextMenuStrip1.SuspendLayout(); ((System.ComponentModel.ISupportInitialize)(this.appIcon1)).BeginInit(); @@ -85,46 +86,46 @@ this.resumeProcessToolStripMenuItem, this.killProcessToolStripMenuItem}); this.contextMenuStrip1.Name = "contextMenuStrip1"; - this.contextMenuStrip1.Size = new System.Drawing.Size(181, 142); + this.contextMenuStrip1.Size = new System.Drawing.Size(163, 120); this.contextMenuStrip1.Opening += new System.ComponentModel.CancelEventHandler(this.contextMenuStrip1_Opening); // // dumpMainModuleToolStripMenuItem // this.dumpMainModuleToolStripMenuItem.Name = "dumpMainModuleToolStripMenuItem"; - this.dumpMainModuleToolStripMenuItem.Size = new System.Drawing.Size(180, 22); + this.dumpMainModuleToolStripMenuItem.Size = new System.Drawing.Size(162, 22); this.dumpMainModuleToolStripMenuItem.Text = "Dump Process"; this.dumpMainModuleToolStripMenuItem.Click += new System.EventHandler(this.dumpMainModuleToolStripMenuItem_Click); // // toolStripSeparator1 // this.toolStripSeparator1.Name = "toolStripSeparator1"; - this.toolStripSeparator1.Size = new System.Drawing.Size(177, 6); + this.toolStripSeparator1.Size = new System.Drawing.Size(159, 6); // // openInExplorerToolStripMenuItem // this.openInExplorerToolStripMenuItem.Name = "openInExplorerToolStripMenuItem"; - this.openInExplorerToolStripMenuItem.Size = new System.Drawing.Size(180, 22); + this.openInExplorerToolStripMenuItem.Size = new System.Drawing.Size(162, 22); this.openInExplorerToolStripMenuItem.Text = "Open In Explorer"; this.openInExplorerToolStripMenuItem.Click += new System.EventHandler(this.openInExplorerToolStripMenuItem_Click); // // suspendProcessToolStripMenuItem // this.suspendProcessToolStripMenuItem.Name = "suspendProcessToolStripMenuItem"; - this.suspendProcessToolStripMenuItem.Size = new System.Drawing.Size(180, 22); + this.suspendProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22); this.suspendProcessToolStripMenuItem.Text = "Suspend process"; this.suspendProcessToolStripMenuItem.Click += new System.EventHandler(this.suspendProcessToolStripMenuItem_Click); // // resumeProcessToolStripMenuItem // this.resumeProcessToolStripMenuItem.Name = "resumeProcessToolStripMenuItem"; - this.resumeProcessToolStripMenuItem.Size = new System.Drawing.Size(180, 22); + this.resumeProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22); this.resumeProcessToolStripMenuItem.Text = "Resume process"; this.resumeProcessToolStripMenuItem.Click += new System.EventHandler(this.resumeProcessToolStripMenuItem_Click); // // killProcessToolStripMenuItem // this.killProcessToolStripMenuItem.Name = "killProcessToolStripMenuItem"; - this.killProcessToolStripMenuItem.Size = new System.Drawing.Size(180, 22); + this.killProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22); this.killProcessToolStripMenuItem.Text = "Kill process"; this.killProcessToolStripMenuItem.Click += new System.EventHandler(this.killProcessToolStripMenuItem_Click); // @@ -308,12 +309,22 @@ this.debuggerTrigger.Size = new System.Drawing.Size(15, 13); this.debuggerTrigger.TabIndex = 15; // + // trigger1 + // + this.trigger1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33))))); + this.trigger1.Location = new System.Drawing.Point(443, 28); + this.trigger1.Name = "trigger1"; + this.trigger1.Size = new System.Drawing.Size(35, 24); + this.trigger1.TabIndex = 16; + this.trigger1.Load += new System.EventHandler(this.trigger1_Load); + // // Dumper // this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33))))); this.ClientSize = new System.Drawing.Size(1009, 746); + this.Controls.Add(this.trigger1); this.Controls.Add(this.debuggerTrigger); this.Controls.Add(this.closeDriverOnExitBox); this.Controls.Add(this.hideSystemProcessBtn); @@ -416,5 +427,6 @@ private global::System.Windows.Forms.Button hideSystemProcessBtn; private DarkControls.Controls.DarkCheckBox closeDriverOnExitBox; private Trigger debuggerTrigger; + private Trigger trigger1; } } diff --git a/KsDumper11/Dumper.cs b/KsDumper11/Dumper.cs index fa9f270..e2b5569 100644 --- a/KsDumper11/Dumper.cs +++ b/KsDumper11/Dumper.cs @@ -748,5 +748,10 @@ namespace KsDumper11 // Token: 0x040000A8 RID: 168 public int InheritedFromUniqueProcessId; } + + private void trigger1_Load(object sender, EventArgs e) + { + + } } } diff --git a/KsDumper11/SplashForm.cs b/KsDumper11/SplashForm.cs index 7f64436..24d52b9 100644 --- a/KsDumper11/SplashForm.cs +++ b/KsDumper11/SplashForm.cs @@ -56,6 +56,9 @@ namespace KsDumper11 } } + int maxProviders = 31; + //int maxProviders = 9; + List workingProviders = new List(); string logFolder = Environment.CurrentDirectory + "\\Logs"; @@ -77,9 +80,10 @@ namespace KsDumper11 } } - if (providerID != 31) + if (providerID != maxProviders) { writeToDisk(scanningPath, providerID.ToString()); + File.WriteAllText(scanningPath, b.ToString()); } writeToDisk(workingProvidersPath, b.ToString()); @@ -156,14 +160,20 @@ namespace KsDumper11 if (File.Exists(workingProvidersPath)) { string provsStr = File.ReadAllText(workingProvidersPath); - string[] parts = provsStr.Split('|'); - foreach (string provider in parts) + if (provsStr != String.Empty && provsStr != null) { - workingProviders.Add(int.Parse(provider)); + string[] parts = provsStr.Split('|'); + foreach (string provider in parts) + { + workingProviders.Add(int.Parse(provider)); + } } } providerID = int.Parse(File.ReadAllText(scanningPath)); + + // Save the crash providerID to a blacklist. + providerID++; if (scan(providerID)) { @@ -177,12 +187,15 @@ namespace KsDumper11 UpdateStatus($"Saved providers found, trying each provider until one works...", 50); Thread.Sleep(1000); string provsStr = File.ReadAllText(workingProvidersPath); - string[] parts = provsStr.Split('|'); - foreach (string provider in parts) - { - workingProviders.Add(int.Parse(provider)); - } + if (provsStr != String.Empty && provsStr != null) + { + string[] parts = provsStr.Split('|'); + foreach (string provider in parts) + { + workingProviders.Add(int.Parse(provider)); + } + } while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper")) { if (idx == workingProviders.Count) @@ -221,20 +234,22 @@ namespace KsDumper11 string logPath = Environment.CurrentDirectory + "\\driverLoading.log"; - Thread.Sleep(750); + //Thread.Sleep(750); - UpdateStatus("Starting driver with default provider #1", 50); + //{ + // UpdateStatus("Starting driver with default provider #1", 50); - string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\""; + // string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\""; - ProcessStartInfo inf = new ProcessStartInfo("cmd") - { - Arguments = args, - CreateNoWindow = true, - UseShellExecute = false, - }; - Process proc = Process.Start(inf); - proc.WaitForExit(); + // ProcessStartInfo inf = new ProcessStartInfo("cmd") + // { + // Arguments = args, + // CreateNoWindow = true, + // UseShellExecute = false, + // }; + // Process proc = Process.Start(inf); + // proc.WaitForExit(); + //} scan(0); @@ -255,7 +270,7 @@ namespace KsDumper11 UpdateStatus("Scanning for working providers...", 50); while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper")) { - if (providerID == 31) + if (providerID == maxProviders) { if (workingProviders.Count > 0) { diff --git a/README.md b/README.md index d45f927..fb3195e 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,10 @@ https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4 ## Whats new v1.2 -- KsDumper will now try and start the driver using the default kdu exploit provider #1 (RTCore64.sys) -- If the default provider does not work, KsDumper will scan all kdu providers and save each one that works into a list. -- Anytime kdu loads and it detects a saved providers list, it will try to load the KsDumper driver using each saved provider until one works. -- This technique should increase the amount of systems that the driver will be able to be loaded on. ++ KsDumper will now try and start the driver using the default kdu exploit provider #1 (RTCore64.sys) ++ If the default provider does not work, KsDumper will scan all kdu providers and save each one that works into a list. ++ Anytime kdu loads and it detects a saved providers list, it will try to load the KsDumper driver using each saved provider until one works. ++ This technique should increase the amount of systems that the driver will be able to be loaded on. ## Support You can join the official KsDumper 11 discord server where I will be managing ongoing issues. @@ -33,10 +33,6 @@ https://discord.gg/6kfWU3Ckya ## Usage The old way of loading the unsigned ksDumper.sys kernel driver was to use the capcom exploit to map it, this got patched in windows 11. This one loads the driver with Kernel Driver Utility, or KDU for short. -I could not get the main fork of the program to work when being built from source. - -This one does though. -https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe All driver loading is now automated, The splash screen is done, and the driver loader log now works! If the splash screen shuts down saying it failed to start the driver, please post the log file as an issue on the repo. @@ -62,7 +58,6 @@ Considering the nature of this project, it is highly recommended to run it in a ## References - https://github.com/EquiFox/KsDumper - https://github.com/hfiref0x/KDU -- https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe - https://github.com/not-wlan/drvmap - https://github.com/Zer0Mem0ry/KernelBhop - https://github.com/NtQuery/Scylla/