Cool_Tools/KsDumper-11
1
0
Fork 0
mirror of https://github.com/mastercodeon314/KsDumper-11.git synced 2024-11-24 06:50:10 +01:00
Code Releases Activity

Easter egg and readme update

Browse Source
This commit is contained in:
Mastercodeon 2023-01-31 02:20:38 -06:00
parent cace65c258
commit daed28f811
5 changed files with 67 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
DarkControls/DarkControls.csproj
View File

@ -128,7 +128,9 @@
<None Include="icons8-crossed-axes-100.png" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="BlankForm.resx" />
<EmbeddedResource Include="BlankForm.resx">
<SubType>Designer</SubType>
</EmbeddedResource>
<EmbeddedResource Include="Properties\Resources.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Resources.Designer.cs</LastGenOutput>

26
KsDumper11/Dumper.Designer.cs generated
View File

@ -45,6 +45,7 @@
this.ImageSizeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.ImageTypeHeader = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.debuggerTrigger = new KsDumper11.Trigger();
this.trigger1 = new KsDumper11.Trigger();
this.groupBox1.SuspendLayout();
this.contextMenuStrip1.SuspendLayout();
((System.ComponentModel.ISupportInitialize)(this.appIcon1)).BeginInit();
@ -85,46 +86,46 @@
this.resumeProcessToolStripMenuItem,
this.killProcessToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
this.contextMenuStrip1.Size = new System.Drawing.Size(181, 142);
this.contextMenuStrip1.Size = new System.Drawing.Size(163, 120);
this.contextMenuStrip1.Opening += new System.ComponentModel.CancelEventHandler(this.contextMenuStrip1_Opening);
//
// dumpMainModuleToolStripMenuItem
//
this.dumpMainModuleToolStripMenuItem.Name = "dumpMainModuleToolStripMenuItem";
this.dumpMainModuleToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.dumpMainModuleToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.dumpMainModuleToolStripMenuItem.Text = "Dump Process";
this.dumpMainModuleToolStripMenuItem.Click += new System.EventHandler(this.dumpMainModuleToolStripMenuItem_Click);
//
// toolStripSeparator1
//
this.toolStripSeparator1.Name = "toolStripSeparator1";
this.toolStripSeparator1.Size = new System.Drawing.Size(177, 6);
this.toolStripSeparator1.Size = new System.Drawing.Size(159, 6);
//
// openInExplorerToolStripMenuItem
//
this.openInExplorerToolStripMenuItem.Name = "openInExplorerToolStripMenuItem";
this.openInExplorerToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.openInExplorerToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.openInExplorerToolStripMenuItem.Text = "Open In Explorer";
this.openInExplorerToolStripMenuItem.Click += new System.EventHandler(this.openInExplorerToolStripMenuItem_Click);
//
// suspendProcessToolStripMenuItem
//
this.suspendProcessToolStripMenuItem.Name = "suspendProcessToolStripMenuItem";
this.suspendProcessToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.suspendProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.suspendProcessToolStripMenuItem.Text = "Suspend process";
this.suspendProcessToolStripMenuItem.Click += new System.EventHandler(this.suspendProcessToolStripMenuItem_Click);
//
// resumeProcessToolStripMenuItem
//
this.resumeProcessToolStripMenuItem.Name = "resumeProcessToolStripMenuItem";
this.resumeProcessToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.resumeProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.resumeProcessToolStripMenuItem.Text = "Resume process";
this.resumeProcessToolStripMenuItem.Click += new System.EventHandler(this.resumeProcessToolStripMenuItem_Click);
//
// killProcessToolStripMenuItem
//
this.killProcessToolStripMenuItem.Name = "killProcessToolStripMenuItem";
this.killProcessToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.killProcessToolStripMenuItem.Size = new System.Drawing.Size(162, 22);
this.killProcessToolStripMenuItem.Text = "Kill process";
this.killProcessToolStripMenuItem.Click += new System.EventHandler(this.killProcessToolStripMenuItem_Click);
//
@ -308,12 +309,22 @@
this.debuggerTrigger.Size = new System.Drawing.Size(15, 13);
this.debuggerTrigger.TabIndex = 15;
//
// trigger1
//
this.trigger1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.trigger1.Location = new System.Drawing.Point(443, 28);
this.trigger1.Name = "trigger1";
this.trigger1.Size = new System.Drawing.Size(35, 24);
this.trigger1.TabIndex = 16;
this.trigger1.Load += new System.EventHandler(this.trigger1_Load);
//
// Dumper
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(33)))), ((int)(((byte)(33)))), ((int)(((byte)(33)))));
this.ClientSize = new System.Drawing.Size(1009, 746);
this.Controls.Add(this.trigger1);
this.Controls.Add(this.debuggerTrigger);
this.Controls.Add(this.closeDriverOnExitBox);
this.Controls.Add(this.hideSystemProcessBtn);
@ -416,5 +427,6 @@
private global::System.Windows.Forms.Button hideSystemProcessBtn;
private DarkControls.Controls.DarkCheckBox closeDriverOnExitBox;
private Trigger debuggerTrigger;
private Trigger trigger1;
}
}

5
KsDumper11/Dumper.cs
View File

@ -748,5 +748,10 @@ namespace KsDumper11
// Token: 0x040000A8 RID: 168
public int InheritedFromUniqueProcessId;
}
private void trigger1_Load(object sender, EventArgs e)
{
}
}
}

57
KsDumper11/SplashForm.cs
View File

@ -56,6 +56,9 @@ namespace KsDumper11
}
}
int maxProviders = 31;
//int maxProviders = 9;
List<int> workingProviders = new List<int>();
string logFolder = Environment.CurrentDirectory + "\\Logs";
@ -77,9 +80,10 @@ namespace KsDumper11
}
}
if (providerID != 31)
if (providerID != maxProviders)
{
writeToDisk(scanningPath, providerID.ToString());
File.WriteAllText(scanningPath, b.ToString());
}
writeToDisk(workingProvidersPath, b.ToString());
@ -156,14 +160,20 @@ namespace KsDumper11
if (File.Exists(workingProvidersPath))
{
string provsStr = File.ReadAllText(workingProvidersPath);
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
if (provsStr != String.Empty && provsStr != null)
{
workingProviders.Add(int.Parse(provider));
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
}
}
providerID = int.Parse(File.ReadAllText(scanningPath));
// Save the crash providerID to a blacklist.
providerID++;
if (scan(providerID))
{
@ -177,12 +187,15 @@ namespace KsDumper11
UpdateStatus($"Saved providers found, trying each provider until one works...", 50);
Thread.Sleep(1000);
string provsStr = File.ReadAllText(workingProvidersPath);
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
if (provsStr != String.Empty && provsStr != null)
{
string[] parts = provsStr.Split('|');
foreach (string provider in parts)
{
workingProviders.Add(int.Parse(provider));
}
}
while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (idx == workingProviders.Count)
@ -221,20 +234,22 @@ namespace KsDumper11
string logPath = Environment.CurrentDirectory + "\\driverLoading.log";
Thread.Sleep(750);
//Thread.Sleep(750);
UpdateStatus("Starting driver with default provider #1", 50);
//{
// UpdateStatus("Starting driver with default provider #1", 50);
string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
// string args = " /c " + Environment.CurrentDirectory + "\\Driver\\kdu.exe -prv 1 -map .\\Driver\\KsDumperDriver.sys > " + "\"" + logPath + "\"";
ProcessStartInfo inf = new ProcessStartInfo("cmd")
{
Arguments = args,
CreateNoWindow = true,
UseShellExecute = false,
};
Process proc = Process.Start(inf);
proc.WaitForExit();
// ProcessStartInfo inf = new ProcessStartInfo("cmd")
// {
// Arguments = args,
// CreateNoWindow = true,
// UseShellExecute = false,
// };
// Process proc = Process.Start(inf);
// proc.WaitForExit();
//}
scan(0);
@ -255,7 +270,7 @@ namespace KsDumper11
UpdateStatus("Scanning for working providers...", 50);
while (!DriverInterface.IsDriverOpen("\\\\.\\KsDumper"))
{
if (providerID == 31)
if (providerID == maxProviders)
{
if (workingProviders.Count > 0)
{

13
README.md
View File

@ -2,10 +2,10 @@
https://user-images.githubusercontent.com/78676320/213967527-ba0d435d-9d92-467d-bd9f-4e85f947dfa0.mp4
## Whats new v1.2
- KsDumper will now try and start the driver using the default kdu exploit provider #1 (RTCore64.sys)
- If the default provider does not work, KsDumper will scan all kdu providers and save each one that works into a list.
- Anytime kdu loads and it detects a saved providers list, it will try to load the KsDumper driver using each saved provider until one works.
- This technique should increase the amount of systems that the driver will be able to be loaded on.
+ KsDumper will now try and start the driver using the default kdu exploit provider #1 (RTCore64.sys)
+ If the default provider does not work, KsDumper will scan all kdu providers and save each one that works into a list.
+ Anytime kdu loads and it detects a saved providers list, it will try to load the KsDumper driver using each saved provider until one works.
+ This technique should increase the amount of systems that the driver will be able to be loaded on.
## Support
You can join the official KsDumper 11 discord server where I will be managing ongoing issues.
@ -33,10 +33,6 @@ https://discord.gg/6kfWU3Ckya
## Usage
The old way of loading the unsigned ksDumper.sys kernel driver was to use the capcom exploit to map it, this got patched in windows 11.
This one loads the driver with Kernel Driver Utility, or KDU for short.
I could not get the main fork of the program to work when being built from source.
This one does though.
https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe
All driver loading is now automated, The splash screen is done, and the driver loader log now works!
If the splash screen shuts down saying it failed to start the driver, please post the log file as an issue on the repo.
@ -62,7 +58,6 @@ Considering the nature of this project, it is highly recommended to run it in a
## References
- https://github.com/EquiFox/KsDumper
- https://github.com/hfiref0x/KDU
- https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe
- https://github.com/not-wlan/drvmap
- https://github.com/Zer0Mem0ry/KernelBhop
- https://github.com/NtQuery/Scylla/