mirror of
https://github.com/mastercodeon314/KsDumper-11.git
synced 2024-11-28 00:10:52 +01:00
58 lines
3.1 KiB
Markdown
58 lines
3.1 KiB
Markdown
# KsDumper-11
|
|
![Demo](https://i.imgur.com/6XyMDxa.gif)
|
|
^New Demo gif comming soon
|
|
|
|
## Features
|
|
- Auto dumping of selected exe.
|
|
- Auto Refresh (every 100ms)
|
|
- Suspend, resume, kill process
|
|
- Dump any process main module using a kernel driver (both x86 and x64)
|
|
- Rebuild PE32/PE64 header and sections
|
|
- ^ This can be defeated by stripping pe headers. Once pe headers are stripped, it cant dump.
|
|
- Works on protected system processes & processes with stripped handles (anti-cheats)
|
|
- Works on Windows 11, it doesnt crash anymore!
|
|
![Dev Channel Insider Build Win 11 Ksdumper](https://cdn.discordapp.com/attachments/1022996250037076047/1066538037154152548/image.png)
|
|
|
|
**Note**: Import table isn't rebuilt.
|
|
|
|
## Usage
|
|
The old way of loading the unsigned ksDumper.sys kernel driver was to use the capcom exploit to map it, this got patched in windows 11.
|
|
This one loads the driver with Kernel Driver Utility, or KDU for short.
|
|
I could not get the main fork of the program to work when being built from source.
|
|
|
|
This one does though.
|
|
https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe
|
|
|
|
All driver loading is now automated, i plan on putting in a splash screen till the driver loads.
|
|
For now, the client wont open until the driver has been loaded, if it fails, it exits.
|
|
I tried to build a logger to output kdu's console output to a file, however it writes black always. Known issue
|
|
|
|
**Note**: The driver stays loaded until you reboot, so if you close KsDumper11.exe, you can just reopen it !
|
|
**Note2**: Even though it can dump both x86 & x64 processes, this has to run on x64 Windows.
|
|
|
|
## Disclaimer
|
|
Due to the nature of how KDU works to map the kernel driver, it is unknown if the system you run this on
|
|
will have a exploitable driver according to kdu providers.
|
|
If you try to boot KsDumper 11 and it fails to start the driver, trying again as administrator.
|
|
If it still fails, run the included ManualLoader.bat in the driver folder and post the results as an issue.
|
|
I will be working on making a selector that will get the correct provider for your system, or detect if none are available.
|
|
|
|
This project has been made available for informational and educational purposes only.
|
|
The driver source is not included because i couldnt ever get it to compile on my system. The source can be found on the original reop.
|
|
Considering the nature of this project, it is highly recommended to run it in a `Virtual Environment`. I am not responsible for any crash or damage that could happen to your system.
|
|
|
|
**Important**: This tool makes no attempt at hiding itself. If you target protected games, the anti-cheat might flag this as a cheat and ban you after a while. Use a `Virtual Environment` !
|
|
|
|
## References
|
|
= https://github.com/EquiFox/KsDumper
|
|
- https://github.com/hfiref0x/KDU
|
|
- https://github.com/morelli690/KDU_kernel_bypass_/blob/master/Bin/kdu.exe
|
|
- https://github.com/not-wlan/drvmap
|
|
- https://github.com/Zer0Mem0ry/KernelBhop
|
|
- https://github.com/NtQuery/Scylla/
|
|
- http://terminus.rewolf.pl/terminus/
|
|
- https://www.unknowncheats.me/
|
|
|
|
## Compile Yourself
|
|
- Requires Visual Studio 2022
|
|
- Requires .NET 4.8 |