GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → EquiFox → Ksdumper

EquiFox / Ksdumper

Licence: mit
Dumping processes using the power of kernel space !

Labels

reverse-engineeringkernelprocesscheat

Projects that are alternatives of or similar to Ksdumper

Android Lkms
Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators
Stars: ✭ 164 (-63.88%)
Mutual labels:  kernel, reverse-engineering
Ntphp
Ever wanted to execute PHP in your kernel driver? Look no further!
Stars: ✭ 76 (-83.26%)
Mutual labels:  cheat, kernel
Pcsgolh
PCSGOLH - Pointless Counter-Strike: Global Offensive Lua Hooks. A open-source Lua API for CS:GO hacking written in modern C++
Stars: ✭ 56 (-87.67%)
Mutual labels:  cheat, reverse-engineering
Ksm
A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.
Stars: ✭ 673 (+48.24%)
Mutual labels:  kernel, reverse-engineering
Garhal csgo
A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Kernel Cheat/Hack) All cleaned up, and with updated offsets.
Stars: ✭ 179 (-60.57%)
Mutual labels:  cheat, kernel
Wnfun
WNF Utilities 4 Newbies (WNFUN)
Stars: ✭ 63 (-86.12%)
Mutual labels:  kernel, reverse-engineering
Dainsleif
⚡️ A simple model cheat for CSGO a.k.a. Counter-Strike: Global Offensive.
Stars: ✭ 74 (-83.7%)
Mutual labels:  cheat, reverse-engineering
Dll hook Rs
Rust code to show how hooking in rust with a dll works.
Stars: ✭ 57 (-87.44%)
Mutual labels:  cheat, reverse-engineering
Pubg Pak Hacker
use windows kernel deriver hidden file and itself to Bypass BE
Stars: ✭ 157 (-65.42%)
Mutual labels:  cheat, kernel
Osiris
Free open-source game cheat for Counter-Strike: Global Offensive, written in modern C++. GUI powered by Dear ImGui.
Stars: ✭ 1,851 (+307.71%)
Mutual labels:  cheat, reverse-engineering
The holy book of x86
A simple guide to x86 architecture, assembly, memory management, paging, segmentation, SMM, BIOS....
Stars: ✭ 577 (+27.09%)
Mutual labels:  kernel, reverse-engineering
Procfs
procfs provides functions to retrieve system, kernel and process metrics from the pseudo-filesystem proc.
Stars: ✭ 414 (-8.81%)
Mutual labels:  kernel, process
Anticheat Testing Framework
Framework to test any Anti-Cheat
Stars: ✭ 481 (+5.95%)
Mutual labels:  kernel, reverse-engineering
Ipod Gadget
iPod usb gadget for audio playback
Stars: ✭ 94 (-79.3%)
Mutual labels:  kernel, reverse-engineering
Anubis
Free open-source training software / cheat for Counter-Strike: Global Offensive, written in C.
Stars: ✭ 81 (-82.16%)
Mutual labels:  cheat, reverse-engineering
KDBG
The windows kernel debugger consists of two parts, KMOD which is the kernel driver handling ring3 request and KCLI; the command line interface for the driver. It originated due to insufficient useability with CheatEngine's DBVM driver while debugging games running under certain AntiCheat software.
Stars: ✭ 28 (-93.83%)
Mutual labels:  kernel, cheat
Pplkiller
Protected Processes Light Killer
Stars: ✭ 453 (-0.22%)
Mutual labels:  kernel, process
Schedviz
A tool for gathering and visualizing kernel scheduling traces on Linux machines
Stars: ✭ 426 (-6.17%)
Mutual labels:  kernel
Sympact
🔥 Stupid Simple CPU/MEM "Profiler" for your JS code.
Stars: ✭ 439 (-3.3%)
Mutual labels:  process
Pev
The PE file analysis toolkit
Stars: ✭ 422 (-7.05%)
Mutual labels:  reverse-engineering
View All Similar Projects ➔

KsDumper

Demo

I always had an interest in reverse engineering. A few days ago I wanted to look at some game internals for fun, but it was packed & protected by EAC (EasyAntiCheat). This means its handle were stripped and I was unable to dump the process from Ring3. I decided to try to make a custom driver that would allow me to copy the process memory without using OpenProcess. I knew nothing about Windows kernel, PE file structure, so I spent a lot of time reading articles and forums to make this project.

Features

  • Dump any process main module using a kernel driver (both x86 and x64)
  • Rebuild PE32/PE64 header and sections
  • Works on protected system processes & processes with stripped handles (anti-cheats)

Note: Import table isn't rebuilt.

Usage

Before using KsDumperClient, the KsDumper driver needs to be loaded.

It is unsigned so you need to load it however you want. I'm using drvmap for Win10. Everything is provided in this release if you want to use it aswell.

  • Run Driver/LoadCapcom.bat as Admin. Don't press any key or close the window yet !
  • Run Driver/LoadUnsignedDriver.bat as Admin.
  • Press enter in the LoadCapcom cmd to unload the driver.
  • Run KsDumperClient.exe.
  • Profit !

Note: The driver stays loaded until you reboot, so if you close KsDumperClient.exe, you can just reopen it !
Note2: Even though it can dump both x86 & x64 processes, this has to run on x64 Windows.

Disclaimer

This project was a way for me to learn about Windows kernel, PE file structure and kernel-user space interactions. It has been made available for informational and educational purposes only.

Considering the nature of this project, it is highly recommended to run it in a Virtual Environment. I am not responsible for any crash or damage that could happen to your system.

Important: This tool makes no attempt at hiding itself. If you target protected games, the anti-cheat might flag this as a cheat and ban you after a while. Use a Virtual Environment !

References

Compile Yourself

  • Requires Visual Studio 2017
  • Requires Windows Driver Kit (WDK)
  • Requires .NET 4.6.1
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].