outflanknl / dumpert Goto Github PK
View Code? Open in Web Editor NEWLSASS memory dumper using direct system calls and API unhooking.
dumpert's Issues
getting error
There is error among the code
Severity Code Description Project File Line Suppression State
Error MSB3721 The command "ml64.exe /c /nologo /Zi /Fo"x64\Release\Syscalls.obj" /W3 /errorReport:prompt /TaSyscalls.asm" exited with code 1. Outflank-Dumpert C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\VC\VCTargets\BuildCustomizations\masm.targets 50
Unable to dump LSASS memory on Windows 10 with Kasperky Total Security
C:\Windows\Temp>.\Outflank-Dumpert.exe
________ __ _____.__ __
\_____ \ __ ___/ |__/ ____\ | _____ ____ | | __
/ | \| | \ __\ __\| | \__ \ / \| |/ /
/ | \ | /| | | | | |__/ __ \| | \ <
\_______ /____/ |__| |__| |____(____ /___| /__|_ \
\/ \/ \/ \/
Dumpert
By Cneeliz @Outflank 2019
[1] Checking OS version details:
[+] Operating System is Windows 10 or Server 2016, build number 18363
[+] Mapping version specific System calls.
[2] Checking Process details:
[+] Process ID of lsass.exe is: 584
[+] NtReadVirtualMemory function pointer at: 0x00007FFF92C3C840
[+] NtReadVirtualMemory System call nr is: 0x3f
[+] Unhooking NtReadVirtualMemory.
[3] Create memorydump file:
[+] Open a process handle.
[+] Dump lsass.exe memory to: \??\C:\Windows\Temp\dumpert.dmp
[!] Failed to create minidump, error code: 80070005
C:\Windows\Temp>systeminfo
Host Name: DESKTOP-1
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.18363 N/A Build 18363
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: localhostIt would be great if error code 80070005 could be explained please so that the same can be attempted
32bit compatibility
Is there a way to produce a 32bit dll? What if I manually translate syscalls to 32bit ?
Can't bypass Kaspersky
Can't bypass Kaspersky?
compilation error
I get an error when compiling
what could be the problem ?
Assembling Syscalls.asm...
Dumpert.c
c:\program files (x86)\windows kits\8.1\include\um\winnt.h(31): fatal error C1083: Cannot open include file: 'ctype.h': No such file or directory
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.