> I always had an interest in reverse engineering. A few days ago I wanted to look at some game internals for fun, but it was packed & protected by EAC (EasyAntiCheat). This means its handle were stripped and I was unable to dump the process from Ring3. I decided to try to make a custom driver that would allow me to copy the process memory without using OpenProcess. I knew nothing about Windows kernel, PE file structure, so I spent a lot of time reading articles and forums to make this project.
Features
Usage
Before using KsDumperClient, the KsDumper driver needs to be loaded.
It is unsigned so you need to load it however you want. Iβm using drvmap for Win10. Everything is provided in this release if you want to use it aswell.
Driver/LoadCapcom.bat
as Admin. Donβt press any key or close the window yet !Driver/LoadUnsignedDriver.bat
as Admin.LoadCapcom
cmd to unload the driver.KsDumperClient.exe
.References
Compile Yourself