equifox / ksdumper Goto Github PK

[+] loaded capcom driver: 0
Assertion failed: m_capcom_driver.get() != INVALID_HANDLE_VALUE, file c:\users\foxy\desktop\tools\drvmap-master\capcom\capcom.cpp, line 70

Hi there,

This isn't a issue I just wanted to know why you get the process list and process information (base address, process id etc) via the driver and not use the System.Diagonostics namespace in the C# Client (also gives you all the modules inside process)? Is that method some kind of detection with the anti-cheat? I understand the read/write memory section being all done via driver of course as you can't get a handle to the protected process.

Thanks man.

nvm

I ran the first .bat as an admin, didn't close it, however after I ran as admin the second bat the system would BSOD and restart, am I doing something wrong?

Can you add an IAT repair feature?

https://github.com/EquiFox/KsDumper/blob/master/KsDumperDriver/Driver.c#L100

function signature should be with NTSTATUS return val (not required to return something actually).

Also:
https://github.com/EquiFox/KsDumper/blob/master/KsDumperDriver/Driver.c#L105

It's better make the symLink global and you are deleting wrong link anyway, it should be the one with "Dos" in the name. If have time, i'll make a pull request.

https://github.com/EquiFox/KsDumper/blob/master/KsDumperDriver/Utility.c#L12

does not show process list on windows sandbox

This has been a long running issue ive had with KsDumper, it would always either not load the driver, or bsod my system when i would run it under windows 11. So far ive hod to use KsDumper in a windows 10 vm for anything i needed it for.
That is no longer! I have revived the project and found a new driver mapper that works on win 11.
I have also automated the driver loading, and updated the UI. Addition feature were added as well.

https://github.com/mastercodeon314/KsDumper-11

SERVICE_NAME: Capcom
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
[SC] DeleteService SUCCESS
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

Could Not Find C:\Windows\system32\drivers\Capcom.sys
Cya

Whenever I run LoadCapcom.bat it says this

    1 file(s) copied.

[SC] CreateService FAILED 1073:

The specified service already exists.

[SC] StartService FAILED 647:

The driver was not loaded because it failed its initialization call.

Driver loaded, fire up the exploit now then press a key when exploit has been done.
If you see any access denied, close this and relaunch the bat as Administrator.
DO NOT PRESS ANY KEY UNTIL YOU HAVE FINISHED LAUNCHING THE EXPLOIT
Press any key to continue . . .****

    1 file(s) copied.

[SC] CreateService SUCCESS
[SC] StartService FAILED 577:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Driver loaded, fire up the exploit now then press a key when exploit has been done.
If you see any access denied, close this and relaunch the bat as Administrator.
DO NOT PRESS ANY KEY UNTIL YOU HAVE FINISHED LAUNCHING THE EXPLOIT
Press any key to continue . . .
[SC] ControlService FAILED 1062:

The service has not been started.

[SC] DeleteService SUCCESS
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

Could Not Find C:\Windows\system32\drivers\Capcom.sys
Cya
Press any key to continue . . .

its tooo old driver and not working

Hello, so when I try to load the drivers I just get a BSOD.

When loading Capcom.sys it works but when I try to then load KsDumperDriver.sys I just blue screen.
I have disabled Hyper-V, Credential Guard and Device Guard.

Cant seem to find them ? Can author update the readme.

when launching LoadUnsignedDriver.bat it says

[+] loaded capcom driver: 0
Assertion failed: m_capcom_driver.get() != INVALID_HANDLE_VALUE, file c:\users\foxy\desktop\tools\drvmap-master\capcom\capcom.cpp, line 70

Does it suppose to work on win7sp1 x64?

I"m getting this:

c:\Tmp\Driver>"c:\Tmp\Driver\\drvmap.exe" "c:\Tmp\Driver\\KsDumperDriver.sys"
[+] loaded capcom driver: 0
[+] allocated 0x7000 bytes at 0xFFFFFA8015F06000
processing module: ntoskrnl.exe [0xFFFFF8000300A000]
Assertion failed: RtlFindExportedRoutineByName != nullptr, file c:\users\foxy\desktop\tools\drvmap-master\capcom\capcom.cpp, line 196

LoadCapcom.bat

Please tell me how to get apex offset. Do you have a video tutorial on YouTube or anywhere else?

Windows 10 1903 crashing after i open LoadUnsignedDriver.bat

You could just rename r5apex to eaclauncher and then it would've let you dump with Scylla. Sick job tho with all the work you put into this, im sure you'll improve much with your drivers as you rethink what's possible from kernel ;)

I keep getting a BSoD idk why