Nemesis
A customizable process dumper.
Usage
Just select whatever you want (Process, Dll, Driver, ...) and click on the dump button. If it was successful, you can load the file into decompilers like IDA Pro, Ghidra or Binary Ninja. Some of these programs are available for free, but of course they won't be as good as the paid ones. Here's a short list of the different versions:
Paid:
Free:
Note: If you want another decompiler added, feel free to create a pull request or issue.
Features
General
- Both x86 and x64
- Dump:
- Processes
- Modules
- Memory
- Drivers
- PE Rebuild
- Switch memory sources
Application
-
Simple and intuitive design
-
Custom locations
-
Sortable lists
-
Keyboard shortcuts
-
Customizable GUI
-
Dark mode
Memory Sources
Problem
First of all, there's not really a public driver dumper, so you either had to rely on other people dumping them for you or write a dumper yourself. However, to be able to dump drivers, you need to have a kernel mode driver. It can be really annnoying if you just want to dump a simple process, if you have to load your driver beforehand.
Of course there's tools which only dump processes with/without a kernel driver, but you'd need to install like 3 different programs just to be prepared for all situations.
Solution
With Nemesis, you can simply switch memory sources with a single mouse click and use whatever you need. This does not only save you some time, but also a lot of disk space.
If you want to dump it with physical memory or via a hypervisor? Simply add a new memory source and you are good to go.
Exports
Nemesis is also available as a dump library. If you want to implement a dumper, but don't want to mess with low level stuff, simply load the dll and use the following imports.
ConfigExport
DriverExport
DumpExport
MemorySourceExport
ProcessExport
Keyboard Shortcuts
CTRL+D - Dump the selected process or driver
CTRL+R - Refresh the process and driver list
CTRL+ALT+S - Open the settings
Disclaimer
Use at your own risk. It might destroy the Earth.