Simple Program to dump any process using the process ID, as it will search in running process on the system to find the targeted process and once found, it will dump it and save the dump with the process excutable name with adding .dmp
as the dump extention.
This program uses MiniDumpWriteDump
windows function to dump the process, so even if the Task Manager
is disabled, you still can dump the memory of any process.
This tool is created to evade using any known malicious tool such as Mimikatz
or even the known ProcDumper
tool, as if it was identified by its hash to be prvented from being used to dump the process memory, so you can still dump the memeory of any targeted running process.
The main purpose of this tool is to dump LSASS
process to be pared offline using Mimikatz.
Open cmd
or powershell
as ADMINSITRATOR if you are going to dump LSASS.exe
.
Run the executable
.\procDump.exe <PID>
and the created DUMP file will be in the same directory of the tool.
This tool has been tested on Windows 10 and Windows 11.
Below is a screenshot from parsing the extracted lsass.exe
process memory dump of Windows 11 using Mimikatz
Planning to enahnce it to make it exfilterate the extracted process memory dump to evade touching the disk or creating any files.
MIT