Simple Program to dump any process using the process ID, as it will search in running process on the system to find the targeted process and once found, it will dump it and save the dump with the process excutable name with adding .dmp as the dump extention.
This program uses MiniDumpWriteDump windows function to dump the process, so even if the Task Manager is disabled, you still can dump the memory of any process.
This tool is created to evade using any known malicious tool such as Mimikatz or even the known ProcDumper tool, as if it was identified by its hash to be prvented from being used to dump the process memory, so you can still dump the memeory of any targeted running process.
The main purpose of this tool is to dump LSASS process to be pared offline using Mimikatz.
Open cmd or powershell as ADMINSITRATOR if you are going to dump LSASS.exe.
Run the executable
.\procDump.exe <PID>
and the created DUMP file will be in the same directory of the tool.
This tool has been tested on Windows 10 and Windows 11.
Below is a screenshot from parsing the extracted lsass.exe process memory dump of Windows 11 using Mimikatz
Planning to enahnce it to make it exfilterate the extracted process memory dump to evade touching the disk or creating any files.
MIT