You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just select whatever you want (Process, Dll, Driver, ...) and click on the dump button. If it was successful, you can load the file into decompilers like IDA Pro, Ghidra or Binary Ninja. Some of these programs are available for free, but of course they won't be as good as the paid ones. Here's a short list of the different versions:
Note: If you want another decompiler added, feel free to create a pull request or issue.
Features
General
Both x86 and x64
Dump:
Processes
Modules
Memory
Drivers
PE Rebuild
Switch memory sources
Application
Simple and intuitive design
Custom locations
Sortable lists
Keyboard shortcuts
Customizable GUI
Dark mode
Memory Sources
Problem
First of all, there's not really a public driver dumper, so you either had to rely on other people dumping them for you or write a dumper yourself. However, to be able to dump drivers, you need to have a kernel mode driver. It can be really annnoying if you just want to dump a simple process, if you have to load your driver beforehand.
Of course there's tools which only dump processes with/without a kernel driver, but you'd need to install like 3 different programs just to be prepared for all situations.
Solution
With Nemesis, you can simply switch memory sources with a single mouse click and use whatever you need. This does not only save you some time, but also a lot of disk space.
If you want to dump it with physical memory or via a hypervisor? Simply add a new memory source and you are good to go.
Exports
Nemesis is also available as a dump library. If you want to implement a dumper, but don't want to mess with low level stuff, simply load the dll and use the following imports.
