A customizable process dumper.
Just select whatever you want (Process, Dll, Driver, ...) and click on the dump button. If it was successful, you can load the file into decompilers like IDA Pro, Ghidra or Binary Ninja. Some of these programs are available for free, but of course they won't be as good as the paid ones. Here's a short list of the different versions:
Paid:
Free:
Note: If you want another decompiler added, feel free to create a pull request or issue.
- Both x86 and x64
- Dump:
- Processes
- Modules
- Memory
- Drivers
- PE Rebuild
- Switch memory sources
-
Simple and intuitive design
-
Custom locations
-
Sortable lists
-
Keyboard shortcuts
-
Customizable GUI
-
Dark mode
First of all, there's not really a public driver dumper, so you either had to rely on other people dumping them for you or write a dumper yourself. However, to be able to dump drivers, you need to have a kernel mode driver. It can be really annnoying if you just want to dump a simple process, if you have to load your driver beforehand.
Of course there's tools which only dump processes with/without a kernel driver, but you'd need to install like 3 different programs just to be prepared for all situations.
With Nemesis, you can simply switch memory sources with a single mouse click and use whatever you need. This does not only save you some time, but also a lot of disk space.
If you want to dump it with physical memory or via a hypervisor? Simply add a new memory source and you are good to go.
Nemesis is also available as a dump library. If you want to implement a dumper, but don't want to mess with low level stuff, simply load the dll and use the following imports.
CTRL+D - Dump the selected process or driver
CTRL+R - Refresh the process and driver list
CTRL+ALT+S - Open the settings
Use at your own risk. It might destroy the Earth.
