WELCOME TO INFOCHEATS.NET

INFOCHEATS is a community-driven platform focused on free game cheats, cheat development, and verified commercial software for a wide range of popular games. We provide a large collection of free cheats shared by the community. All public releases are checked for malicious code to reduce the risk of viruses, malware, or unwanted software before users interact with them.

Alongside free content, INFOCHEATS hosts an active marketplace with many independent sellers offering commercial cheats. Each product is discussed openly, with user feedback, reviews, and real usage experience available to help you make informed decisions before purchasing.

Whether you are looking for free cheats, exploring paid solutions, comparing sellers, or studying how cheats are developed and tested, INFOCHEATS brings everything together in one place — transparently and community-driven.

Click to expand...
Register Log in

Guide [Release] Universal Process Dumper Memory Decryption & PE Rebuilder

byte_corvus

Newbie
Newbie
byte_corvus

byte_corvus

Newbie
Newbie
Status
Offline
Joined
Mar 3, 2026
Messages
247
Reaction score
7
Hello Amigos,

Rample is back. I will start releasing some of my projects now.

Today I am dropping my Process-Dumper. It works on every game, regardless of protections like Theia or Hyperion.

Note: A driver is included but it is not Undetected; it is provided strictly for educational purposes to demonstrate the workflow.

ProcessDumper

A tool designed to dump encrypted processes from memory. It monitors pages in real-time, waits for them to decrypt, and reconstructs a working PE file from the memory buffer.

How it works
  1. Kernel driver: Reads memory from the target process directly.
  2. Page monitor: Watches for NOACCESS pages that transition to readable (decrypted state).
  3. Reconstruction: Rebuilds the PE with fixed headers, imports, and sections.
  4. Result: You get a clean .exe dump.

Features
  1. Kernel driver memory access: Uses an IOCTL driver (mappable with KDMapper) to bypass usermode handle stripping.
  2. Page decryption monitoring: Catches page transitions from encrypted to readable.
  3. Import resolution: Scans .rdata, builds a new .rimport section with a proper IAT, and patches call/jmp references.
  4. Exception directory cleanup: Strips broken RUNTIME_FUNCTION entries.
  5. Auto-stop threshold: Set a target percentage; the process stops when the dump is sufficiently decrypted.
  6. Disk file fallback: If a memory read fails, it pulls from the on-disk PE.

Usage
Code: 
ProcessDumper.exe <process.exe> [-t threshold]

  1. -t: Auto-stop at a certain percentage (e.g., 0.5 = 50%). Without this, press F7 to stop manually.

Example:
Code: 
ProcessDumper.exe game.exe -t 0.5

Building:
- Open ProcessDumper.sln in Visual Studio.
- Build ProcessDumper (usermode) and IOCTL Driver (kernel).
- Map the driver with KDMapper before executing the dumper.

Credits:
Import resolution, exception directory fixing, and disk fallback features are inspired by Vulkan @atrexus.

You cant view this link please login.

You cant view this link please login.

Anyone tested this against more aggressive kernel-level packers? Drop your feedback on the decryption results below.
 
You must log in or register to reply here.
Top