A customizable process dumper.

• Both x86 and x64
• Dump:
  • Processes
  • Modules
  • Memory
  • Drivers
• PE Rebuild
• Switch memory sources

• Simple and intuitive design

• Custom locations

• Sortable lists

• Keyboard shortcuts

• Customizable GUI

• Dark mode

First of all, there's not really a public driver dumper, so you either had to rely on other people dumping them for you or write a dumper yourself. However, to be able to dump drivers, you need to have a kernel mode driver. It can be really annnoying if you just want to dump a simple process, if you have to load your driver beforehand.

Of course there's tools which only dump processes with/without a kernel driver, but you'd need to install like 3 different programs just to be prepared for all situations.

With Nemesis, you can simply switch memory sources with a single mouse click and use whatever you need. This does not only save you some time, but also a lot of disk space.

If you want to dump it with physical memory or via a hypervisor? Simply add a new memory source and you are good to go.

Nemesis is also available as a dump library. If you want to implement a dumper, but don't want to mess with low level stuff, simply load the dll and use the following imports.

• SetConfigValueExport

• GetConfigValueExport

• GetDriverListElementExport

• SaveDriverInformationExport

• DumpProcessExport

• DumpModuleExport

• DumpMemoryExport

• DumpDriverExport

• GetMemorySourcesExport

• GetProcessListElementExport

• GetModuleListElementExport

• GetManualModuleListElementExport

• GetMemoryListElementExport

CTRL+D - Dump the selected process or driver

CTRL+R - Refresh the process and driver list

CTRL+ALT+S - Open the settings

Use at your own risk. It might destroy the Earth.

• https://github.com/NtQuery/Scylla/
• https://github.com/EquiFox/KsDumper
• https://www.unknowncheats.me/
• https://stackoverflow.com
• https://msdn.com