Skip to content
/ taskmgr_hooking Public

Dump LSASS process in Task Manager without triggering Defender.

18 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

djackreuter/taskmgr_hooking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
taskmgr_hooking
taskmgr_hooking
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
taskmgr_hooking.sln
taskmgr_hooking.sln
 
 

Repository files navigation

taskmgr_hooking

Dump LSASS process in Task Manager without triggering Defender.

Hooks API calls

RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlDosPathNameToRelativeNtPathName_U
RtlDosPathNameToRelativeNtPathName_U_WithStatus
SetDlgItemTextW

And changes the file path from C:\Users\<username>\AppData\Local\Temp\lsass.DMP to what ever you specify in the newStr variable.

Update newStr with the new path you want, and update the username in the matchStr variable.

Compiles to a DLL that you can inject into Taskmgr.exe

image

About

Dump LSASS process in Task Manager without triggering Defender.

Resources

Readme
Activity

Stars

18 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages