WinGows kernel backup tool

Go

Problem

Have u ever experienced this:

Error in IDA related to permission issue

and didn’t want to launch your favourite tool with admin rights?

Solution

Say no more!

With this tool you can specify needed files via toml config file, or all if needed.

Requirements

  • Go

Result

Result

Configuration

System32_files_to_dump = [
    "ntoskrnl.exe",
    "win32k.sys",
    "ntdll.dll"
]


# If u want to backup all valid modules from directory, place a single "*"
System32Drivers_files_to_dump = [
    "*"
]


# Otherwise it logs every copied file
Silent = true

Usage

Terminal window
git clone https://github.com/shv187/winGows_kernel_backuper.git
cd winGows_kernel_backuper
# change config.toml to your needs
go run .

TODO

  • Rename It
  • Restructurize dump layout
  • Dump only these files that had changed since the last dump
  • [unlikely] Add an option to install it, add it to PATH and dump to some user defined directory instead of relative /dumps for actual QoL