{"id":18330016,"url":"https://github.com/atrexus/vulkan","last_synced_at":"2025-04-06T01:32:52.425Z","repository":{"id":255769318,"uuid":"850538356","full_name":"atrexus/vulkan","owner":"atrexus","description":"A PE dumper for processes protected by user mode anti-tamper solutions (hyperion, theia, etc.)","archived":false,"fork":false,"pushed_at":"2024-09-08T20:09:50.000Z","size":56,"stargazers_count":26,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-09-09T03:12:06.672Z","etag":null,"topics":["dumper","roblox","thefinals","windows","x64"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atrexus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-01T04:11:11.000Z","updated_at":"2024-09-08T20:04:41.000Z","dependencies_parsed_at":"2024-09-07T03:11:09.973Z","dependency_job_id":"2087041a-fefe-4a9c-9259-889817cf8150","html_url":"https://github.com/atrexus/vulkan","commit_stats":null,"previous_names":["atrexus/vulkan"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atrexus%2Fvulkan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atrexus%2Fvulkan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atrexus%2Fvulkan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atrexus%2Fvulkan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atrexus","download_url":"https://codeload.github.com/atrexus/vulkan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247423464,"owners_count":20936621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dumper","roblox","thefinals","windows","x64"],"created_at":"2024-11-05T19:19:34.367Z","updated_at":"2025-04-06T01:32:52.407Z","avatar_url":"https://github.com/atrexus.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vulkan\n\nVulkan restores PE images by dumping them from memory. It was specifically designed for processes protected by dynamic code encryption, implemented by the [hyperion](https://roblox.fandom.com/wiki/Hyperion) and [theia](https://reversingthread.info/index.php/2024/01/10/the-finals-defeating-theia-packer/) anti-tamper solutions. Vulkan can also dump regular images from memory as well as modules loaded by a process.\n\nVulkan has been tested on [Roblox](https://roblox.com) and [The Finals](https://www.reachthefinals.com/).\n\n## How to use\n\nAfter downloading the latest version from the [releases](https://github.com/atrexus/vulkan/releases) tab, you can run it from the command line like so:\n\n```\nvulkan.exe -p \u003cTARGET_PROCESS\u003e -o \u003cOUTPUT_FILE\u003e --resolve-imports\n```\n\nIf no output file is specified, the file will be saved to the current working directory.\n\nTo view the help message use the `-h` or `--help` option.\n\n### Decryption\n\nAs mentioned, Vulkan will continue to query pages of code in the target module untill all `NOACCESS` pages are resolved. Depending on the application, there might always be `NOACCESS` pages so decryption could end in an infinite loop. To terminate the decryption task, you can use the `Ctrl+C` keyboard shortcut (for best results wait until 50% of the module is decrypted).\n\nIf you would like to automate termination, you can use the `-d` or `--decryption-factor` option, and provide it with a threshold ranging from `0.0` to `1.0` (again, for best results provide a value of `0.5` or above):\n```\nvulkan.exe -p \u003cTARGET_PROCESS\u003e --decryption-factor 0.5\n```\n\n### Imports\n\nTo resolve imports for the main module, you can use the `i` or `--resolve-imports` flag. This will locate the custom IAT and restore the import directory in a new section. This may take a while, depending on how many pages were decrypted. This will have no effect on any modules other than the main one:\n```\nvulkan.exe -p \u003cTARGET_PROCESS\u003e --resolve-imports\n```\n\n## Contributing\n\nIf you have anything to contribute to this project, please send a pull request, and I will review it. If you want to contribute but are unsure what to do, check out the [issues](https://github.com/atrexus/vulkan/issues) tab for the latest stuff I need help with.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatrexus%2Fvulkan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatrexus%2Fvulkan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatrexus%2Fvulkan/lists"}