2011년 2월 3일 목요일

Anti-Rootkit Tool : Kernel Detective 1.4.1

Kernel Detective is a free tool that help you detect, analyze, manually modify and fix some Windows NT kernel modifications. Kernel Detective gives you the access to the kernel directly so it's not oriented for newbies. Changing essential kernel-mode objects without enough knowledge will lead you to only one result ... BSoD !

Woodmann에 소개된 Kernel Detective - http://goo.gl/jzyEI

Kernel Detective를 제작한 Arab Team 4 Reverse Engineering [AT4RE] 홈페이지 - http://www.at4re.com/news.php


기능 : Kernel Detective gives you the ability to :
1- Detect Hidden Processes.
3- Detect Hidden Threads.
2- Detect Hidden DLLs.
3- Detect Hidden Handles.
4- Detect Hidden Driver.
5- Detect Hooked SSDT.
6- Detect Hooked Shadow SSDT.
7- Detect Hooked IDT.
8- Detect Kernel-mode code modifications and hooks.
9- Disassemble (Read/Write) Kernel-mode/User-mode memory.
10- Monitor debug output on your system.
업데이트 날짜 : Wednesday 08 December 2010 - 16:38:33

업데이트 내역 : What's new in v1.4.1 :
- Fixed possible BSOD when scanning processes
- Fixed bug in callbacks scanning
- Enhanced showing files properties and signature verifying
- Skeleton SDK for VS2008 included

SHA-256 :
619E9AE64CC9DE82DD35CB3469D413E8C78A57EC8021B8450B 6EAD15526562D7



댓글 없음:

댓글 쓰기