2011년 2월 3일 목요일

Anti-Rootkit Tool : Tuluka kernel inspector v1.0.394.77 released

Tuluka kernel inspector는 강력한? AntiRootkit 입니다. Rootkit 이란? - http://ko.wikipedia.org/wiki/루트킷
홈페이지 : http://www.tuluka.org/index.html

다운로드 : http://www.tuluka.org/tlk/Tuluka_v1.0.394.77.zip

예) TDL3 탐지 및 제거 : http://www.rootkit.com/newsread.php?newsid=1217

Tuluka is a new powerful AntiRootkit, which has the following features:
  • Detects hidden processes, drivers and devices
  • Detects IRP hooks
  • Identifies the substitution of certain fields in DRIVER_OBJECT structure
  • Checks driver signatures
  • Detects and restores SSDT hooks
  • Detects suspicious descriptors in GDT
  • IDT hook detection
  • SYSENTER hook detection
  • Displays list of system threads and allows you to suspend them
  • IAT and Inline hook detection
  • Shows the actual values of the debug registers, even if reading these registers is controlled by someone
  • Allows you to find the system module by the address within this module
  • Allows you to display contents of kernel memory and save it to disk
  • Allows you to dump kernel drivers and main modules of all processes
  • Allows you to terminate any process
  • Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
  • Allows to build the stack for selected device
  • Much more..


댓글 없음:

댓글 쓰기