folta
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Wincheck is a tool that inspects undocumented or not enough documented Windows internal structures. Note that Wincheck is NOT an anti rootkit (ARK) software. Also it does NOT support disinfection or automatic analysis. Mainly because many offiical commercial products also set lots of hooks in system and full list of such hooks don`t exists There are several reasons why I wrote this tool 1) Many existing commercial and free ARK tools can't display or check multiple important Windows structures that modern rootkits use 2) There is an option to check these structures using WinDbg (with pykd perhaps) and a bunch of different scripts. But this requires additional steps while I was looking for a tool that can be easily started without any installation (from a flash drive, for example). Moreover WinDbg is not very useful without symbols available and symbols can be missing on suspicious system if network support doesn't work. Wincheck does not use symbols and it detects addresses and functions with static code analysis only. 3) hard NIH syndrome ...почитать весь wincheck doc скачать wincheck rc8.16 зеркало | Всего записей: 1177 | Зарегистр. 24-11-2010 | Отправлено: 18:31 28-05-2012 | Исправлено: folta, 20:32 28-05-2012 |
|