25 April 2012

[Tool] Wincheck is a tool that inspects undocumented

Bài viết liên quan:

Wincheck is a tool that inspects undocumented or not less documented Windows internal structures. If you think that this is another anti-rootkit software and it supports disinfection or automatic analysis of rootkits, you are mistaken. However, it can help you with process anomaly detection, that makes it much more powerful than most of the “classical” anti-rootkits. Wincheck was built by the author because many existing commercial and free anti rootkit tools can’t display or check multiple important Windows structures that modern rootkits use. Since Wincheck does not use symbols and it detects addresses and functions with static code analysis only, you can easily check internal Windows structures. It uses unsigned driver so starting from Windows Vista it requires system boot with “Disable Driver Signature Enforcement” option (use F8 boot menu) and hence it has to be run with Administrator privileges. Wincheck can analyze kernel mode structures or user mode processes. Good news is that it works flawlessly on both 32-bit and 64-bit Windows platforms – right from Windows XP to the latest Windows 2008!

Google search:  Wincheck Rc14


Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))