New Security Tool Released
-
- Posts: 109
- Joined: Thu Dec 30, 2004 9:59 pm
- Location: UK
Much more effective than DBS's new tool, update from HookShark, forget the name now.
He mainly released that tool to help detect loaded modules, also with options to erase ldr entry for specific usage, but with the new tool (DebugHook i think) it has many more options and routines.
I hope you continue to update and improve this tool, cheers!
EDIT: Actually it did recognise trace of my driver
He mainly released that tool to help detect loaded modules, also with options to erase ldr entry for specific usage, but with the new tool (DebugHook i think) it has many more options and routines.
I hope you continue to update and improve this tool, cheers!
EDIT: Actually it did recognise trace of my driver
aiwnjoo,
Even modules with zeroed out PE headers and ldr entries can still be detected by kX-Ray (module base, size and module name). Once the DLL is completely erased from the PEB kX-Ray resolves the filename through undocumented kernel mode techniques. This is exactly what kX-Ray does if you hide a module. Click the process under "Active Processes" where the hidden module resides and then right-click the process and click "Hidden Modules" in the popup menu. Any hidden module will be listed in black.
--Iconic
Even modules with zeroed out PE headers and ldr entries can still be detected by kX-Ray (module base, size and module name). Once the DLL is completely erased from the PEB kX-Ray resolves the filename through undocumented kernel mode techniques. This is exactly what kX-Ray does if you hide a module. Click the process under "Active Processes" where the hidden module resides and then right-click the process and click "Hidden Modules" in the popup menu. Any hidden module will be listed in black.
--Iconic
kX-Ray v1.0 build 98 32-bit XP-Only Available
Download:kX-Ray v1.0 build 98 beta
=========================
-Ring-3 Api Hooks Scanning Improved
-Moderate Code Optimizations
|3 /^ () ( |<
http://bugczech.fu8.com/bin/kX-Ray_v1.0 ... 2_beta.zip
--Iconic