New Security Tool Released

just write whatever you want

Postby aiwnjoo » Wed Aug 19, 2009 2:25 pm

Weird, it found my proxy hook, but not the actual hook that was streamed. This tool helps me out a lot.
aiwnjoo
 
Posts: 52
Joined: Tue Mar 06, 2007 1:06 pm

Postby jonny_valentine » Tue Aug 25, 2009 12:50 pm

Iconic... amazing tool, very impressed :)
jonny_valentine
 
Posts: 108
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

Postby iconic » Sat Aug 29, 2009 4:52 am

Thanks,

I only plan to make it much better and more accurate in detections. Thanks for the positive feedback.

--Iconic
iconic
 
Posts: 844
Joined: Wed Jun 08, 2005 5:08 am

Postby aiwnjoo » Wed Sep 02, 2009 7:57 am

Much more effective than DBS's new tool, update from HookShark, forget the name now.

He mainly released that tool to help detect loaded modules, also with options to erase ldr entry for specific usage, but with the new tool (DebugHook i think) it has many more options and routines.

I hope you continue to update and improve this tool, cheers!

EDIT: Actually it did recognise trace of my driver :(
aiwnjoo
 
Posts: 52
Joined: Tue Mar 06, 2007 1:06 pm

Postby iconic » Wed Sep 02, 2009 10:04 pm

aiwnjoo,

Even modules with zeroed out PE headers and ldr entries can still be detected by kX-Ray (module base, size and module name). Once the DLL is completely erased from the PEB kX-Ray resolves the filename through undocumented kernel mode techniques. This is exactly what kX-Ray does if you hide a module. Click the process under "Active Processes" where the hidden module resides and then right-click the process and click "Hidden Modules" in the popup menu. Any hidden module will be listed in black.

--Iconic
iconic
 
Posts: 844
Joined: Wed Jun 08, 2005 5:08 am

kX-Ray v1.0 build 98 32-bit XP-Only Available

Postby iconic » Thu Sep 03, 2009 7:21 am

kX-Ray v1.0 build 98 beta
=========================

-Ring-3 Api Hooks Scanning Improved
-Moderate Code Optimizations

|3 /^ () ( |<


Download:
http://bugczech.fu8.com/bin/kX-Ray_v1.0 ... 2_beta.zip

--Iconic
iconic
 
Posts: 844
Joined: Wed Jun 08, 2005 5:08 am

Postby aiwnjoo » Mon Sep 07, 2009 8:57 am

do you have email access as i cant pm you?
aiwnjoo
 
Posts: 52
Joined: Tue Mar 06, 2007 1:06 pm

Postby iconic » Wed Sep 09, 2009 7:11 am

bindshell <at> gmail <dot> com
iconic
 
Posts: 844
Joined: Wed Jun 08, 2005 5:08 am

Previous

Return to fun talk

Who is online

Users browsing this forum: No registered users and 2 guests