Posted: Wed Aug 19, 2009 2:25 pm
Weird, it found my proxy hook, but not the actual hook that was streamed. This tool helps me out a lot.
Page 2 of 2
Posted: Tue Aug 25, 2009 12:50 pm
Iconic... amazing tool, very impressed
Posted: Sat Aug 29, 2009 4:52 am
Thanks,
I only plan to make it much better and more accurate in detections. Thanks for the positive feedback.
--Iconic
I only plan to make it much better and more accurate in detections. Thanks for the positive feedback.
--Iconic
Posted: Wed Sep 02, 2009 7:57 am
Much more effective than DBS's new tool, update from HookShark, forget the name now.
He mainly released that tool to help detect loaded modules, also with options to erase ldr entry for specific usage, but with the new tool (DebugHook i think) it has many more options and routines.
I hope you continue to update and improve this tool, cheers!
EDIT: Actually it did recognise trace of my driver
He mainly released that tool to help detect loaded modules, also with options to erase ldr entry for specific usage, but with the new tool (DebugHook i think) it has many more options and routines.
I hope you continue to update and improve this tool, cheers!
EDIT: Actually it did recognise trace of my driver
Posted: Wed Sep 02, 2009 10:04 pm
aiwnjoo,
Even modules with zeroed out PE headers and ldr entries can still be detected by kX-Ray (module base, size and module name). Once the DLL is completely erased from the PEB kX-Ray resolves the filename through undocumented kernel mode techniques. This is exactly what kX-Ray does if you hide a module. Click the process under "Active Processes" where the hidden module resides and then right-click the process and click "Hidden Modules" in the popup menu. Any hidden module will be listed in black.
--Iconic
Even modules with zeroed out PE headers and ldr entries can still be detected by kX-Ray (module base, size and module name). Once the DLL is completely erased from the PEB kX-Ray resolves the filename through undocumented kernel mode techniques. This is exactly what kX-Ray does if you hide a module. Click the process under "Active Processes" where the hidden module resides and then right-click the process and click "Hidden Modules" in the popup menu. Any hidden module will be listed in black.
--Iconic
kX-Ray v1.0 build 98 32-bit XP-Only Available
Posted: Thu Sep 03, 2009 7:21 am
Download:kX-Ray v1.0 build 98 beta
=========================
-Ring-3 Api Hooks Scanning Improved
-Moderate Code Optimizations
|3 /^ () ( |<
http://bugczech.fu8.com/bin/kX-Ray_v1.0 ... 2_beta.zip
--Iconic
Posted: Mon Sep 07, 2009 8:57 am
do you have email access as i cant pm you?
Posted: Wed Sep 09, 2009 7:11 am
bindshell <at> gmail <dot> com