首页
社区
课程
招聘
[转帖]Kernel Detective v1.0 by GamingMaster/AT4RE
发表于: 2008-9-2 21:40 8420

[转帖]Kernel Detective v1.0 by GamingMaster/AT4RE

2008-9-2 21:40
8420
Form:EXEOOLS

Kernel Detective v1.0 by GamingMaster/AT4RE

Kernel Detective is a free tool that help you detect, analyze, manually modify and
fix some Windows NT kernel modifications. Kernel Detective gives you the access
to the kernel directly so it's not oriented for newbies. Changing essential kernel-
mode objects without enough knowledge will lead you to only one result, BSOD


With Kernel Detective you can:

Enumerate running processes and print important values like Process Id, Parent
Process Id, ImageBase, EntryPoint, VirtualSize, PEB block address and EPROCESS
block address. Kernel Detective also has special scan methods for detecting
hidden processes

Enumerate a specific running processe Dynamic-Link Libraries. Also show every Dll
ImageBase, EntryPoint, Size and Path .

Enumerate loaded kernel-mode drivers and show every driver ImageBase,
EntryPoint, Size, Name and Path. Also it has special methods for detecting hidden
drivers.

Scan the system service table (SSDT) and show every service function address
and the real function address. You can restore single service function address or
restore the whole table.

Scan the shadow system service table (Shadow SSDT) and show every shadow
service function address and the real function address. You can restore single
shadow service function address or restore the whole table

Scan the interrupts table (IDT) and show every interrupt handler offset, selector,
type, Attributes and real handler offset. This is applied to every processor in a
multi-processors machines.

Scan the important system kernel modules, detect the modifications in it's body
and analyze it. For now it can detect and restore inline code modifications, EAT
and IAT hooks. I'm looking for more other types of hooks next releases of Kernel
Detective.

A nice disassembler rely on OllyDbg disasm engine, thanks Oleh Yuschuk for
publishing the source code of your nice disasm engine . With it you can
disassemble, assemble and hex edit virtual memory of a specific process or even
the kernel space memory. Kernel Detective use it's own Read/Write routines from
kernel-mode and doesn't rely on any windows API. That make Kernel Detective
able to R/W processes VM even if NtReadProcessMemory/NtWriteProcessMemory
is hooked, also bypass the hooks on other kernel-mode important routines like
KeStackAttachProcess and KeAttachProcess


www.at4re.com/tools/Releases/GamingMasteR/Kernel_Detective_v1.0.zip

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 1
支持
分享
最新回复 (23)
雪    币: 97697
活跃值: (200829)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
2
本地备档一份.
上传的附件:
2008-9-2 21:41
0
雪    币: 13
活跃值: (72)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
umm.
what`s this?
as soon as double click it,
my windows xp sp2 suddenly dead,
at default, I DO NOTHING.
then BSOD?
2008-9-2 23:38
0
雪    币: 216
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
anti rootkit, sometimes hang
2008-10-23 02:12
0
雪    币: 427
活跃值: (412)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
这个真不错啊,扫描速度超快,比RKU与兵刃快多了。
2008-10-25 09:35
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
looks good, but crashes often at  one laptop
if try to read memory, sure tobe detected by np
2008-11-6 22:07
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
Kernel Detective v1.1


-Added : Hidden Handles Detection, show every handle's Object name and address + ability to close the handle.
-Improved : Processes Detection, new undocumented algorithms implemented.
-Improved : Drivers Detection, undocumented algorithms implemented.
-Improved : SSDT Hooks Detection, detection algorithm improved to bypass KeServiceDescriptorTable EAT/IAT hooks.
-Improved : User-space memory reader/writer and symbols decoder.
-Improved : Application GUI.
-Fixed : BSOD while driver initializing and most known bugs in version 1.0.


Download Link:
http://www.at4re.com/files/Tools/Releases/GamingMasteR/Kernel_Detective_v1.1.zip
2008-11-14 17:51
0
雪    币: 255
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
7楼已经失效,找不到有效链接。
2008-11-14 22:41
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
This is the working link :
http://www.at4re.com/files/Tools/Releases/GamingMasteR/Kernel_Detective_v1.1.zip
2008-11-15 09:52
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
还是打不开,网站挂了?
This Account Has Been Suspended
2008-11-15 22:23
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
RedEye 能不能传上来啊
2008-11-16 07:48
0
雪    币: 178
活跃值: (159)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
12
1.1的版本
上传的附件:
2008-11-16 18:51
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
谢谢,不过发现只能在我的虚拟机里用,不知是不是工作机有syser的原因
2008-11-28 09:28
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
14
@eyeblue:
Can't understand CN, google transtale says that it doesn't work on your real machine but works on VM ??

There's no restrictions on syser or any kernel debuggers ...
What error you get ? BSoD, system hang or Error Message ?
And what's your OS version ?

Thanks,
--GM
2008-11-29 22:09
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
15
Redeye: saw your message just now, the error message is:

Microsoft Visual C++ Runtime Library

Runtime Error!

Program: D:\WinNT\Desktop\Crack\Tools\Kernel Detective.exe

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
2008-12-21 20:33
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
16
after click OK, another messagebox say:

应用程序发生异常 unknown software exception (0x40000015),位置为 0x01004a31。

要终止程序,请单击“确定”。
要调试程序,请单击“取消”。
2008-12-21 20:34
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
17
It's fine in my winxp inside vmware, but failed at my laptop always,
MY laptop OS is win2003 sp2 standard Chinese edition

when I run 1.0, only one messagebox say:

Error while initializing the driver !
2008-12-21 20:38
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
18
Only supported OS is winxp/vista 6000 .
this error seems to accure because of the packer ... i'll change it to UPX next version .

Thanks for support,
--GM
2008-12-21 23:46
0
雪    币: 97697
活跃值: (200829)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
19
RedEye Good ,Thanks.
2008-12-22 00:01
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
20
Kernel Detective v1.2

[+] Now Support Vista Service Pack 1 (Build 6001) .
[+] Added Hidden/Suspicious Threads Detection .
[+] Added Smart Process Termination Technique .

  •  Improved Handles Detection .

  •  Improved Processes Detection .

  •  Improved Drivers Detection .

  •  Improved User-mode Memory Reader On Vista .
  • [!] Fixed bug in IAT Hooks Detection .


    Download Link:
    http://www.at4re.com/files/Tools/Releases/GamingMasteR/Kernel_Detective_v1.2.zip
    2009-1-20 20:56
    0
    雪    币: 97697
    活跃值: (200829)
    能力值: (RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    21
    RedEye:AGAIN .

    Thanks.
    2009-1-21 00:46
    0
    雪    币: 1407
    活跃值: (17)
    能力值: ( LV2,RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    22
    一点extended scan就蓝了
    process地址项显示似乎也不全
    2009-1-25 22:08
    0
    雪    币: 200
    活跃值: (10)
    能力值: ( LV2,RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    23
    Kernel Detective v1.3 by GamingMaster/AT4RE
    http://bbs.pediy.com/showthread.php?t=91971
    2009-6-21 04:53
    0
    雪    币: 97697
    活跃值: (200829)
    能力值: (RANK:10 )
    在线值:
    发帖
    回帖
    粉丝
    24
    Thanks.

    本地备档一份.
    上传的附件:
    2009-6-22 00:44
    0
    游客
    登录 | 注册 方可回帖
    返回
    //