火星信息安全研究院BootKit http://www.h4ck.org.cn Hack-Crack 信息安全 【Institute Of Information Serurity From Mars】 Sat, 04 Feb 2012 13:59:16 +0000 en hourly 1 http://wordpress.org/?v= Tuluka v1.0.394.77 http://www.h4ck.org.cn/2011/02/tuluka-v1-0-394-77/ http://www.h4ck.org.cn/2011/02/tuluka-v1-0-394-77/#comments Thu, 17 Feb 2011 04:40:37 +0000 obaby http://www.h4ck.org.cn/?p=2513

Click here to download it~

Tuluka is a new powerful AntiRootkit, which has the following features:
Detects hidden processes, drivers and devices
Detects IRP hooks
Identifies the substitution of certain fields in DRIVER_OBJECT structure
Checks driver signatures

Detects and restores SSDT hooks
Detects suspicious descriptors in GDT
IDT hook detection
SYSENTER hook detection
Displays list of system threads and allows you to suspend them
IAT and Inline hook detection
Shows the actual values of the debug registers, even if reading these registers is controlled by someone
Allows you to find the system module by the address within this module
Allows you to display contents of kernel memory and save it to disk
Allows you to dump kernel drivers and main modules of all processes
Allows you to terminate any process
Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
Allows to build the stack for selected device
Much more..

Tuluka 是一个新的、功能强大的反rootkit工具。

Tuluka is tested on the following operating systems(32-bit):

Windows XP SP0 SP1 SP2 SP3
Windows Server 2003 SP0 SP1 SP2 R2
Windows Vista SP0 SP1 SP2
Windows Server 2008 SP0 SP1 SP2
Windows 7 SP0 SP1

Work on other versions of the operating system is not guaranteed.
You use this software at your own risk. The author makes no warranty.

它具有如下特色:

检测隐藏进程,驱动和设备(Detects hidden processes, drivers and devices)

检测IRP HOOK(Detects IRP hooks)

鉴别DRIVER_OBJECT结构中被替换的项(Identifies the substitution of certain fields in DRIVER_OBJECT structure)

检查驱动签名(Checks driver signatures)

检测和恢复 SSDT HOOK(Detects and restores SSDT hooks)

检测全局描述符表中的恶意描述符(Detects suspicious descriptors in GDT)

IDT HOOK检测(IDT hook detection)

SYSENTER hook 检测(SYSENTER hook detection)

显示列举系统中的所有线程并允许你终止它们(Displays list of system threads and allows you to suspend them)

IAT和 Inline hook检测 (IAT and Inline hook detection)

显示调试寄存器的值,即使这些寄存器正被人控制(Shows the actual values of the debug registers, even if reading these registers is controlled by someone)

可以通过地址找出模块中的系统模块地址(Allows you to find the system module by the address within this module)

可以显示内核内存的内容并可以将其保存至磁盘(Allows you to display contents of kernel memory and save it to disk)

可以dump内核驱动和所有进程的主要模块(Allows you to dump kernel drivers and main modules of all processes)

可以终止任何进程(Allows you to terminate any process)

相关文章

]]> http://www.h4ck.org.cn/2011/02/tuluka-v1-0-394-77/feed/ 2 Stoned BootKit http://www.h4ck.org.cn/2009/09/stoned-bootkit/ http://www.h4ck.org.cn/2009/09/stoned-bootkit/#comments Mon, 21 Sep 2009 02:59:15 +0000 obaby http://www.h4ck.org.cn/?p=173

相关文章

]]> http://www.h4ck.org.cn/2009/09/stoned-bootkit/feed/ 0