Wincheck is a tool that inspects undocumented or not enough documented Windows
internal structures. Note that Wincheck is NOT an anti rootkit (ARK) software. Also it
does NOT support disinfection or automatic analysis. Mainly because many offiical
commercial products also set lots of hooks in system and full list of such hooks don`t
exists
There are several reasons why I wrote this tool
1) Many existing commercial and free ARK tools can't display or check multiple
important Windows structures that modern rootkits use
2) There is an option to check these structures using WinDbg (with pykd perhaps) and
a bunch of different scripts. But this requires additional steps while I was looking for a
tool that can be easily started without any installation (from a flash drive, for example). Moreover WinDbg is not very useful without symbols available and symbols can be
missing on suspicious system if network support doesn't work. Wincheck does not use
symbols and it detects addresses and functions with static code analysis only.
3) hard NIH syndrome
...почитать весь wincheck doc
скачать wincheck rc8.16
зеркало
internal structures. Note that Wincheck is NOT an anti rootkit (ARK) software. Also it
does NOT support disinfection or automatic analysis. Mainly because many offiical
commercial products also set lots of hooks in system and full list of such hooks don`t
exists
There are several reasons why I wrote this tool
1) Many existing commercial and free ARK tools can't display or check multiple
important Windows structures that modern rootkits use
2) There is an option to check these structures using WinDbg (with pykd perhaps) and
a bunch of different scripts. But this requires additional steps while I was looking for a
tool that can be easily started without any installation (from a flash drive, for example). Moreover WinDbg is not very useful without symbols available and symbols can be
missing on suspicious system if network support doesn't work. Wincheck does not use
symbols and it detects addresses and functions with static code analysis only.
3) hard NIH syndrome
...почитать весь wincheck doc
скачать wincheck rc8.16
зеркало