Tuluka is very effective tool for professionals who need to find malicious programs in system.
Tuluka is a new powerful AntiRootkit, which has the following features:
# - Detects hidden processes, drivers and devices
# - Detects IRP hooks
# - Identifies the substitution of certain fields in DRIVER_OBJECT structure
# - Checks driver signatures
# - Detects and restores SSDT hooks
# - Detects suspicious descriptors in GDT
# - IDT hook detection
# - SYSENTER hook detection
# - Displays list of system threads and allows you to suspend them
# - IAT and Inline hook detection
# - Shows the actual values of the debug registers, even if reading these registers is controlled by someone
# - Allows you to find the system module by the address within this module
# - Allows you to display contents of kernel memory and save it to disk
# - Allows you to dump kernel drivers and main modules of all processes
# - Allows you to terminate any process
# - Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads
# - Allows to build the stack for selected device
Download Tuluka kernel inspector v1.0.394.77
http://www.tuluka.org/Download.html
Nenhum comentário:
Postar um comentário
Observação: somente um membro deste blog pode postar um comentário.