Tuluka Kernel Inspector

Совсем новый антируткит (первая публичная бета версия вышла в августе).

Возможности:
[quote]-Detects hidden processes, drivers and devices
-Detects IRP hooks
-Identifies the substitution of certain fields in DRIVER_OBJECT structure
-Checks driver signatures
-Detects and restores SSDT hooks
-Detects suspicious descriptors in GDT
-IDT hook detection
-SYSENTER hook detection
-Displays list of system threads and allows you to suspend them
-IAT and Inline hook detection
-Shows the actual values of the debug registers, even if reading these registers is controlled by someone
-Allows you to find the system module by the address within this module
-Allows you to display contents of kernel memory and save it to disk
-Allows you to dump kernel drivers and main modules of all processes
-Allows you to terminate any process
-Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
-Allows to build the stack for selected device
-Much more..[/quote]

Поддерживаемые системы:
[quote]Windows XP SP0 SP1 SP2 SP3
Windows Server 2003 SP0 SP1 SP2 R2
Windows Vista SP0 SP1 SP2
Windows Server 2008 SP0 SP1 SP2
Windows 7 SP0 SP1[/quote]

Текущая версия - Tuluka v1.0.394.77.

[quote]- Improved detection of processes, drivers and threads
- Added buttons "Find stealth processes" and "Find stealth drivers"
- Improved stability[/quote]

Интерфейс: Английский, Русский.

Сайт: [url]http://www.tuluka.org/index.html[/url]

Скачать: [url]http://www.tuluka.org/tlk/Tuluka_v1.0.394.77.zip[/url]

[URL=http://img813.imageshack.us/i/20101019023307.jpg/][IMG]http://img813.imageshack.us/img813/2750/20101019023307.th.jpg[/IMG][/URL]

Источник: [url]http://www.kernelmode.info/forum/viewtopic.php?f=11&t=252[/url]

серьезный инструмент, Дизассемблирует - не для моего мозга