Tuluka Kernel Inspector

[avsdeg]

Совсем новый антируткит (первая публичная бета версия вышла в августе).

Возможности:

-Detects hidden processes, drivers and devices
-Detects IRP hooks
-Identifies the substitution of certain fields in DRIVER_OBJECT structure
-Checks driver signatures
-Detects and restores SSDT hooks
-Detects suspicious descriptors in GDT
-IDT hook detection
-SYSENTER hook detection
-Displays list of system threads and allows you to suspend them
-IAT and Inline hook detection
-Shows the actual values of the debug registers, even if reading these registers is controlled by someone
-Allows you to find the system module by the address within this module
-Allows you to display contents of kernel memory and save it to disk
-Allows you to dump kernel drivers and main modules of all processes
-Allows you to terminate any process
-Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
-Allows to build the stack for selected device
-Much more..

Поддерживаемые системы:

Windows XP SP0 SP1 SP2 SP3
Windows Server 2003 SP0 SP1 SP2 R2
Windows Vista SP0 SP1 SP2
Windows Server 2008 SP0 SP1 SP2
Windows 7 SP0 SP1

Текущая версия - Tuluka v1.0.394.77.

- Improved detection of processes, drivers and threads
- Added buttons "Find stealth processes" and "Find stealth drivers"
- Improved stability

Интерфейс: Английский, Русский.

Сайт: http://www.tuluka.org/index.html

Скачать: http://www.tuluka.org/tlk/Tuluka_v1.0.394.77.zip



Источник: http://www.kernelmode.info/forum/vie...php?f=11&t=252

[tar]

серьезный инструмент, Дизассемблирует - не для моего мозга