KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

https://www.kernelmode.info/forum/viewtopic.php?f=11&t=1691

Page 1 of 10

[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

PostPosted:Wed Jun 06, 2012 1:29 am
by m5home
Win64AST is an ARK tool for WIN7X64/WIN8X64/WIN2008R2/WIN2012.
To use this tool, you need to setup .NET Framework 4.0 if your system is WIN7. Because the GUI of this tool is written by VB2010.

Functions:
Process Manager
Kernel Module Viewer
SSDT/SSSDT Viewer
Port Viewer
Force delete file
Forbid create Process/Thread/File/Key/ValueKey
More and more functions will be added in the future.

Publish page: http://www.m5home.com/bbs/thread-5154-1-1.html

Special thanks to: fyyre[DISABLE_PG_DS_V3]
11.jpg
11.jpg (239.36 KiB) Viewed 3072 times

Re: ARK for Win7x64 - Win64AST

PostPosted:Sat Jun 09, 2012 3:54 am
by EP_X0FF
Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.

Re: ARK for Win7x64 - Win64AST

PostPosted:Sat Jun 09, 2012 9:39 am
by m5home
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
Disable PG is not necessary.

If you do not use "Forbid Create XXX" options, you needn't disable PG.

Re: ARK for Win7x64 - Win64AST

PostPosted:Mon Sep 17, 2012 5:30 am
by m5home
NEW VERSION RELEASED[2012-09-16].
URL: http://pan.baidu.com/share/link?shareid ... 1915097229

Re: ARK for Win7x64 - Win64AST

PostPosted:Tue Sep 18, 2012 5:55 am
by frank_boldewin
m5home wrote:NEW VERSION RELEASED[2012-09-16].
URL: http://pan.baidu.com/share/link?shareid ... 1915097229
please attach your files here in the thread.

Re: ARK for Win7x64 - Win64AST

PostPosted:Tue Sep 18, 2012 2:43 pm
by m5home
frank_boldewin wrote:
m5home wrote:NEW VERSION RELEASED[2012-09-16].
URL: http://pan.baidu.com/share/link?shareid ... 1915097229
please attach your files here in the thread.
OK.

Re: ARK for Win7x64 - Win64AST

PostPosted:Sun Sep 23, 2012 1:47 pm
by m5home
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
In the new version of WIN64AST(1.00 BETA2), I use standard method to realize all functions, no use kernel hook.
So, "Disable PG" is not a requirement of use this tool.
But, you need to enable test signing mode, and sign the driver use "test signature"(Tool is in the attachment).

Re: ARK for Win7x64 - Win64AST

PostPosted:Sun Sep 23, 2012 1:48 pm
by m5home
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
Could you edit my thread, delete this line:
If you want to use this tool, you need to disable PatchGuard, because I use kernel hook to realize some functions.
And change the title:
ARK for WINDOWS x64 - WIN64AST

Re: ARK for Win7x64 - Win64AST

PostPosted:Sun Sep 23, 2012 3:55 pm
by a_d_13
m5home wrote:
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
Could you edit my thread, delete this line:
If you want to use this tool, you need to disable PatchGuard, because I use kernel hook to realize some functions.
And change the title:
ARK for WINDOWS x64 - WIN64AST
Done.

Thanks,
--AD

Re: ARK for WINDOWS x64 - WIN64AST

PostPosted:Sun Sep 23, 2012 7:09 pm
by frank_boldewin
it would be helpful, if the readme file in the attachment would be written in english, so everyone here can follow. ;)
All times are UTC
Page 1 of 10
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/