[Libertad]

Tuluka is a new powerful AntiRootkit, which has the following features:

-Detects hidden processes, drivers and devices
-Detects IRP hooks
-Identifies the substitution of certain fields in DRIVER_OBJECT structure
-Checks driver signatures
-Detects and restores SSDT hooks
-Detects suspicious descriptors in GDT
-IDT hook detection
-SYSENTER hook detection
-Displays list of system threads and allows you to suspend them
-IAT and Inline hook detection
-Shows the actual values of the debug registers, even if reading these registers is controlled by someone
-Allows you to find the system module by the address within this module
-Allows you to display contents of kernel memory and save it to disk
-Allows you to dump kernel drivers and main modules of all processes
-Allows you to terminate any process
-Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
-Allows to build the stack for selected device
-Much more..

http://tuluka.justfree.com
http://depositfiles.com/files/mrv3mx3ru

MD5: c1681611dabbc8543fd52bd5213c5329 (exe file)
SHA-1: 7a4010b8d227ef58124d1bb6a74eaef0d55feb0d (exe file)

[EP_X0FF]

Hello,

thank you for tool.

Your tool added to antirootkits list here http://www.kernelmode.info/forum/viewto ... 10&start=0

Can we mirror it here?

Regards.

[Alex]

I've just tested Tuluka kernel inspector with few old demo rootkits (RKDemo 1.1, RKDemo 1.2 and phide_ex) and with TDL3.

RKDemo 1.1
process - not detected
driver - not detected

RKDemo 1.2
process - not detected
driver - not detected

phide_ex
process - not detected
driver - not detected

TDL3




Alex

[Libertad]

Hello,

thank you for tool.

Your tool added to antirootkits list here http://www.kernelmode.info/forum/viewto ... 10&start=0

Can we mirror it here?

Regards.

Yes of course, you can mirror it here

[Libertad]

To Alex:
Thanks for your test!
I hope that I will soon fix bug with RKDemo 1.1, RKDemo 1.2 and phide_ex

[a_d_13]

Hello,

I have mirrored your software here:
http://www.kernelmode.info/ARKs/Tuluka_ ... 51beta.zip

Also, the "List of Antirootkits" has been updated to include a link to the mirror. When you release a new version, if you would like me to mirror it, post here :)

Thanks,
--AD

[__Genius__]

Could you please describe which languages did you use while writing this ARK ?
the GUI is pretty :). however it should detect rootkit's that alex mentioned .

regards .

[Libertad]

Hello,
I'm sorry that I could not reply earlier. I was cut off from civilization ...
The program is written in c ++ using QT library.

Libertad.

[CloneRanger]

@ Libertad

Hi, when will your ARK be out of beta ?

Maybe you've been cut off again, as i can't reach - http://tuluka.justfree.com

Come back soon :)

[Libertad]

Hi guys!

New Tuluka version released!
Changes:
- Improved detection of processes, drivers and threads
- Added buttons "Find stealth processes" and "Find stealth drivers"
- Improved stability

The site has been moved to http://www.tuluka.org

Libertad.