Hi folks,
in case you missed this great release of WinDbg extensions for rootkit detection by swwwolf. Open source!
in case you missed this great release of WinDbg extensions for rootkit detection by swwwolf. Open source!
WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy.Project site: https://github.com/swwwolf/wdbgark
Malware Reversing
http://www.malware-reversing.com
http://www.malware-reversing.com
