[a_d_13]

Hello,

Post copied from here:

NTBrain is a new Advanced Debugging Tools for Windows currently in beta version.

Key Features of NTBrain:
1. Tasks Scan - scans the system for processes, threads and libraries in real-time with user-mode code.
2. Context Monitor Catcher - catch context-switches needed in a determined time slice, with the possibility to plan filters on the number of switch to visualize or on the switches needed in the context of a determined process.
3. Wait Objects Scan - scan a determined process or thread to search of the objects for which these remain in undefined wait, besides it offers different possibilities to SOLVE this problem.
4. System Processes scan - scan the list of the active processes using kernel-mode code, allowing to notice and to remove the presence of hidden process in the system.
5. System Threads scan - scan the list of the active threads (with filters) using kernel-mode code, allowing to notice and to remove the presence of hidden thread in the system.
6. SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
7. SSDTS Scan - shows whether any of the functions in the System Service Descriptor Table Shadow (SSDTS) are hooked.
8. Object Types scan - shows all types of objects with which the operating system works showing for each of them if these are hooked.

Link: http://sites.google.com/site/metratonrk/

--Metraton

I will be testing it out later today.

Thanks,
--AD

[GamingMasteR]

#3 looks interesting ...
BSOD when viewing object types window .

[STRELiTZIA]

#3 looks interesting ...
BSOD when viewing object types window .

Hi GM ;)
Quick test (Objects Types tab), BSOD can not be reproduced on my tests (Win Xp SP3 and Win7)

Regards.

[GamingMasteR]

What about this :

1.PNG (65.61 KiB) Viewed 1107 times

???
I still have the minidump in case Metraton want it, I think he'll visit this thread soon :)

[MetratonRK]

What about this :

1.PNG

???
I still have the minidump in case Metraton want it, I think he'll visit this thread soon :)

Hi GM :) ,
can you send me the minidump? os version?

[GamingMasteR]

Hello Metraton :) ,
Check your PM.

[GamingMasteR]

I was informed by a_d_13 that NTBrain exits if it detects Kernel Detective presence, is there some reason for that ? :)

[EP_X0FF]

Hello,

What is the point of not allowing your tool work together with some other debuggers like OllyDbg/WinDBG/Syser? What are these incompatibilities, I would like to know them.

Beside from this what does ProcessOutOfMemory means if process present in memory?
What does affinity mask -1 means while it is DWORD?

Furthermore, why you banned KernelDetective/Syser/SoftIce in your driver? If this program oriented on reverser's/malware researchers then such strange stuff on board is really annoying because: most of banned debuggers are customized, so your FindWindow tricks will not work (aside from this they also patched against public debugger vulnerabilities like for example my Olly). So I do not understand the point. Why for comfort work I need to crack your program?

Regards.

[MetratonRK]

I was informed by a_d_13 that NTBrain exits if it detects Kernel Detective presence, is there some reason for that ? :)

Hi GM,
that control, I'd put in my very first version of the program and served for a mistake when I went to read his drivername. I will take it in the next version.

[MetratonRK]

Hello,

What is the point of not allowing your tool work together with some other debuggers like OllyDbg/WinDBG/Syser? What are these incompatibilities, I would like to know them.

Beside from this what does ProcessOutOfMemory means if process present in memory?
What does affinity mask -1 means while it is DWORD?

Furthermore, why you banned KernelDetective/Syser/SoftIce in your driver? If this program oriented on reverser's/malware researchers then such strange stuff on board is really annoying because: most of banned debuggers are customized, so your FindWindow tricks will not work (aside from this they also patched against public debugger vulnerabilities like for example my Olly). So I do not understand the point. Why for comfort work I need to crack your program?

Regards.

Hi EP,
the checks carried out on debuggers have been made for the same reason of Kernel Detective, but I will take it in the next version, is a forgetting. Obviously the FindWindow trick it was not for you :D .
So, a process is in state of "ProcessOutOfMemory" if the process ready list is empty.
affinity mask: the problem will be fixed in the next version, although the affinity mask should not be high or negative (excluding IdleThreads)

Thanks for feedback