[GamingMasteR]

HookShark BETA 0.8

[DeepBlueSea]

I am sorry. But i have to clarify this.
Hookshark is no antirootkit

I see that my tool has been confused with antirootkits. Well it's not.
It is thought for analysing game hacks. Game hacks make many alterations and patches to a game, in very different manners. To look for things a hack might modify, i wrote hookshark.

Unlike other tools, it really compares every module byte by byte and shows relocation hooks. It scans EAT and IAT of EVERY module found. It looks for Hardware-Breakpoints set on Threads. It even detects manually mapped code, through searching intermodular calls and code references. (listed as red sections), which is popular in game hacks, because many anticheats will not search for hack-signatures in private memory rather than in mapped images, assuming Dll-Injection.

My newest version, which will be released September 1st, will also detect Hooks of virtual function methods, intermodular vtable redirections and if you set verbosity high, it will list all modified relocated pointers in data sections. This hasn't been done before.

http://img9.abload.de/img/wutuqmn.png
http://h-3.abload.de/img/vmethods0evy.png
http://img9.abload.de/img/vtablehooksqou2.jpg
http://h-3.abload.de/img/hsharkmh1y.jpg

Anyways. I just wanted to point out that HookShark has no self-defense, only operates in usermode, and is in no way a reliable source of rootkit detection.
==================================
EDIT: HookShark 0.9
http://rapidshare.com/files/416679944/H ... k.rar.html

[EP_X0FF]

This topic contains discussion moved from sticky topic List of Anti-Rootkits

[Meriadoc]

http://www.xuetr.com/?p=123
md5:9A166436137C913492B88BC274DE89BA

Direct link : http://www.xuetr.com/download/XueTr_Cmd.zip

[EP_X0FF]

Added to list of antirootkits, thanks.

[a_d_13]

Hello,

Due to rootkit.com being down for some time now, the following tools have been mirrored here:

• CsrWalker
• DarkSpy 1.05
• NIAP Rootkit Detect Tools
• Process Walker

Thanks,
--AD

[R136a1]

• ATool - http://www.antiy.net/download/atool.rar -> dead
• ATool (mirror) - http://www.kernelmode.info/ARKs/atool.rar
• Antivir Antirootkit - http://dl.antivir.de/down/windows/antivir_rootkit.zip
• Avast! Antirootkit - http://files.avast.com/files/beta/aswar.exe
• AVZ - http://www.z-oleg.com/secur/avz/download.php
• Catchme - http://www2.gmer.net/catchme.exe
• CodeWalker ARK - http://cmcinfosec.com/download/cmcark_cw0.2.4.500.rar
• CodeWalker ARK (mirror) - http://www.kernelmode.info/ARKs/cmcark_cw0.2.4.500.rar
• CsrWalker - http://www.rootkit.com/vault/DiabloNova/cwalker.rar -> dead
• CsrWalker (mirror) - http://www.kernelmode.info/ARKs/cwalker.rar
• DarkSpy 1.05 - http://www.rootkit.com/vault/cardmagic/ ... x2beta.rar -> dead
• DarkSpy 1.05 (mirror) - http://www.kernelmode.info/ARKs/DS105fix2beta.rar
• DeepMonitor - http://orkblutt.free.fr/DeepMonitor.exe
• Deep System Explorer (dead link) - http://diamondcs.com.au/downloads/dsesetup.exe
• Deep System Explorer (mirror) - http://www.kernelmode.info/ARKs/dsesetup.exe
• Dr. Web DwShark (mirror) - http://www.kernelmode.info/ARKs/DwShark.rar
• Dr. Web DwShark (newer version) (mirror) - http://www.kernelmode.info/ARKs/DrwShark.7z
• ESET SysInspector http://www.eset.eu/en/eset-sysinspector
• F-Secure Blacklight - ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
• Filter Monitor - http://ntcore.com/files/FilterMon.zip
• FindDll 2 (by Eric_71) - http://eric71.geekstogo.com/beta/FindDll2.exe
• FLISTER - http://www.invisiblethings.org/tools/flister.zip -> dead
• GMER - http://www2.gmer.net/gmer.zip
• Helios - http://helios.miel-labs.com/downloads/Helios.zip
• Helios Lite - http://helios.miel-labs.com/downloads/Helios-Lite.zip
• HiddenFinder - http://www.wenpoint.com/download/HiddenFinder_setup.exe
• Hook Analyzer - http://www.resplendence.com/download/hookanlz302.exe
• HookShark (dead link) - http://home.arcor.de/neotracer/HookShark.rar
• HookShark (mirror) - http://www.kernelmode.info/ARKs/HookShark.rar
• IceSword 1.22 (english) - http://mail.ustc.edu.cn/~jfpan/download ... d122en.zip
• IceSword 1.22 (english) (mirror) - http://www.kernelmode.info/ARKs/IceSword122en.zip
• Kernel Detective v1.3.1 - http://www.at4re.com/files/Tools/Releas ... v1.3.1.zip
• Kernel Detective v1.3.1 (mirror) - http://www.kernelmode.info/ARKs/Kernel_ ... v1.3.1.zip
• kX-Ray 1.0.0.102 - http://bugczech.fu8.com/bin/kX-Ray_v1.0 ... 2_beta.zip -> dead
• kX-Ray 1.0.0.102 (mirror) - http://www.kernelmode.info/ARKs/kX-Ray_ ... 2_beta.zip
• Mandiant Memoryze - http://fred.mandiant.com/MemoryzeSetup.msi
• McAfee Rootkit Detective - http://download.nai.com/products/mcafee ... ective.zip
• modGREPER - http://invisiblethings.org/tools/modGRE ... .3-bin.zip -> dead
• NIAP Rootkit Detect Tools - http://www.rootkit.com/vault/uty/NIAPAn ... tTools.rar -> dead
• NIAP Rootkit Detect Tools (mirror) - http://www.kernelmode.info/ARKs/NIAPAnt ... tTools.rar
• Panda Antirootkit - http://research.pandasecurity.com/blogs ... ootkit.zip
• Process Hunter - http://www.wasm.ru/baixado.php?mode=tool&id=359
• Process Walker - http://www.rootkit.com/vault/DiabloNova ... Walker.rar -> dead
• Process Walker (mirror) - http://www.kernelmode.info/ARKs/ProcessWalker.rar
• Radix - http://www.usec.at/downloads3/radix_installer.zip
• RegReveal - http://www.geocities.jp/kiskzo/regreveal_v10beta3.zip
• RootkitDetector - http://www.tarasco.org/security/Rootkit ... tector.zip
• Rootkit Unhooker 3.8 SR2 - http://www.kernelmode.info/ARKs/RkU3.8.389.593.rar
• Rootkit Revealer - http://download.sysinternals.com/Files/ ... vealer.zip
• RootQuest (dead link) - http://comsentry.com/files/RootQuest_v1.exe
• RootQuest (mirror) - http://www.kernelmode.info/ARKs/RootQuest_v1.rar
• RootRepeal - http://rootrepeal.googlepages.com/RootRepeal.rar
• Safe'n'Sec Personal Pro + Rootkit Detector - http://www.safensoft.com/sns/snsrd_eng.exe -> dead, redirects
• SafetyCheck 1.7 - http://yyuyao.googlepages.com/SafetyCheck1.7Beta.rar
• SanityCheck 2.00 - http://www.resplendence.com/download/sanitySetup.exe
• Sophos Antirootkit - http://www.sophos.com/products/free-too ... /download/
• Stealth MBR Rootkit Detector - http://www2.gmer.net/mbr/mbr.exe
• SysProt Antirootkit - http://sites.google.com/site/sysprotant ... ects=0&d=1
• SysReveal - http://www.sysreveal.com/download/SysReveal.zip
• TDSS Remover - http://www.esagelab.com/files/tdss_remover_latest.rar
• Tizer Rootkit Razor - http://www.tizersecure.com/freedownload ... 0Setup.msi -> dead
• TrendMicro RootkitBuster - http://www.trendmicro.com/ftp/products/ ... 0.1016.zip
• Tuluka Kernel Inspector - http://tuluka.justfree.com -> dead, new http://tuluka.org/tlk/Tuluka_v1.0.394.77.zip
• Tukula Kernel Inspector (mirror) - http://www.kernelmode.info/ARKs/Tuluka_ ... 51beta.zip
• VBA32 Antirootkit - ftp://anti-virus.by/pub/Vba32arkit.zip -> dead, new ftp://anti-virus.by/pub/vba32arkit.zip (small "v" -> vba32arkit.zip
• XueTr - http://xuetr.com/download/XueTr.zip
• XueTr CLI - http://www.xuetr.com/download/XueTr_Cmd.zip
• YasKit 1.223 - http://qzdx.kafan.cn/down1//AntiSpyWare ... t1.223.rar -> dead
• YasKit 1.223 (mirror) - http://www.kernelmode.info/ARKs/YasKit1.223.rar

64-bit Tools

• ESET SysInspector http://www.eset.eu/en/eset-sysinspector
• Sophos http://www.sophos.com/en-us/products/fr ... otkit.aspx
• TrueX64 (mirror) - http://www.kernelmode.info/ARKs/TrueX64.rar

New Tools

• Norton Power Eraser - http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe
• Avast! MBR Scanner - http://public.avast.com/~gmerek/aswMBR.htm -> successor of GMER mbr.exe

Feel free to delete my thread after update!

[EP_X0FF]

Thanks for verifying list. Main list updated with additions and corrections. Joanna/S'n'S tools are missing. If somebody interested please attach them for historical/museum purposes.

[Alex]

attached...

[Maxstar]

I don't see TDSSKiller from kaspersky in the list.
http://support.kaspersky.com/faq/?qid=208280684