A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #21445  by m5home
 Mon Nov 25, 2013 1:12 am
xanax wrote:i use FSPro Labs Hide Folders 2012 program to hide files and folders
Win64AST will see hidden files and folders but when i try to open hidden folder i get BSOD
also when i try copy hidden files to another location it say Operation finished! but nothing is copied
This bug is fixed now. No BSOD anymore.
You can operate file (such as copy/rename/delete) directly without any other steps.
New version will be released in these days.
 #21459  by xp5evr
 Tue Nov 26, 2013 2:47 pm
m5home wrote:2.I known, starting Win64AST is very slow, but I cannot solve this, because it depend on .NET4! .NET initialization use a lot of time, I cannot control this.
2.I known, starting Win64AST is very slow, but I cannot solve this, because it depend on .NET4! .NET initialization use a lot of time, I cannot control this.[/quote]
I saw your tool some time ago and it looks interesting but I noticed this. Out of sheer curiosity, why use .NET for any part of such a low level tool? Aside from just using Windows API, does it not seem that some of the C++ GUI frameworks would be suitable?
 #21481  by m5home
 Fri Nov 29, 2013 7:39 am
xp5evr wrote:I saw your tool some time ago and it looks interesting but I noticed this. Out of sheer curiosity, why use .NET for any part of such a low level tool? Aside from just using Windows API, does it not seem that some of the C++ GUI frameworks would be suitable?
WIN64AST is a free tool, no one give me a dollar, so I don't have time and wish to create a new GUI framework.
If some one give me 50,000 dollars, I will use VC to rewrite the GUI part. :lol:
 #21483  by m5home
 Fri Nov 29, 2013 7:52 am
WIN64AST 1.03B

Download URL: http://pan.baidu.com/s/1lCrjb
(If you do not have ID on this forum, you can download WIN64AST via this URL)

Functions:
1.Manage Process(include Module/Thread/Memory/Handle/Window)
2.View Kernel Module
3.View/Disconnect Net Connection
4.Enum/Restore SSDT and SHADOW SSDT
5.Scan/Clear User mode and Kernel mode Inline hook
6.View/Delete Message Hook
7.View/Restore Driver Dispatch Function
8.View/Restore Kernel Object Routine Function
9.View/Delete Callback & Notify
10.Enum/Delete IO Timer
11.Enum/Delete DPC Timer
12.Enum MiniFilter/Disable MiniFilter callback function
13.Enum/Remove Filter Driver
14.View/Backup/Restore/Repair MBR
15.Process Behavior Monitor
16.Edit(Disasm/Modify) Kernel Memory
17.Low-level File operation
18.Low-level Registry operation
19.Forbid create Process/File/RegKey/RegValue and forbid load driver
20.Check digital signature of file
21.Enum/Restore IDT
22.Enum GDT
23.Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
24.Scan/Clear User mode EAT/IAT Hook
25.View/Backup/Restore VBR
26.Simple Firewall
27.Enum/Delete SPI/BHO/IE Right-Click Menu
28.DLL/Driver Loader
29.Turn ON/OFF LKD and DSE dynamically(This function will trigger PatchGuard and lead to BSOD, designed for advanced users.)
30.Hide Process(This function will trigger PatchGuard and lead to BSOD, designed for advanced users.)
Attachments
(2.05 MiB) Downloaded 96 times
 #22273  by m5home
 Sat Feb 22, 2014 9:03 am
WIN64AST 1.04

Download URL: http://pan.baidu.com/s/1kT2YbnL
(If you do not have ID on this forum, you can download WIN64AST via this URL)

What is new?
1.Add: Enumerate/Delete Autoruns.
2.Add: Forbid write MBR and connect Internet.
3.Add: Scan suspicious driver image and crucial system file.
4.Fix: Some BSOD bugs.
Attachments
(1.4 MiB) Downloaded 97 times
 #23118  by m5home
 Sun Jun 15, 2014 11:07 am
KiFastCallEntry wrote:hey m5home, amazing project, i`d like to sugest you to change internet/firewall and add a feature to block a process id from accessing an specific remote port, that would be very useful, at least for me
OK. I will carefully consider your proposal.
 #23119  by m5home
 Sun Jun 15, 2014 11:17 am
WIN64AST 1.10 beta1

Download URL: http://pan.baidu.com/s/1dDkXEZB
(If you do not have ID on this forum, you can download WIN64AST via this URL)

What is new?
1.Fix: New UI(Less startup time), Some BSOD bugs.
2.Add: Enumerate WFP CALLOUT and WFP Driver.
3.Add: Display IRP dispatch function of any driver.
4.Add: Turn on LKD dynamically on WIN8/8.1.
5.Add: System important part scan.
6.Cancel: Hide Process.
new0.png
new0.png (38.42 KiB) Viewed 697 times
Attachments
(2.02 MiB) Downloaded 154 times
  • 1
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10