A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #2535  by DeepBlueSea
 Mon Aug 30, 2010 8:15 pm
I am sorry. But i have to clarify this.
Hookshark is no antirootkit

I see that my tool has been confused with antirootkits. Well it's not.
It is thought for analysing game hacks. Game hacks make many alterations and patches to a game, in very different manners. To look for things a hack might modify, i wrote hookshark.

Unlike other tools, it really compares every module byte by byte and shows relocation hooks. It scans EAT and IAT of EVERY module found. It looks for Hardware-Breakpoints set on Threads. It even detects manually mapped code, through searching intermodular calls and code references. (listed as red sections), which is popular in game hacks, because many anticheats will not search for hack-signatures in private memory rather than in mapped images, assuming Dll-Injection.

My newest version, which will be released September 1st, will also detect Hooks of virtual function methods, intermodular vtable redirections and if you set verbosity high, it will list all modified relocated pointers in data sections. This hasn't been done before.

http://img9.abload.de/img/wutuqmn.png
http://h-3.abload.de/img/vmethods0evy.png
http://img9.abload.de/img/vtablehooksqou2.jpg
http://h-3.abload.de/img/hsharkmh1y.jpg

Anyways. I just wanted to point out that HookShark has no self-defense, only operates in usermode, and is in no way a reliable source of rootkit detection.
==================================
EDIT: HookShark 0.9
http://rapidshare.com/files/416679944/H ... k.rar.html
 #2623  by EP_X0FF
 Fri Sep 03, 2010 11:21 am
This topic contains discussion moved from sticky topic List of Anti-Rootkits
 #3334  by EP_X0FF
 Thu Nov 04, 2010 4:37 pm
Added to list of antirootkits, thanks.
 #3830  by a_d_13
 Fri Dec 03, 2010 4:17 pm
Hello,

Due to rootkit.com being down for some time now, the following tools have been mirrored here:
  • CsrWalker
  • DarkSpy 1.05
  • NIAP Rootkit Detect Tools
  • Process Walker
Thanks,
--AD
 #12428  by R136a1
 Sat Mar 31, 2012 10:39 am
64-bit Tools
New Tools Feel free to delete my thread after update!
 #12432  by EP_X0FF
 Sat Mar 31, 2012 11:46 am
Thanks for verifying list. Main list updated with additions and corrections. Joanna/S'n'S tools are missing. If somebody interested please attach them for historical/museum purposes.
 #12433  by Alex
 Sat Mar 31, 2012 12:10 pm
attached...
Attachments
Safe'n'Sec Rootkit Detector
(257.67 KiB) Downloaded 36 times
flister
(15.71 KiB) Downloaded 35 times
modGREPER 0.3
(29.92 KiB) Downloaded 35 times