From Collaborative RCE Tool Library

Jump to: navigation, search

Anti Hook Test Tools


Tool name: GMER
Rating: 0.0 (0 votes)
Author: Przemyslaw Gmerek                        
Website: http://www.gmer.net
Current version: 1.0.14.14205
Last updated: March 5, 2008
Direct D/L link: http://www.gmer.net/gmer.zip
License type: Free
Description: GMER is an application that detects and removes rootkits .

It scans for:
* Hidden processes
* Hidden threads
* Hidden modules
* Hidden services
* Hidden files
* Hidden Alternate Data Streams
* Hidden registry keys
* Drivers hooking SSDT
* Drivers hooking IDT
* Drivers hooking IRP calls
* Inline hooks


GMER also allows to monitor the following system functions:
* Processes creating
* Drivers loading
* Libraries loading
* File functions
* Registry entries
* TCP/IP connections

GMER runs on Windows NT/W2K/XP/VISTA
Also listed in: Kernel Hook Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: HookExplorer
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://labs.idefense.com/software/malcode.php
Current version:
Last updated: March 16, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: HookExplorer is a small utility designed to scan a target process and identify any user land hooks that may be installed by unknown code.

Detects IAT and detours style hooks, and allows the user to define an 'ignore list' to help cut through results.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RAIDE
Rating: 0.0 (0 votes)
Author: petersilberman                        
Website: http://www.rootkit.com/project.php?id=33
Current version: Beta 1
Last updated: August 6, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: RAIDE stands for Rootkit Analysis Identification Elimination. RAIDE is a rootkit detection/removal tool. RAIDE offers unique features like process dumping/firewall identification etc.
Also listed in: Kernel Hook Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rootkit Unhooker
Rating: 0.0 (0 votes)
Author: EP_X0FF                        
Website: http://rku.nm.ru
Current version: 3.7.300.509
Last updated: November 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Rootkit Unhooker LE (RkU) is an advanced rootkit detection/removal utility, designed specially for advanced users and IT professionals. It runs under 32bit Windows 2000, Windows XP, Windows 2003 Server and Windows Vista.

The project was discontinued when it was bought up by Microsoft in November 2007.
Also listed in: Kernel Hook Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SSDT Revealer
Rating: 0.0 (0 votes)
Author: ZaiRoN                        
Website: http://zairon.wordpress.com/2007/03/20/tool-system-service-descriptor-table-revealer/
Current version: 1.0
Last updated: March 20, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: This is little tool I’ve coded some times ago. The name says it all, it reveals System Service Dispatch Table showing possible hooks over one or more functions. It was born as a part of a more complex tool, which is still unfinished.. SSDT revealer is nothing special but could come in handy.

The program has been developed under Win-XP. It should run on other OSs but I really don’t know. Again, it’s a personal program and I didn’t spend nights and nights trying to find one or more bug, when a bug occours I fix it. If you find a bug or something else, please, don’t hesitate to contact me.
Also listed in: Kernel Hook Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There is one subcategory to this category.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:Anti_Hook_Test_Tools"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (99)
   Categorized by Tool Type  (628)
   Anti Anti Test Tools  (8)
   Anti Debug Test Tools  (2)
   Anti Hook Test Tools  (5)
   VM Detection Test Tools  (1)
   Assemblers  (14)
   Code Coverage Tools  (9)
   Code Injection Tools  (17)
   Code Ripping Tools  (1)
   Crypto Tools  (2)
   Data Extraction Tools  (14)
   Debuggers  (26)
   Decompilers  (13)
   Deobfuscation Tools  (5)
   Dependency Analyzer Tools  (3)
   Diff Tools  (26)
   Disassemblers  (25)
   Dongle Tools  (8)
   Exe Analyzers  (22)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (9)
   Hex Editors  (10)
   Kernel Tools  (5)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (6)
   Monitoring Tools  (68)
   Network Tools  (12)
   PE Executable Editors  (42)
   Packers  (10)
   Patch Packaging Tools  (6)
   Profiler Tools  (9)
   Programming Libraries  (23)
   Regular Expression Tools  (3)
   Resource Editors  (7)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (5)
   System Information Extraction Tools  (4)
   Technical PoC Tools  (3)
   Test and Sandbox Environments  (12)
   Tool Extensions  (103)
   Tool Hiding Tools  (1)
   Tool Signatures  (19)
   Tracers  (10)
   Unpacking Tools  (35)
   Needs New Category