Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31

Thread: Kernel Detective - new security & analysis tool

  1. #16
    @evilcry:
    I didn't try on VMWare, some friends tried on VMWare but they didn't get the same result of yours .
    Maybe you can send me the crash-dump file ?

    Thanks,
    --GM

  2. #17
    Registered User
    Join Date
    Aug 2005
    Location
    Italy
    Posts
    133
    Blog Entries
    31
    Hi GamingMasteR,

    The problem shoud be caused by the presence of Syses (kmode debugger),
    in every case I'll send you the dmp file =)

    Regards,
    Giuseppe 'Evilcry' Bonfa'

    http://evilcry.netsons.org (Repository)
    http://evilcodecave.blogspot.com
    http://evilcodecave.wordpress.com

  3. #18
    I appreciate your help, thanks in advance .

  4. #19

    Smile

    Kernel Detective v1.2


    [+] Now Support Vista Service Pack 1 (Build 6001) .
    [+] Added Hidden/Suspicious Threads Detection .
    [+] Added Smart Process Termination Technique .
    [*] Improved Handles Detection .
    [*] Improved Processes Detection .
    [*] Improved Drivers Detection .
    [*] Improved User-mode Memory Reader On Vista .
    [!] Fixed bug in IAT Hooks Detection .

    Download Link:
    Code:
    http://www.at4re.com/files/Tools/Releases/GamingMasteR/Kernel_Detective_v1.2.zip

  5. #20
    What's new in v1.3.0 :
    [+] Support for Vista SP2
    [+] Suspend/Resume Process/Thread
    [+] Force Resume Process/Thread
    [+] Unloaded drivers viewer
    [+] Object Types viewer
    [+] Timer Objects viewer
    [+] Kernel Notification Callbacks viewer (Process/Thread/Image/Registry)
    [+] Added simple hex viewer with the disassembler
    [+] Force Delete files (even files in use)
    [+] File Signature Verifying
    [+] Ability to save list contents
    [*] Improved Hidden Drivers Detection
    [*] Improved disassembler coloring
    [!] Fixed annoying problem with listview sorting and refreshing
    [!] Fixed known minor bugs in v1.2.1

    Download Link :
    http://www.at4re.com/files/Tools/Releases/GamingMasteR/KERNEL_DETECTIVE_V1.3.0.ZIP


    SHA-256 : 7E01B3DA8B844C45B69CE1F3615FC0350D26C56B93AFE82E2F1756A318266011

  6. #21
    hi GamingMasteR i just wonder about a feature of your tool (if it is a feature)
    when softice is loaded/or not loaded the "GUI Settings" shows a red color (only to derokos website) the other are grayed
    is that some kind of detection ? i didnt find anything in the readme to that
    Last edited by Elenil; June 20th, 2009 at 22:00.

  7. #22
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    I get a virus alarm with your Kernel_detective exe file.

    What gives?

  8. #23
    @Elenil:
    YES, Deroko is a big rootkit
    The color on deroko's line is sample for a warning line's color, play abit with warning colors and it will change

    @naides:
    It's not malicious
    Only F/Ps
    Code:
    http://forum.sysinternals.com/forum_posts.asp?TID=19056&PID=100697#100697

  9. #24
    Quote Originally Posted by naides View Post
    I get a virus alarm with your Kernel_detective exe file.

    What gives?
    I would guess it's the presence of a driver and the API's it uses. Any tool that accesses the system at a very low level that isn't as well known (and therefore whitelisted) will probably trigger an AV alert.

  10. #25

    Kernel Detective v1.3.1 :
    [+] Support For WINDOWS SEVEN BUILD 7600
    [+] Added Bugcheck(Reason) Callback Notifications Detection
    [+] Added Hidden DLLs Detection
    [+] Added New Features For DLLs (ZeroMemory/UnmapMemory)
    [+] Added Unicode/Ascii String Reference In Disassembler Window
    [+] Added Physical Memory Dumper
    [+] Added Thread Stack Trace
    [+] Added "Copy" and "Select all" Hot-keys (Ctrl+A Ctrl+C)
    [*] Improved Files Operations (Open/Copy/Kill)
    [*] Application Windows Now Have XP Visual Style
    [*] Tabs Now Are Multilined
    [!] Fixed Bug In Callbacks Detection For VISTA BUILD 6000
    [!] Fixed Processes Row Selection
    [!] Fixed Listview Selection And Sorting Bugs
    [!] Fixed Bugs In Kernel Driver Installation Process


    Download Link :
    Code:
    http://www.at4re.com/files/Tools/Releases/GamingMasteR/Kernel_Detective_v1.3.1.zip

    SHA-256 :
    B4E09993409F3B85989BFF048BDBF9D423468416E7D97843CF80C950E4737A26

  11. #26
    What's new in v1.4.0 :
    - Added plugins system
    - Added support for windows server 2008, seven sp1
    - Enhanced stability on NT 6.0+ (windows vista/seven)
    - Improved driver scan
    - Improved code hook scan
    - Fixed bug prevent the tool from working on windows xp
    - Fixed bug related to long paths
    - Fixed bug in process/driver dumper
    - Fixed bug in IDT scan


    Download Link :
    http://www.mediafire.com/?94hb182iirjpvcr


    SHA-256 :
    3C0D5426A2FE65EB72FB4F6A396C4CF83285B38EAE188B41C6F8D048157FF6DF

  12. #27
    What's new in v1.4.1 :
    - Fixed possible BSOD when scanning processes
    - Fixed bug in callbacks scanning
    - Enhanced showing files properties and signature verifying
    - Skeleton SDK for VS2008 included


    Download Link :
    http://www.mediafire.com/?o4mwekn7jtizdi4


    SHA-256 :
    619E9AE64CC9DE82DD35CB3469D413E8C78A57EC8021B8450B6EAD15526562D7

  13. #28
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Thanks for keeping you tool updated and letting us know about it GamingMasteR.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  14. #29
    [QUOTE=GamingMasteR;88560]What's new in v1.4.1 :]

    Running Win 7 on laptop. If I double-click Kernel Detective.exe, it returns an error message: 'Unable to install the system component'. If I double-click Dbgview.bat, it opens a command window and does nothing. The command window closes automatically.

    Ctrl-D wont bring it back (that's a softice joke).

    Has my brain stopped working? I have begun to suspect that might be the case.

    I am running a Comodo firewall with the anti-virus feature running. It asked me if I wanted to sandbox the app and I selected yes. May have been a mistake. However, the app appears in Comodo as a trusted app.

  15. #30
    Hello WaxfordSqueers,

    You need to :
    - Run it on 32-bit OS
    - Run it with admin privilege (right click -> run as administrator)
    - No sandboxing if it will prevent the kernel-mode driver from loading

    Regards.

Similar Threads

  1. security test
    By daniel in forum The Newbie Forum
    Replies: 1
    Last Post: December 2nd, 2005, 11:15
  2. Kernel reverse engineering tool
    By Opcode in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: April 29th, 2004, 13:54
  3. M.sc in security(RE,...)?
    By akimp3 in forum Off Topic
    Replies: 1
    Last Post: April 11th, 2004, 19:18

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •