Results 1 to 3 of 3

Thread: ExcpHook 0.0.5-rc2

  1. #1

    ExcpHook 0.0.5-rc2

    Just to inform you guys, I've released the new ExcpHook.

    Places to download:
    http://www.woodmann.com/collaborative/tools/index.php/ExcpHook
    http://code.google.com/p/openrce-snippets/
    http://gynvael.coldwind.pl/?id=148

    Places for feedback:
    http://gynvael.coldwind.pl/?id=148
    This post.

    ExcpHook Exception Monitor is an exception monitor, made for Windows XP. The monitoring part is kernel-level (technically, in a driver), so in opposite to user-land monitors, ExcpHook does not have to be a debugger for the monitored processes, nor it doesn't have to change their environment/code/data in anyway. Additionally, ExcpHook is not tied up with one process - it monitors every process in the system, letting the user filter out the interesting processes by providing a part of the image name of the process.

    Code:
    0.0.4 -> 0.0.5-rc2
    * Fixed 100% CPU eating bug
    * Rewritten the code to use IOCTL insted of Write/Read
    * Added driver status checking mechanism
    * Commented the source code, made it more readable
    * Fixed multiCPU/multicore race condition possibility
    * Fixed BSoD on some systems when patching the kernel
    * Added some more spinlocks here and there
    * Fixed BSoD on some kernel versions, the signature seeking
    mechanism has been changed to a more decent one
    * Added general/control register logging/display
    * Added image name acquiring from EPROCESS
    * Added one-instatnce-at-a-time limit (this is needed due to design)
    * Added disasembly display (using diStorm lib)
    * Added some more minor things
    gynvael.coldwind//vx

  2. #2
    iawen
    Guest
    Thanks
    This is a nice Tool!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Very nice, thanks for the heads-up and the CRCETL update.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •