52ky 发表于 2022-9-10 12:14:10

ARK工具—XueTr

主要功能1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能2.内核驱动模块查看,支持内核驱动模块的内存复制3.SSDT、ShadowSSDT、FSD、KBD、TCPIP、IDT信息查看,并能查看和恢复ssdthook和inlinehook4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等NotifyRoutine信息查看,并支持对这些NotifyRoutine的删去5.端口信息查看,现在不支持2000系统6.查看消息钩子7.内核模块的iat、eat、inlinehook、patches查看和恢复8.磁盘、卷、键盘、网络层等过滤驱动查看,并支持删去9.注册表修正10.进程iat、eat、inlinehook、patches查看和恢复11.文件系统查看,支持基本的文件操作12.查看(修正)IE插件、SPI、启动项、服务、H/OST文件、映像绑架、文件关联13.ObjectTypeHook查看和恢复14.DPC定时器查看和删去15:配置工具:阻止创建线程、进程、文件、注册表值、加载模块、注入消息钩子、阻止待机、刊出、关机、重启、修正系统时刻、切换桌面、锁定计算机、阻止重置注册表值关机:强行重启别的:窗口置顶

(Main functions 1. Process, thread, process module, process window, process memory information view, hot key information view, kill process, kill thread, uninstall module and other functions 2. Kernel driver module view, support memory copy of kernel driver module 3. View SSDT, ShadowSSDT, FSD, KBD, TCPIP, IDT information, and can view and restore NotifyRoutine information such as ssdthook and inlinehook4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc., and support the deletion of these NotifyRoutines5 .Port information view, currently does not support 2000 system 6. View message hooks 7. View and restore iat, eat, inlinehook, patches of kernel modules . Registry correction 10. Process iat, eat, inlinehook, patches view and restore 11. File system view, support basic file operations 12. View (amend) IE plug-ins, SPI, startup items, services, H/OST files, images Kidnapping, file association 13. ObjectTypeHook view and restore 14. DPC timer view and delete 15: Configuration tools: prevent the creation of threads, processes, files, registry values, load modules, inject message hooks, prevent standby, publication, shutdown , restart, fix system time, switch desktop, lock computer, prevent resetting registry value Shutdown: force restart Other: window on top)




页: [1]
查看完整版本: ARK工具—XueTr