找回密码
 立即注册
andhook查看进程 | 程序非源代码 2021-06-08 283 0star收藏 版权: . 保留作者信息 . 禁止商业使用 . 禁止修改作品
xuetr0.33,1.进程、线程、进程模块、进程窗口、进程内存、定时器、热键信息查看,杀进程、杀线程、卸载模块等功能2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除
9.注册表编辑
10.进程iat、eat、inline hook、patches检测和恢复
11.文件系统查看,支持基本的文件操作
12.查看(编辑)IE插件、SPI、启动项、服务、Host文件、映像劫持、文件关联、系统防火墙规则
13.ObjectType Hook检测和恢复
14.DPC定时器检测和删除

(1. Process, thread, process module, process window, process memory, timer, hotkey information view, kill process, kill thread, unload module and other functions
2. View kernel driver module and support memory copy of kernel driver module
3. View SSDT, shadow SSDT, FSD, KBD, TCPIP, IDT information, and detect and restore SSDT hook and inline hook
4. View the information of notify routes such as CreateProcess, createthread, loadimage, cmpcallback, bugcheckcallback, shutdown and Lego, and support the deletion of these notify routes
5. View the port information. At present, 2000 system is not supported
6. Check the message hook
7. Detection and recovery of IAT, eat, inline hook and patches of kernel module
8. Disk, volume, keyboard, network layer and other filter driver detection, and support deletion
9. Registry editing
10. Process IAT, eat, inline hook, patches detection and recovery
11. View the file system and support basic file operation
12. View (Edit) IE plug-in, SPI, boot item, service, host file, image hijacking, file association, system firewall rules
13. ObjectType hook detection and recovery
14. DPC timer detection and deletion)

1623130612739.rar



上一篇:DiE 0.65
下一篇:PowerTool