(1. Process, thread, process module, process window, process memory, timer, hotkey information view, kill process, kill thread, unload module and other functions
2. View kernel driver module and support memory copy of kernel driver module
3. View SSDT, shadow SSDT, FSD, KBD, TCPIP, IDT information, and detect and restore SSDT hook and inline hook
4. View the information of notify routes such as CreateProcess, createthread, loadimage, cmpcallback, bugcheckcallback, shutdown and Lego, and support the deletion of these notify routes
5. View the port information. At present, 2000 system is not supported
6. Check the message hook
7. Detection and recovery of IAT, eat, inline hook and patches of kernel module
8. Disk, volume, keyboard, network layer and other filter driver detection, and support deletion
9. Registry editing
10. Process IAT, eat, inline hook, patches detection and recovery
11. View the file system and support basic file operation
12. View (Edit) IE plug-in, SPI, boot item, service, host file, image hijacking, file association, system firewall rules
13. ObjectType hook detection and recovery
14. DPC timer detection and deletion)