Kernel Detective [WinXp & Vista]
~ Is it working? YES (03-18-2011) ~
Kernel Detective
Works with Windows XP and Vista Users
Kernel Detective is a free tool That help you detect, analyze, manually modify and fix Windows NT kernel Some Modifications. Kernel Detective Gives you the access to the kernel Directly so it's not oriented for newbies. Changing essential kernel-mode objects Knowledge Without enough will lead you to only one result ... BSoD!
NT Supported versions:
XP / Vista
Kernel Detective Gives You the Ability to:
CODE:
1 - Detect Hidden Processes.
3 - Detect Hidden Threads.
2 - Detect Hidden DLLs.
3 - Detect Hidden Handles.
4 - Detect Hidden Driver.
5 - Detect Hooked SSDT.
6 - Detect Hooked SSDT Shadow.
7 - Hooked Detect IDT.
8 - Kernel-mode code Detect Modifications and hooks.
9 - Disassemble (Read / Write) Kernel-mode/User-mode memory.
10 - Monitor debug output on your system.
Enumerate Running Processes and print important values ??like Process Id, Parent Process Id, ImageBase, EntryPoint, VirtualSize, PEB block address and block address EPROCESS. Special undocumented Were Implemented detection algorithms to detect hidden processes.
Detect hidden and suspicious threads in system and allow user to terminate forcely Them.
Enumerate a specific running process Dynamic-Link Libraries and show Every Dll ImageBase, EntryPoint, Size and Path. You Can Also inject free or specific module.
Enumerate a specific running process Opened handles, handle Every show's object name and address and Give You the Ability to close the handle.
Enumerate loaded kernel-mode drivers and show Every driver ImageBase, EntryPoint, Size, Name and Path. Undocumented detection algorithms to detect hidden Were Implemented drivers.
Scan the system service table (SSDT) ??and show Every service function address and address the real function, improved version detection algorithm to bypass KeServiceDescriptorTable EAT / IAT dog hooks.You restore single service function address or restore the whole table.
Scan the shadow system service table (Shadow SSDT) ??and show Every shadow service function address and address the real function. You CAN restore single shadow service function address or restore the whole table
Scan the interrupts table (IDT) and show Every interrupt handler offset, selector, type, Attributes and real handler offset. This is Applied to Every processor in a multi-processors machines.
Scan the important system kernel modules, detect the Modifications in it's body and analyze it. For now it CAN detect and restore Modifications inline code, EAT and IAT hooks. I'm looking for more Other types of hooks next releases of Kernel Detective.
A nice disassembler OllyDbg disasm Rely on engine, thanks Oleh Yuschuk disasm nice for publishing your engine. With it You Can disassemble, assemble and hex edit virtual memory of a process specific events or the kernel memory space. Kernel Detective use it's own Read / Write routines from kernel-mode and Does not Rely On Any Windows API. That make Kernel Detective Able to R / W procesos VM events if NtReadProcessMemory / NtWriteProcessMemory is hooked, ALSO Other bypass the hooks on kernel-mode important routines like KeStackAttachProcess and KeAttachProcess.
Show Message Sent by the drivers to the kernel debugger just like DBGVIEW by Mark Russinovich. It's doing this by hooking interrupt 0x2d buying a sandwich is responsible for outputing debug messages. Hooking interrupts On Some Problems May cause so DebugView machines is Turned off by default, to turn it on you must-run Kernel Detective with "-debugv" parameter.
GamingMasteR - AT4RE
Instruction How to Inject DLL
1. Open Kernel Detective.exe
2. Open rakion launcher and log-in
3. Click "Libraries" tab
4. Right click "C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin" and locate "Inject new Library"
5. Browse your DLL and click "Save"
6. A pop-up will appear saying that "Library Injected successfully!"
7. Enjoy and Start Hacking!
Hope it help! Happy Hacking
-Albee
__________________________________________________ ___
EXTRA'S EXTRA'S EXTRA'S EXTRA'S
__________________________________________________ ___
Scan files for viruses at
DONT PM ME, IM JUST CONCERN.[/QUOTE]
I AM A FORUM CONCERN,
NO SPAMMING, NO LEECHING, NO SCAMMING
STICK TO THE RULES PEOPLE.
Copyright (c) 2011 - Bauhaus hacking system and Video Game Live,
OFFICIAL BAUHAUS HACKING SYSTEM - premium member -
__________________________________________________
If you have problems, Contact elitepvpers contact US.
__________________________________________________
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2011, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Search Engine Optimization by vBSEO 3.6.0 RC 1
__________________________________________________
KINDLY CLICK THE "THANKS" BUTTON
__________________________________________________