Привет всем! Вышел в свет новый антируткит (сайт www.tuluka.org). Список возможностей: Detects hidden processes, drivers and devices Detects IRP hooks Identifies the substitution of certain fields in DRIVER_OBJECT structure Checks driver signatures Detects and restores SSDT hooks Detects suspicious descriptors in GDT IDT hook detection SYSENTER hook detection Displays list of system threads and allows you to suspend them IAT and Inline hook detection Shows the actual values of the debug registers, even if reading these registers is controlled by someone Allows you to find the system module by the address within this module Allows you to display contents of kernel memory and save it to disk Allows you to dump kernel drivers and main modules of all processes Allows you to terminate any process Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more Allows to build the stack for selected device Much more.. Есть поддержка русского языка Libertad.
