Jump to content
Nytro

WinDBG Anti-RootKit Extension v1.5 released

By Nytro, in Reverse engineering & exploit development

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

WinDBG Anti-RootKit Extension v1.5 released

 

Posted on 15.02.2015 by SWW

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of the commands kernel-mode connection required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you’ll be happy.
wdbgark_chain_help_v1_5

Open source project hosted on GitHub, C++, nice Wiki – all of this made completely in my spare time just for fun. First public version is simple, but I have plans to continue development.

 

 

Sursa: http://sww-it.ru/2015-02-15/1242#.VuXglsjs4Ig.twitter

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...