Rootkit Detector: Version 2

I recently decided to rework a piece of code I wrote earlier this year, and decided to expand upon it.

My intent is to eventually have something resembling a fully fledged rootkit-detector, but I think thats still a while off.
I did however add a few new functions that my previous version didnt have. Rootkit Detector is thus able to detect both SSDT pointer and detour (trampoline) hooks. Included is also the ability to detect processes hidden by various methods, this function does occasionally spit out process detritus.

I also had some fun and reworked the GUI and came up with a cool way of doing so. I thought it came out looking pretty stylish (as you can see in the screenshot below :P).

You can download it here:
EXE Download (.zip)
Some screenshots:
In action…
The reworked GUI again

And the original programs post

Note: wont work on pre XP-sp2 systems. Nor do I think it will work on Vista.


~ by Rhys Mossom on December 25, 2007.

17 Responses to “Rootkit Detector: Version 2”

  1. اخباركم ايه

  2. فوضى

  3. الهكر بيمسى

  4. الجندى

  5. رضا بيمسى على كل الموجودين واى خدمه

  6. رضا الكبيربيمسى

  7. In english? I dont speak Arabic or whatever other language that is.

  8. where can i get this? 😛

  9. I’ll update it and put it up here shortly.

  10. RHYS!
    You need to post some more C tutorials!!

  11. Do you plan to release its source code for people with educational purposes?

  12. I hadnt planned on doing so, but perhaps I’ll do so.
    I need to post stuff anyway.
    Got a DirectX project I was working on and an article I started writing on buffer-overflows. I just cant seem to get around to finish any of them though.

  13. Hey Rhys! It would be nice if you released the source for that GUI :]

  14. After finding rootkits how do you know if one or all should be deleted and hidden items ……

  15. Good judgment.

  16. it looks really cool and is useful. it’d be kind if you would also release its source code 🙂 thanks anyways

  17. […] [ Blog Post ] Rootkit Detector Version 2 […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: