RootkitRevealer is an advanced rootkit detection utility. It runs on Ms windows NT 4 and higher and its output lists Personal computer and computer file program API discrepancies that may indicate the use of a user-mode or kernel-mode rootkit.RootkitRevealer successfully detects many chronic rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
Since chronic rootkits work by changing API results so that a program perspective using APIs differs from the actual perspective kept in storage space, RootkitRevealer compares the results of a program check out at the biggest stage with that at the minimum stage. The maximum stage is the Ms windows API and the minimum stage is the raw contents of a computer file program volume or Personal computer hive (a hive computer file is the Registry's on-disk storage space format).
Thus, rootkits, whether customer method or kernel method, that manipulate the Ms windows API or native API to remove their existence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Ms windows API and that seen in the raw check out of a FAT or NTFS volume's computer file program structures.Download
No comments:
Post a Comment