Hidetoolz 2.2 3
I am curious on finding out what your opinions are on your favorite Anti-Rootkit tool and Host-based Prevention OR detection system, and also why it is your favorite/best found? (A screenshot would also be nice if you have some time. I have to say Radix is my favorite Anti-Rootkit tool: I have tried many different Anti-Rootkit tools (IceSword, RkUnhooker, Kernel Detective, NIAP tools, Gmer etc) and none seem to be able to compare to the power and functionality for which tool implements in its scans. Special highlights for me is the ability to Detect and Fix SSDT and IAT hooks. That will bring almost any rootkit (Including antirootkit tools which protect themselves using their driver) For an HIPS, I am currently on the search for, but one of my favorites so far is HideToolz. Here is a DL link which I uploaded to mediafire.com (I cannot recall exactly where it came from, but I am pretty sure it was a russian or chinese security forum) EPX0FF might know of the forum.
This is v2.1 the latests I know of: What I really enjoy in this tool is its SSDT hooks on shutdown & hibernation/standby events. Hmm, I wonder if this topic should go into the Maleware section instead.
In any case, has anyone stumbled across any tools that list hooks installed by SetWindowsHookEx besides IceSword? (Would be nice to find a tool possibly with sorting columns.) I am also curious if there are ways to also find the hook handle (hHook) of all the installed hooks, enabling the ability to uninstall them (via UnhookWindowsHookEx). I know you could always eject the Dll using Ritchers method of CreateRemoteThread (tools just as Unlocker) will do that, but from what I have seen, that can cause problems and crash any process whos thread trys to execute code in the area where the Dll WAS just mapped, but no longer is. @PROROOTECT Are you sure that is the homepage for HideToolz? I ask this because it seems to only list v1.6 and I current found v2.1 somewhere.
@GamingMasteR All I can say is Wow! This is like an IceSword Upgrade. (It is unfortunate that it cannot actually unhook the hooks by SetWindowsHookEx, but providing the hHook (Hook Handle) is all I need really. UnhookWindowsHookEx can work fine from that information alone. I am curious what the code looks like that can read these hooks in the kernel. (I guess if its ASM then I am screwed: ) NIAP Tools Yes the driver does not load for me either.
It must be a little buggy still. DSE This tool has potential. I wish icons were provided for a better GUI. It has features no other tools have, but I still feel like it is missing something. Indeed I do wish it was free. Is it just me, or do you also have a hard time paying for software?
(Still waiting for this app to be cracked:P) Kx-Ray Okay, this is the kind of tool I have been waiting for. Amazingly compact and lists all the windows hooks (as well as unhooks them) but lacks column sorting and window expansion. (I was playing around with expanding its list with my window spy (made the list owned by the desktop window to make it popout of its previous parent windows, and then added the WSSIZEBOX.) What I would like to know is where on earth you dug up ATools and Kx-Ray. Also, I would like to say I really enjoy your Kernel Detective (Tried v1.2:) I forgot that it has something radix does not: SSDT Shadow. I am not familiar with these kind of kernel tables, but if I had to guess it would be something with win32k.sys since this appears to have the NT Kernel API equivalents to what User32.dll and GDI32.dll implement. Something really interesting I saw is how it just informed by how HideToolz is able to remove windows as if they do not exist: Anyway, I seriously need to start compiling a list of some of the Home sites & DL-Links of these highly useful Anti-RK Tools. @Frank Hmm, I tried doing some google searching for RKU VX, although I was unable to get a working DL link from various other forums.
Perhaps you can point me to the site or a place I can try this one out? Thanks Matt Another useful thing in ATool is that it can show/restore original FSD IRP Hanlders! There're other tools that could be useful and no much heard about it, this tool is from sysnap but it's in chinese so i can't reallyknow how to use it (but it seems interresting): This also another great tool in japanese: - RKU VX is a private tool, you won't find it! - @Cretemonster: you are right.
Hey, i am a vista 32 bit user and im trying to lauch hidetoolz 2.2 which is made for vista. But wjen i double click the exe i get this error: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.
Hide Toolz Rf Online
My user account is running as administrator and also if i right click and run as admin i get the same error. Does anyone maybe know how i can fix this. This problem onlly appears when i try to launch this exe. I dont have any other problems with other exe.files. Here is the link of it: I am using avg antivirus also. Thx for help.