RootkitRevealer


RootkitRevealer, shown in Figure A-8, is a single-button rootkit detector. Just press the Scan button and read the output. System anomalies are displayed sequentially as they are found, and the Description column can usually help to determine the root cause of the anomaly.

image from book
Figure A-8

RootkitRevealer checks the file system and the registry using both high-level system calls and low-level parsing. Any discrepancy between these scans will be displayed.

As Sysinternals was recently acquired by Microsoft, and Microsoft is currently developing the Strider Ghostbuster rootkit detector, RootkitRevealer is expected to become part of Strider Ghostbuster internals.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net