Main functions:
1. View information about processes, threads, process modules, and process windows, kill processes, kill threads, and uninstall modules, etc.
2. View the kernel driver module and support the memory copy of the kernel driver module.
3. View SSDT, Shadow SSDT, FSD, and IDT information, and can detect and restore ssdt hook and inline hook
4. View Notify Routine information such as CreateProcess, CreateThread, LoadImage, Shutdown, Lego, etc., and support the deletion of these Notify Routines.
5. View port information, currently does not support 2000 system
6. View message hooks
7. Kernel module iat, eat, inline hook, patches detection and recovery
8. Disk, volume, keyboard, network layer and other filter driver detection and support deletion
9. Registry editing
10. Process iat, eat, inline hook, patches detection and recovery
11. File system viewing, supporting basic file operations
12. View (edit) IE plug-ins, SPI, startup items, services, Host files, image hijacking
13.ObjectType Hook detection and recovery
14.DPC timer detection and deletion
Update log:
V0.45 version:
*Fixed several bugs. Fixed several bugs
V0.44 version:
1. Add the function of exporting all logs (computer physical examination)
2. Added a "love donation" message in About (called begging by someone)
3. Fixed a false alarm in the object hijacking detection part for DR0 lower-layer devices (Thanks to dl123100 for feedback many times, I haven’t changed it after N times of feedback, sorry)
4. Fixed some bugs reported by FC, XueTr groups and stuck fans.
Useful
Useful
Useful