Rootkit Detector: Version 2

I recently decided to rework a piece of code I wrote earlier this year, and decided to expand upon it.

My intent is to eventually have something resembling a fully fledged rootkit-detector, but I think thats still a while off.
I did however add a few new functions that my previous version didnt have. Rootkit Detector is thus able to detect both SSDT pointer and detour (trampoline) hooks. Included is also the ability to detect processes hidden by various methods, this function does occasionally spit out process detritus.

I also had some fun and reworked the GUI and came up with a cool way of doing so. I thought it came out looking pretty stylish (as you can see in the screenshot below :P).

You can download it here:
EXE Download (.zip)
Some screenshots:
In action…
The reworked GUI again

And the original programs post

Note: wont work on pre XP-sp2 systems. Nor do I think it will work on Vista.

~ by Rhys Mossom on December 25, 2007.

Posted in Hacking, Programming, Reverse-Engineering
Tags: , , , , , , , , ,

17 Responses to “Rootkit Detector: Version 2”

  1. اخباركم ايه

    reda said this on December 30, 2007 at 10:29 am

  2. فوضى

    reda said this on December 30, 2007 at 10:29 am

  3. الهكر بيمسى

    reda said this on December 30, 2007 at 10:34 am

  4. الجندى

    reda said this on December 30, 2007 at 10:41 am

  5. رضا بيمسى على كل الموجودين واى خدمه

    reda said this on December 30, 2007 at 10:42 am

  6. رضا الكبيربيمسى

    reda said this on December 30, 2007 at 9:02 pm

  7. In english? I dont speak Arabic or whatever other language that is.

    Rhys M. said this on December 31, 2007 at 7:48 pm

  8. where can i get this? 😛

    felipEx said this on February 26, 2008 at 9:56 pm

  9. I’ll update it and put it up here shortly.

    Rhys M. said this on February 27, 2008 at 3:33 pm

  10. RHYS!
    You need to post some more C tutorials!!

    Tyler said this on April 17, 2008 at 3:06 am

  11. Do you plan to release its source code for people with educational purposes?

    J said this on June 16, 2008 at 1:09 am

  12. I hadnt planned on doing so, but perhaps I’ll do so.
    I need to post stuff anyway.
    Got a DirectX project I was working on and an article I started writing on buffer-overflows. I just cant seem to get around to finish any of them though.

    Rhys M. said this on June 18, 2008 at 8:37 pm

  13. Hey Rhys! It would be nice if you released the source for that GUI :]

    nwongfeiying said this on April 15, 2009 at 11:46 pm

  14. After finding rootkits how do you know if one or all should be deleted and hidden items ……

    Joe said this on December 3, 2009 at 8:48 pm

  15. Good judgment.

    Rhys M. said this on December 6, 2009 at 7:59 pm

  16. it looks really cool and is useful. it’d be kind if you would also release its source code 🙂 thanks anyways

    guest x said this on August 8, 2011 at 3:22 pm

  17. […] [ Blog Post ] Rootkit Detector Version 2 […]

    SSDT Hook/Rootkit Detector: Version 1 | said this on July 5, 2013 at 2:05 pm

Leave a comment