Illusionist
BANNED
http://www.xuetr.com/download/XueTr.zip
Source: Evil Octal Security Team (www.eviloctal.com)
Author of the article: sudami
If you are unfamiliar with window system, you still do not use this tool, even if you want to use, nor to use this tool at random operation.
For the following reasons, by the tool directly or indirectly lead to problems, I shall not be responsible for:
1. I am the level of vegetables, especially the window kernel, the maximum can only be considered a beginner, this tool is only an accessory I recently to learn
2. As I was window kernel beginners, in order to write more code in the kernel in order to improve my level, I put as much code written in the inner nuclear layer
3. Recently tend to be busy, although I am in all the system (2000/xp/2003/vista/2008) After a careful test, but still it is inevitable that areas of negligence
Quote:
The tool is initially achieve the following functions:
1. Process, thread, process module, process window messages to view, kill the process, kill thread, unload the module and other functions
2. Kernel driver module to view, support for the memory copy of the kernel driver module
3.SSDT, Shadow SSDT, FSD, IDT information view, and can detect and restore ssdt hook and inline hook
4.CreateProcess, CreateThread, LoadImage, Shutdown, Lego, etc. Notify Routine information to view, and to support the deletion of these Notify Routine
5. Port information to view, currently do not support the 2000 system
6. Look for the message hook
7. Kernel module iat, eat, inline hook, patches detection and recovery
8. Disks, volumes, keyboard, network layer, filter driver detection, and supports the deletion of
9. Registry Editor
10. Process, iat, eat, inline hook, patches detection and recovery
11. File system view, support for basic file operations
12. View (Edit) IE plug-in, SPI, Startup Items, service, Host file, image hijacking
13.ObjectType Hook detection and recovery
14.DPC timer detection and removal
0.29 version update list:
1. Added support for Win7 (BuildNumber 7600) support
2. Add to prohibit switching desktop functionality
3. Add to prohibit locking the computer function (testing found that Hook NtUserLockWorkStation difficult to use, no time to engage in a)
4.Notify Routine added BugCheckCallback display, remove features
5. Kernel Hook enhanced processing (a small number of machines will be false positives, mainly the current value of all 0's items, too lazy to get rid of, and no time to get in)
0.29 version update list:
1. Added support for Win7 (BuildNumber 7600) support
2. Add to prohibit switching desktop functionality
3. Add to prohibit locking the computer function (testing found that Hook NtUserLockWorkStation difficult to use, no time to engage in a)
4.Notify Routine added BugCheckCallback display, remove features
5. Kernel Hook enhanced processing (a small number of machines will be false positives, mainly the current value of all 0's items, too lazy to get rid of, and no time to get in)
Another useful link hxxp://www.ntinternals.org/dll_detection_test.php
Source: Evil Octal Security Team (www.eviloctal.com)
Author of the article: sudami
If you are unfamiliar with window system, you still do not use this tool, even if you want to use, nor to use this tool at random operation.
For the following reasons, by the tool directly or indirectly lead to problems, I shall not be responsible for:
1. I am the level of vegetables, especially the window kernel, the maximum can only be considered a beginner, this tool is only an accessory I recently to learn
2. As I was window kernel beginners, in order to write more code in the kernel in order to improve my level, I put as much code written in the inner nuclear layer
3. Recently tend to be busy, although I am in all the system (2000/xp/2003/vista/2008) After a careful test, but still it is inevitable that areas of negligence
Quote:
The tool is initially achieve the following functions:
1. Process, thread, process module, process window messages to view, kill the process, kill thread, unload the module and other functions
2. Kernel driver module to view, support for the memory copy of the kernel driver module
3.SSDT, Shadow SSDT, FSD, IDT information view, and can detect and restore ssdt hook and inline hook
4.CreateProcess, CreateThread, LoadImage, Shutdown, Lego, etc. Notify Routine information to view, and to support the deletion of these Notify Routine
5. Port information to view, currently do not support the 2000 system
6. Look for the message hook
7. Kernel module iat, eat, inline hook, patches detection and recovery
8. Disks, volumes, keyboard, network layer, filter driver detection, and supports the deletion of
9. Registry Editor
10. Process, iat, eat, inline hook, patches detection and recovery
11. File system view, support for basic file operations
12. View (Edit) IE plug-in, SPI, Startup Items, service, Host file, image hijacking
13.ObjectType Hook detection and recovery
14.DPC timer detection and removal
0.29 version update list:
1. Added support for Win7 (BuildNumber 7600) support
2. Add to prohibit switching desktop functionality
3. Add to prohibit locking the computer function (testing found that Hook NtUserLockWorkStation difficult to use, no time to engage in a)
4.Notify Routine added BugCheckCallback display, remove features
5. Kernel Hook enhanced processing (a small number of machines will be false positives, mainly the current value of all 0's items, too lazy to get rid of, and no time to get in)
0.29 version update list:
1. Added support for Win7 (BuildNumber 7600) support
2. Add to prohibit switching desktop functionality
3. Add to prohibit locking the computer function (testing found that Hook NtUserLockWorkStation difficult to use, no time to engage in a)
4.Notify Routine added BugCheckCallback display, remove features
5. Kernel Hook enhanced processing (a small number of machines will be false positives, mainly the current value of all 0's items, too lazy to get rid of, and no time to get in)
Another useful link hxxp://www.ntinternals.org/dll_detection_test.php
Last edited:
