wincheck

Forum for announcements and questions about tools and software.
User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

wincheck

Post by redp » Mon Nov 21, 2011 9:06 pm

Check Wincheck

User avatar
Cr4sh
Posts: 77
Joined: Sun Mar 14, 2010 6:07 pm

Re: wincheck

Post by Cr4sh » Mon Nov 21, 2011 9:14 pm

Nice tool for anomalies detection, much more powerful than most of the "classical" anti-rootkits.
Surprisingly stable: no BSoDs on my test machines since early beta releases.

User avatar
CloneRanger
Posts: 124
Joined: Sat Aug 14, 2010 11:54 pm

Re: wincheck

Post by CloneRanger » Tue Nov 22, 2011 8:21 am

@ redp

Thanks for the tool :) After allowing it through several of my security Apps i was able to run it. When it completed though it closed with no visable Log ? I expected to see one in the same folder i placed Wincheck. Where should it be ?

Also i got a FP from Avira !
You do not have the required permissions to view the files attached to this post.
Malware = If your names not down, you're Not coming in !

User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

Re: wincheck

Post by redp » Tue Nov 22, 2011 8:30 am

Just bad detect. I suspect because KeServiceDescriptorTable presents in import table ;)
wincheck writes to standard stdout, so just redirect it to file
Check Wincheck

User avatar
CloneRanger
Posts: 124
Joined: Sat Aug 14, 2010 11:54 pm

Re: wincheck

Post by CloneRanger » Tue Nov 22, 2011 8:32 am

wincheck writes to standard stdout, so just redirect it to file
What's the easiest way to do that, i'm no expert ;)

TIA
Malware = If your names not down, you're Not coming in !

User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

Re: wincheck

Post by redp » Tue Nov 22, 2011 8:37 am

run cmd.exe as administrator
type:
fullpath2wincheck > some.log
Check Wincheck

User avatar
CloneRanger
Posts: 124
Joined: Sat Aug 14, 2010 11:54 pm

Re: wincheck

Post by CloneRanger » Tue Nov 22, 2011 8:39 am

run cmd.exe as administrator
type:
fullpath2wincheck > some.log
OK thanks :)
Malware = If your names not down, you're Not coming in !

User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

Re: wincheck

Post by redp » Wed Nov 30, 2011 7:56 pm

uploaded new version
Changelog:
- add -f option to point log file name
- add -k option for processes killing
- add -uem option for finding strange memory ranges with executable attributes. Not considered memory mapped for loaded modules, PEB.GdiSharedHandleTable & SHAREDINFO.aheList
Check Wincheck

User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

Re: wincheck

Post by redp » Sat Dec 03, 2011 1:39 pm

new version
Can print system threads with -st option
Check Wincheck

User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

Re: wincheck

Post by redp » Mon Dec 19, 2011 2:45 pm

uploaded new version
Now it's able to dump all KTIMERs with option -kt on both 32 & 64bit
Check Wincheck

Post Reply