wincheck

Forum for announcements and questions about tools and software.

wincheck

Postby redp » Mon Nov 21, 2011 9:06 pm

Check Wincheck
User avatar
redp
 
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Reputation point: 17

Re: wincheck

Postby Cr4sh » Mon Nov 21, 2011 9:14 pm

Nice tool for anomalies detection, much more powerful than most of the "classical" anti-rootkits.
Surprisingly stable: no BSoDs on my test machines since early beta releases.
User avatar
Cr4sh
 
Posts: 77
Joined: Sun Mar 14, 2010 6:07 pm
Reputation point: 88

Re: wincheck

Postby CloneRanger » Tue Nov 22, 2011 8:21 am

@ redp

Thanks for the tool :) After allowing it through several of my security Apps i was able to run it. When it completed though it closed with no visable Log ? I expected to see one in the same folder i placed Wincheck. Where should it be ?

Also i got a FP from Avira !
You do not have the required permissions to view the files attached to this post.
Malware = If your names not down, you're Not coming in !
User avatar
CloneRanger
 
Posts: 124
Joined: Sat Aug 14, 2010 11:54 pm
Reputation point: 14

Re: wincheck

Postby redp » Tue Nov 22, 2011 8:30 am

Just bad detect. I suspect because KeServiceDescriptorTable presents in import table ;)
wincheck writes to standard stdout, so just redirect it to file
Check Wincheck
User avatar
redp
 
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Reputation point: 17

Re: wincheck

Postby CloneRanger » Tue Nov 22, 2011 8:32 am

wincheck writes to standard stdout, so just redirect it to file


What's the easiest way to do that, i'm no expert ;)

TIA
Malware = If your names not down, you're Not coming in !
User avatar
CloneRanger
 
Posts: 124
Joined: Sat Aug 14, 2010 11:54 pm
Reputation point: 14

Re: wincheck

Postby redp » Tue Nov 22, 2011 8:37 am

run cmd.exe as administrator
type:
fullpath2wincheck > some.log
Check Wincheck
User avatar
redp
 
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Reputation point: 17

Re: wincheck

Postby CloneRanger » Tue Nov 22, 2011 8:39 am

run cmd.exe as administrator
type:
fullpath2wincheck > some.log


OK thanks :)
Malware = If your names not down, you're Not coming in !
User avatar
CloneRanger
 
Posts: 124
Joined: Sat Aug 14, 2010 11:54 pm
Reputation point: 14

Re: wincheck

Postby redp » Wed Nov 30, 2011 7:56 pm

uploaded new version
Changelog:
- add -f option to point log file name
- add -k option for processes killing
- add -uem option for finding strange memory ranges with executable attributes. Not considered memory mapped for loaded modules, PEB.GdiSharedHandleTable & SHAREDINFO.aheList
Check Wincheck
User avatar
redp
 
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Reputation point: 17

Re: wincheck

Postby redp » Sat Dec 03, 2011 1:39 pm

new version
Can print system threads with -st option
Check Wincheck
User avatar
redp
 
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Reputation point: 17

Re: wincheck

Postby redp » Mon Dec 19, 2011 2:45 pm

uploaded new version
Now it's able to dump all KTIMERs with option -kt on both 32 & 64bit
Check Wincheck
User avatar
redp
 
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Reputation point: 17

Next

Return to Tools/Software

Who is online

Users browsing this forum: No registered users and 3 guests