[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

Forum for announcements and questions about tools and software.

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2012-11-10)

Postby xanax » Thu Nov 29, 2012 1:11 pm

Attach few crash dumps maded after using Win64AST

0x000000CE -> DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (CE) -> immediately after try to exit
0x00000050 -> PAGE_FAULT_IN_NONPAGED_AREA (50)
0x00000109 -> CRITICAL_STRUCTURE_CORRUPTION (109) -> after hide processes

on Win 8, in Drivers tab, when check Hide Signed Items and refresh nothing is hidden, not even one signed driver, on Win 7 is OK except Win64AST.sys
on Win 8, in Process tab when do same thing maybe few signed is hidden, not all, on Win 7 is OK
in Process if uncheck Hide Deleting items, refresh and then select hidden item and Scan Module patch, program will crash (Fault Module Name: Win64AST.DLL)
You do not have the required permissions to view the files attached to this post.
xanax
 
Posts: 21
Joined: Thu May 13, 2010 11:09 pm
Reputation point: 0

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2012-11-10)

Postby m5home » Tue Dec 04, 2012 10:08 am

xanax wrote:Attach few crash dumps maded after using Win64AST

0x000000CE -> DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (CE) -> immediately after try to exit
0x00000050 -> PAGE_FAULT_IN_NONPAGED_AREA (50)
0x00000109 -> CRITICAL_STRUCTURE_CORRUPTION (109) -> after hide processes

on Win 8, in Drivers tab, when check Hide Signed Items and refresh nothing is hidden, not even one signed driver, on Win 7 is OK except Win64AST.sys
on Win 8, in Process tab when do same thing maybe few signed is hidden, not all, on Win 7 is OK
in Process if uncheck Hide Deleting items, refresh and then select hidden item and Scan Module patch, program will crash (Fault Module Name: Win64AST.DLL)


Thank you. I will try to fix this bug on next version.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.
User avatar
m5home
 
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am
Reputation point: 50

New Version Released!

Postby m5home » Mon Dec 10, 2012 12:23 pm

WIN64AST 1.00 BETA5(with DIGITAL SIGNATURE)
What's new:
1.Enum/Restore FSD dispatch functions
2.Enum/Restore kernel objects
3.Enum/Stop IO Timer & DPC Timer
4.Enum/Remove minifilter & filter driver
5.Enum/Delete object callback(callback created by ObRegisterCallbacks)
6.Show remote IP geography address of net connection
7.Detect MBR Rootkit(WORK ON RING3, NOT STRONG)
8.fix some bugs on last version

Special thanks: fyyre/EP_X0FF/xanax/rinn
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.
User avatar
m5home
 
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am
Reputation point: 50

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2012-12-10)

Postby adslxyz » Sun Dec 30, 2012 10:31 am

so good tool~
adslxyz
 
Posts: 1
Joined: Sun Dec 30, 2012 10:11 am
Reputation point: 0

New Version Released!

Postby m5home » Tue Jan 01, 2013 1:34 am

WIN64AST 1.00 BETA6(with DIGITAL SIGNATURE)
What's new:
1.Add function "Disable callback function"
2.Enum/Unhook IDT
3.Scan/Unhook Process IAT/EAT HOOK
4.Enum/Restore Dispatch function(ClassPNP.sys/ATAPI.sys/NDIS.sys/TCPIP.sys)
5.View value of special register
6.Enum GDT
7.10 new commands for "Kernel Explorer"
8.New function "exclude specified PIDs" for "Behavior Monitor"
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.
User avatar
m5home
 
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am
Reputation point: 50

Re: ARK for Win7x64 - Win64AST

Postby m5home » Tue Jan 01, 2013 1:37 am

a_d_13 wrote:
m5home wrote:
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.

Could you edit my thread, delete this line:
If you want to use this tool, you need to disable PatchGuard, because I use kernel hook to realize some functions.

And change the title:
ARK for WINDOWS x64 - WIN64AST


Done.

Thanks,
--AD

Could you edit my thread, change the title:
Code: Select all
ARK for WINDOWS x64 - WIN64AST(Update: 2013-01-01)[Page4#37]

Thanks.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.
User avatar
m5home
 
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am
Reputation point: 50

Functions

Postby m5home » Tue Jan 01, 2013 4:12 pm

Manage Process(include Module/Thread/Handle/Window)
View Kernel Module
View/Disconnect Net Connection
Enum/Restore SSDT and SHADOW SSDT
Scan/Clear User mode and Kernel mode Inline hook
View/Delete Message Hook
View/Restore Driver Dispatch Function
View/Restore Kernel Object Routine Function
View/Delete Callback & Notify
Enum/Delete IO Timer
Enum/Delete DPC Timer
Enum MiniFilter/Disable MiniFilter callback function
Enum/Remove Filter Driver
Enum/Restore IDT
Enum GDT
Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
Scan/Clear User mode EAT/IAT Hook
View/Backup/Restore MBR
Process Behavior Monitor
Edit(Disasm/Modify) Kernel Memory
Force Unlock/Delete File
Force Delete/Rename/Create RegKey & RegValue
Check digital signature of file


More functions will be added in the future.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.
User avatar
m5home
 
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am
Reputation point: 50

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-01-01)[Page4

Postby KeWss » Wed Jan 02, 2013 5:06 am

I going to test it.
User avatar
KeWss
 
Posts: 2
Joined: Wed Jan 02, 2013 4:45 am
Reputation point: -1

New Version Released!

Postby m5home » Mon Jan 21, 2013 5:33 pm

WIN64AST 1.00(with DIGITAL SIGNATURE)

What is new:
1.Add tab "File Manager"
2.Add tab "Registry Editor"

Functions:
Manage Process(include Module/Thread/Handle/Window)
View Kernel Module
View/Disconnect Net Connection
Enum/Restore SSDT and SHADOW SSDT
Scan/Clear User mode and Kernel mode Inline hook
View/Delete Message Hook
View/Restore Driver Dispatch Function
View/Restore Kernel Object Routine Function
View/Delete Callback & Notify
Enum/Delete IO Timer
Enum/Delete DPC Timer
Enum MiniFilter/Disable MiniFilter callback function
Enum/Remove Filter Driver
Enum/Restore IDT
Enum GDT
Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
Scan/Clear User mode EAT/IAT Hook
View/Backup/Restore MBR
Process Behavior Monitor
Edit(Disasm/Modify) Kernel Memory
Low-level File operation
Low-level Registry operation
Check digital signature of file
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.
User avatar
m5home
 
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am
Reputation point: 50

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-01-22)[Page5

Postby xanax » Tue Jan 22, 2013 10:34 pm

many thanks for File Manager and Registry Editor with low level operation
xanax
 
Posts: 21
Joined: Thu May 13, 2010 11:09 pm
Reputation point: 0

PreviousNext

Return to Tools/Software

Who is online

Users browsing this forum: Google [Bot] and 6 guests