[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

Forum for announcements and questions about tools and software.
Locked
User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Thu Feb 21, 2013 10:39 am

WIN64AST 1.01(with DIGITAL SIGNATURE)

Download URL: http://pan.baidu.com/share/link?shareid ... 1915097229
(If you do not have ID on this forum, you can download WIN64AST via this URL)

Functions:
1.Manage Process(include Module/Thread/Memory/Handle/Window)
2.View Kernel Module
3.View/Disconnect Net Connection
4.Enum/Restore SSDT and SHADOW SSDT
5.Scan/Clear User mode and Kernel mode Inline hook
6.View/Delete Message Hook
7.View/Restore Driver Dispatch Function
8.View/Restore Kernel Object Routine Function
9.View/Delete Callback & Notify
10.Enum/Delete IO Timer
11.Enum/Delete DPC Timer
12.Enum MiniFilter/Disable MiniFilter callback function
13.Enum/Remove Filter Driver
14.View/Backup/Restore/Repair MBR
15.Process Behavior Monitor
16.Edit(Disasm/Modify) Kernel Memory
17.Low-level File operation
18.Low-level Registry operation
19.Forbid create Process/File/RegKey/RegValue and forbid load driver
20.Check digital signature of file
21.Enum/Restore IDT
22.Enum GDT
23.Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
24.Scan/Clear User mode EAT/IAT Hook
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-02-21)[Page5

Post by xanax » Sat Jun 22, 2013 12:32 am

in Win64AST 1.01 can't listed all keys under HKEY_LOCAL_MACHINE\SOFTWARE\Classes or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID for example

Image

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-02-21)[Page5

Post by m5home » Fri Aug 02, 2013 2:39 am

xanax wrote:in Win64AST 1.01 can't listed all keys under HKEY_LOCAL_MACHINE\SOFTWARE\Classes or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID for example

Image
Thank you, I will fix this bug on next version.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Wed Aug 07, 2013 5:32 am

WIN64AST 1.02(with DIGITAL SIGNATURE)

Download URL: http://pan.baidu.com/share/link?shareid ... 1915097229
(If you do not have ID on this forum, you can download WIN64AST via this URL)

Functions:
1.Manage Process(include Module/Thread/Memory/Handle/Window)
2.View Kernel Module
3.View/Disconnect Net Connection
4.Enum/Restore SSDT and SHADOW SSDT
5.Scan/Clear User mode and Kernel mode Inline hook
6.View/Delete Message Hook
7.View/Restore Driver Dispatch Function
8.View/Restore Kernel Object Routine Function
9.View/Delete Callback & Notify
10.Enum/Delete IO Timer
11.Enum/Delete DPC Timer
12.Enum MiniFilter/Disable MiniFilter callback function
13.Enum/Remove Filter Driver
14.View/Backup/Restore/Repair MBR
15.Process Behavior Monitor
16.Edit(Disasm/Modify) Kernel Memory
17.Low-level File operation
18.Low-level Registry operation
19.Forbid create Process/File/RegKey/RegValue and forbid load driver
20.Check digital signature of file
21.Enum/Restore IDT
22.Enum GDT
23.Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
24.Scan/Clear User mode EAT/IAT Hook

What is new:
1.More process information (startup time, command line arguments).
2.Inject dll to system process (except CSRSS.EXE and SMSS.EXE).
3.Distinguish worker thread (maybe not correct).
4.Disable COPY-ON-WRITE if you want.
5.More "Kernel Explorer" command.
6.More "File Manager" functions.
You do not have the required permissions to view the files attached to this post.
Last edited by m5home on Wed Aug 07, 2013 8:41 am, edited 1 time in total.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-02-21)[Page5

Post by m5home » Wed Aug 07, 2013 5:33 am

xanax wrote:in Win64AST 1.01 can't listed all keys under HKEY_LOCAL_MACHINE\SOFTWARE\Classes or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID for example

Image
Hey, I fixed this problem on 1.02 version.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-02-21)[Page5

Post by xanax » Thu Aug 08, 2013 12:24 pm

m5home wrote:
xanax wrote:in Win64AST 1.01 can't listed all keys under HKEY_LOCAL_MACHINE\SOFTWARE\Classes or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID for example
Hey, I fixed this problem on 1.02 version.
now i can go somewhere around HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetworkConnections
and go somewhere around HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{777BA87C-2498-4875-933A-3067DE883070}, but not all the way

Windows 7 SP1 Ultimate x64 English; AMD Athlon II X4 630; 8GB (2x4GB) DDR3 1600MHz

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: ARK for WINDOWS x64 - WIN64AST(Update: 2013-02-21)[Page5

Post by m5home » Thu Aug 08, 2013 2:09 pm

xanax wrote:
m5home wrote:
xanax wrote:in Win64AST 1.01 can't listed all keys under HKEY_LOCAL_MACHINE\SOFTWARE\Classes or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID for example
Hey, I fixed this problem on 1.02 version.
now i can go somewhere around HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetworkConnections
and go somewhere around HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{777BA87C-2498-4875-933A-3067DE883070}, but not all the way

Windows 7 SP1 Ultimate x64 English; AMD Athlon II X4 630; 8GB (2x4GB) DDR3 1600MHz
Do you means that WIN64AST still can not enumerate all items?
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: [2013-08-07]ARK for Windows x64: WIN64AST(Page5#49)

Post by xanax » Fri Aug 09, 2013 2:25 am

yes, and i have several different situation

Windows 7 SP1 Ultimate (Physical Machine)
Image

Windows 7 SP1 Ultimate (Virtual Machine)
Image

Windows 8 Enterprise (Virtual Machine)
Image

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: [2013-08-07]ARK for Windows x64: WIN64AST(Page5#49)

Post by m5home » Sat Aug 10, 2013 10:00 am

xanax wrote:yes, and i have several different situation

Windows 7 SP1 Ultimate (Physical Machine)
Image

Windows 7 SP1 Ultimate (Virtual Machine)
Image

Windows 8 Enterprise (Virtual Machine)
Image
OK, I know. Thanks.
I will fix this bug on next version. :lol:
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Sun Sep 08, 2013 4:44 pm

WIN64AST 1.03(with DIGITAL SIGNATURE)

Download URL: http://pan.baidu.com/share/link?shareid ... 1915097229
(If you do not have ID on this forum, you can download WIN64AST via this URL)

Functions:
1.Manage Process(include Module/Thread/Memory/Handle/Window)
2.View Kernel Module
3.View/Disconnect Net Connection
4.Enum/Restore SSDT and SHADOW SSDT
5.Scan/Clear User mode and Kernel mode Inline hook
6.View/Delete Message Hook
7.View/Restore Driver Dispatch Function
8.View/Restore Kernel Object Routine Function
9.View/Delete Callback & Notify
10.Enum/Delete IO Timer
11.Enum/Delete DPC Timer
12.Enum MiniFilter/Disable MiniFilter callback function
13.Enum/Remove Filter Driver
14.View/Backup/Restore/Repair MBR
15.Process Behavior Monitor
16.Edit(Disasm/Modify) Kernel Memory
17.Low-level File operation
18.Low-level Registry operation
19.Forbid create Process/File/RegKey/RegValue and forbid load driver
20.Check digital signature of file
21.Enum/Restore IDT
22.Enum GDT
23.Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
24.Scan/Clear User mode EAT/IAT Hook

What is new:
1.Support WIN8.1
2.Disable Driver Signature Enforcement without reboot
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

Locked