[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

Forum for announcements and questions about tools and software.
Locked
User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: [2013-09-08]ARK for Windows x64: WIN64AST(Page5#50)

Post by EP_X0FF » Thu Sep 12, 2013 5:07 am

Hello,

please use next time "Report" button, located right above post so we can response faster and rename your thread. Also all old request posts has been removed as they are off topic. Thread renamed.

Thanks.
Ring0 - the source of inspiration

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: [2013-09-08]ARK for Windows x64: WIN64AST(Page5#50)

Post by m5home » Sun Sep 15, 2013 2:18 am

EP_X0FF wrote:Hello,

please use next time "Report" button, located right above post so we can response faster and rename your thread. Also all old request posts has been removed as they are off topic. Thread renamed.

Thanks.
OK. Thanks.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Mon Sep 16, 2013 1:21 am

WIN64AST 1.03A(with DIGITAL SIGNATURE)

Download URL: http://pan.baidu.com/share/link?shareid ... 1915097229
(If you do not have ID on this forum, you can download WIN64AST via this URL)

Functions:
1.Manage Process(include Module/Thread/Memory/Handle/Window)
2.View Kernel Module
3.View/Disconnect Net Connection
4.Enum/Restore SSDT and SHADOW SSDT
5.Scan/Clear User mode and Kernel mode Inline hook
6.View/Delete Message Hook
7.View/Restore Driver Dispatch Function
8.View/Restore Kernel Object Routine Function
9.View/Delete Callback & Notify
10.Enum/Delete IO Timer
11.Enum/Delete DPC Timer
12.Enum MiniFilter/Disable MiniFilter callback function
13.Enum/Remove Filter Driver
14.View/Backup/Restore/Repair MBR
15.Process Behavior Monitor
16.Edit(Disasm/Modify) Kernel Memory
17.Low-level File operation
18.Low-level Registry operation
19.Forbid create Process/File/RegKey/RegValue and forbid load driver
20.Check digital signature of file
21.Enum/Restore IDT
22.Enum GDT
23.Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
24.Scan/Clear User mode EAT/IAT Hook

What is new:
1.Fix some bugs.
2.Window can be resize now.
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by xanax » Mon Sep 16, 2013 4:28 am

Thanks for fixing Registry tab
Thanks for resizeble window
and thanks for Disable Driver Signature Enforcement feature, already in use for loading driver of daily based used program with broken DS

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by m5home » Mon Sep 16, 2013 5:21 am

xanax wrote:Thanks for fixing Registry tab
Thanks for resizeble window
and thanks for Disable Driver Signature Enforcement feature, already in use for loading driver of daily based used program with broken DS
Hey, man, "Disable Driver Signature Enforcement without reboot" will trigger PG and lead to BSOD.
So, you can disable DSE when you want to load unsigned driver, and enable DSE after your driver loaded.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by xanax » Mon Sep 16, 2013 12:08 pm

yes and no, i'm to tired these days, probably i understand wrong some things
on physical machine with win 7 sp1 i successfully load driver 4-5 times, now i can't anymore
run virtual machine with same system, load same driver once at first try, but also a last time, no work anymore
install completly new win 7 in virtual enviroment, now can't load at all
maybe i was in debug-mode

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by m5home » Sun Oct 27, 2013 2:15 pm

xanax wrote:yes and no, i'm to tired these days, probably i understand wrong some things
on physical machine with win 7 sp1 i successfully load driver 4-5 times, now i can't anymore
run virtual machine with same system, load same driver once at first try, but also a last time, no work anymore
install completly new win 7 in virtual enviroment, now can't load at all
maybe i was in debug-mode
Try this tool: http://www.kernelmode.info/forum/viewto ... =11&t=3013
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by xanax » Sun Oct 27, 2013 9:47 pm

i was already in mind something like that, thanks for tool but i can't use it for particular driver which i need, because it's need to be started by service of program which use that driver.
it will be great if there can be put command line option just for Disable DSE and Enable DSE so we can made batch which will for example disable dse, start service which will load driver and then enable dse back again.
starting Win64AST everytime is little overkill, i mean too slowly, or sometimes start program and then i noticied that driver isn't loaded bacause i forget to start Win64AST and disable/enable dse and load driver through service.
sry for bad english.

xanax
Posts: 21
Joined: Thu May 13, 2010 11:09 pm

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by xanax » Wed Nov 06, 2013 5:19 am

i use FSPro Labs Hide Folders 2012 program to hide files and folders
Win64AST will see hidden files and folders but when i try to open hidden folder i get BSOD
also when i try copy hidden files to another location it say Operation finished! but nothing is copied

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: [2013-09-15]ARK for Windows x64: WIN64AST(Page6#53)

Post by m5home » Sun Nov 24, 2013 5:55 pm

xanax wrote:i use FSPro Labs Hide Folders 2012 program to hide files and folders
Win64AST will see hidden files and folders but when i try to open hidden folder i get BSOD
also when i try copy hidden files to another location it say Operation finished! but nothing is copied
FSPro Labs Hide Folders 2012 use minifilter to hide folder/file.

So you can:
1.Disable its minifilter precall and postcall.(Kernel -> MiniFilter -> (Mouse Right Click) -> Disable Operation -> PreCall and PostCall)[Maybe BSOD, Not a good way]
2.Remove any drivers attach to "\FileSystem\NTFS" and "\FileSystem\FAT32".(Kernel -> Filter Driver -> (Mouse Right Click) -> Remove Filter)[The best way]

Other things:
1."Disable DSE" will enhance in next version.
2.I known, starting Win64AST is very slow, but I cannot solve this, because it depend on .NET4! .NET initialization use a lot of time, I cannot control this.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

Locked