[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

Forum for announcements and questions about tools and software.
Volks
Posts: 1
Joined: Fri Oct 10, 2014 8:09 pm

Re: [2014-06-15]ARK for Windows x64: WIN64AST(Page7#69)

Post by Volks » Fri Oct 10, 2014 8:24 pm

I just joined the forum just for this. nice tool and nice forum. you will be seeing me around more often :)

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Fri Jan 02, 2015 4:55 am

WIN64AST 1.10 BETA2

Download URL: http://pan.baidu.com/s/1o6MDJmE
(If you do not have ID on this forum, you can download WIN64AST via this URL)

What is new:
1.Enhanced scan user-mode hook
2.Enhanced scan kernel-mode inline hook
3.Scan kernel-mode EAT/IAT hook
4.Scan DLLs without digital signature in all processes
5.Enhanced low-level disk access
6.Show more IRP dispatch functions information
7.Show more object types information
8.Enhanced DLL/SYS loader (it call load driver without digital signature, call DLL exported function / driver IO control code)
9.Disable PATCHGUARD after reboot
10.Enhanced firewall (more filter condition)
11.Enhanced behavior monitor
12.Other small improvement
*Some funny functions: Hide PROCESS/DRIVER/FILE/REGISTRY, change PROCESS/DLL/DRIVER path.
**Funny functions are only for VIP users.
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
kmd
Posts: 270
Joined: Mon Mar 15, 2010 4:09 am
Location: Russian Federation

Re: [2015-01-01]ARK for Windows x64: WIN64AST(Page8#72)

Post by kmd » Fri Jan 02, 2015 5:16 pm

great tool thanks! i know maybe its too early but does it support win10?

safechan
Posts: 1
Joined: Sat Jan 03, 2015 2:30 am

Re: [2015-01-01]ARK for Windows x64: WIN64AST(Page8#72)

Post by safechan » Sat Jan 03, 2015 2:33 am

Nice tool,thanks~

Unc3nZureD
Posts: 1
Joined: Wed Dec 31, 2014 11:53 pm

Re: [2015-01-01]ARK for Windows x64: WIN64AST(Page8#72)

Post by Unc3nZureD » Tue Jan 06, 2015 11:46 pm

I already tried it on Win10, but sadly it isn't supporting it. For some reason these tools are reporting "Failed to load driver" on Win10. I already tried several rootkit detect0rs, but I couldn't find a decent on working on Win10 :(

Probably they changed something.

Anyways, I wrote an email to the author, and (s?)he replied that support will probably be added at RTM, but not before. I hope it'll be done soon :) I'd like to try Win10, but because of the current project I'm working on I have to use at least one such tool which is able to detect Hooks.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Mon Mar 30, 2015 4:07 pm

WIN64AST 1.10 BETA3

Download URL: http://pan.baidu.com/s/1pJ3H6Q3
(If you do not have ID on this forum, you can download WIN64AST via this URL)

What is new:
1.Enum/Delete file association
2.Enum/Restore kernel callback table
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Sat Jul 04, 2015 4:07 pm

WIN64AST 1.10 BETA4

Download URL: http://pan.baidu.com/s/1sj81TOL
(If you do not have ID on this forum, you can download WIN64AST via this URL)

What is new:
1.BUGFIX: Cannot get the thread start address on WIN7
2.BUGFIX: Cannot turn on LKD on WIN7
3.BUGFIX: Cannot enumerate all SHUTDOWN callbacks
4.BUGFIX: Cannot search data in process memory
5.ADD: Inject DLL and SHELLCODE to 32-bit process
6.ADD: Scan MSR[0xC0000082] and MSR[0xC0000083]
7.ADD: Certificate blocker
8.ADD: PE file viewer
9.ADD: New commands(RDMSR and WRMSR) for "KERNEL EXPLORER"
10.ADD: Display IRP original address of important drivers
11.ADD: NTFS parse
12.ADD: HIVE parse(WIN7 ONLY)
13.[VIP]ADD: File protection
14.[VIP]ADD: Registry protection
15.[VIP]ADD: Kernel mode DLL injector
16.[VIP]ADD: Global time speed controller
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

New Version Released!

Post by m5home » Mon Aug 03, 2015 3:15 pm

WIN64AST 1.10 BETA5

Download URLs:
http://pan.baidu.com/s/1jGitM9S
http://pan.baidu.com/s/1sj40kxv (WITH .NET4 FRAMEWORK)
(If you do not have ID on this forum, you can download WIN64AST via these URLs)

What is new:
1.Support WIN10
2.Fix some small bugs
You do not have the required permissions to view the files attached to this post.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

User avatar
frank_boldewin
Posts: 116
Joined: Thu Apr 22, 2010 8:59 am
Location: germany
Contact:

Re: [2015-08-04]ARK for Windows x64: WIN64AST(Page8#78)

Post by frank_boldewin » Fri Aug 07, 2015 10:14 am

i like your tool, though some features are hardly missing.

complete process + driver dump inkl. pe-fixing
memory map (VAD) view for processes including page protections as well as dumping individual pages.

User avatar
m5home
Posts: 82
Joined: Wed Jun 06, 2012 1:21 am

Re: [2015-08-04]ARK for Windows x64: WIN64AST(Page8#78)

Post by m5home » Fri Aug 07, 2015 10:20 pm

frank_boldewin wrote:i like your tool, though some features are hardly missing.

1. complete process + driver dump inkl. pe-fixing
2. memory map (VAD) view for processes including page protections as well as dumping individual pages.
1.You can find memory dump function in "PROCESS -> ADVANCED OPERATIONS -> MEMORY OPERATION", I will add "complete process memory dump" and "kernel memory dump" on next version. If you want to edit kernel memory, you can use "KERNEL EXPLORER" (get more information in HELP file). If you want to edit process memory, the function is also in "PROCESS -> ADVANCED OPERATIONS -> MEMORY OPERATION". If you want to edit PE file on disk, you can use LordPE or WINHEX.

2.You should use RAMMAP or VMMAP.
The woman of my avatar: MiYue, the first empress dowager of China. In the TV series "The Legend of MiYue", my favourite movie star SunLi plays MiYue.

Locked