Page 1 of 1

A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Mon Dec 31, 2018 7:14 am
by AxtMueller
Project URL on GitHub: https://github.com/AxtMueller/Windows-Kernel-Explorer
Introduction
Windows Kernel Explorer (you can simply call it as "WKE") is a free but powerful Windows kernel research tool. It supports from Windows XP to Windows 10, 32-bit and 64-bit. Compare to popular tools (such as WIN64AST and PCHunter), WKE is a highly customizable tool and it can run on the latest Windows 10 without updating binary files.

How WKE works on the latest Windows 10
WKE will automatically download required symbol files if no native support for current system, 90% of the features will work after this step. For some needed data that doesn't exist in symbol files, WKE will try to get them from the DAT file (so, when new Windows 10 releases, I will upload the newest DAT file to GitHub). If there is no internet access for WKE, 50% of the features will still work.

How to customize WKE
You can customize WKE by editing the configuration file. Currently, you can set the device name and symbolic link name of driver, and altitude of filter. You can also enable kernel-mode and user-mode characteristics randomization to avoid being detected by malware. If you rename the EXE file of WKE, then you need to rename SYS/DAT/INI files together with the same name.

About digital signature
Due to I don't have a digital certificate, so I have to use a leaked digital certificate from HT SRL to sign driver of WKE. I use "DSEFIX" as an alternative solution to load driver, if WKE unable to load driver, you can try to launch WKE with "WKE_dsefix.bat".

Core Features
1. Process management (Module, Thread, Handle, Memory, Window, Windows Hook, etc.)
2. File management
3. Registry management
4. Kernel-mode callback, filter, timer, NDIS blocks and WFP stuffs management
5. Kernel-mode hook scanning (MSR, EAT, IAT, CODE PATCH, SSDT, SSSDT, IDT, IRP, OBJECT)
6. User-mode hook scanning (Kernel Callback Table, EAT, IAT, CODE PATCH)
7. Memory editor and symbol parser (it looks like a simplified version of WINDBG)
8. Protect process, hide/protect/redirect file or directory, protect registry and falsify registry data
9. Path modification for driver, process and process module
10. Enable/disable some obnoxious Windows components

Screenshots
Windows XP 32-bit:
Image

Windows XP 64-bit:
Image

Windows 10 32-bit:
Image

Windows 10 64-bit:
Image

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Mon Jan 28, 2019 1:47 am
by AxtMueller
I released a new version of it today. Download latest version in "binaries" directory.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Sun Mar 24, 2019 11:41 pm
by AxtMueller
The software was updated on 2019-03-25. Everyone can download the latest version in the "binary" directory.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Tue Mar 26, 2019 12:23 am
by AxtMueller
The software was updated on 2019-03-26. Everyone can download the latest version in the "binary" directory.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Wed Mar 27, 2019 5:16 pm
by sauza
Hi,

thanks for this tool. May I ask why you don't use the release feature of GitHub?

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Fri Mar 29, 2019 7:47 am
by AxtMueller
The software was updated on 2019-03-29. Everyone can download the latest version in the "binary" directory.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Thu Apr 18, 2019 4:44 am
by jswami123
Thanks for this research tool.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Sun Jun 02, 2019 12:25 pm
by AxtMueller
The software's data file has been updated on 2019-06-01. It supports Windows 10 19H1.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Sun Nov 03, 2019 11:46 pm
by AxtMueller
The software was updated on 2019-11-04. Everyone can download the latest version in the "binary" directory.

Re: A free but powerful Windows kernel research tool: Windows Kernel Explorer

PostPosted:Sun Nov 10, 2019 12:12 am
by AxtMueller
The software was updated on 2019-11-10. Everyone can download the latest version in the "binaries" directory.