[Brookit]

PowerTool is a free anti-virus&rootkit utility. It offers you the ability to detect, analyze and fix various kernel structure modifications and gives you a wide scope of the kernel.

Looks similiar to XueTr in its features.

http://code.google.com/p/powertool-google/

[GamingMasteR]

BSOD after running ...

[EP_X0FF]

Yet another BSOD generator.

Probably caused by : kEvP.sys ( kEvP+7d2f )

STACK_TEXT:
b2497e10 8054ba71 00000000 db104000 00000000 nt!MiAllocatePoolPages+0x23e
b2497e78 8053700d 00000000 00001000 656e6f4e nt!ExAllocatePoolWithTag+0x109
b2497e8c b1fc1d2f 00000000 00001000 03b4627b nt!ExAllocatePool+0x15
WARNING: Stack unwind information not available. Following frames may be wrong.
b2498110 b1fc4a3a e1052478 00000002 e1052484 kEvP+0x7d2f
b249837c b1fc5e41 00000000 81ad5ed0 03b4691f kEvP+0xaa3a
b2498a74 b1fc6b39 e264a000 00000000 81b28000 kEvP+0xbe41
b2498acc b1fd7c9a 81b4a758 82329ce0 0000a280 kEvP+0xcb39
b2498c40 804ef18f 81b4a758 82329ce0 806e6410 kEvP+0x1dc9a
b2498c50 8057f982 82329d50 822ed590 82329ce0 nt!IopfCallDriver+0x31
b2498c64 805807f7 81b4a758 82329ce0 822ed590 nt!IopSynchronousServiceTail+0x70
b2498d00 80579274 000000d4 00000000 00000000 nt!IopXxxControlFile+0x5c5
b2498d34 8054161c 000000d4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
b2498d34 7c90e4f4 000000d4 00000000 00000000 nt!KiFastCallEntry+0xfc
001294f4 00000000 00000000 00000000 00000000 0x7c90e4f4

Additionally it's user mode part buggy like hell.



there are a lot of more obvious bugs (all leads to program crash) but this tool is too boring for posting them here.

[liangtong]

Its descriptions are fully copied from XueTr's readme.txt and also feature with far less depth :lol: .

[R00tKit]

new version
PowerTool V4.2 release(Xmas Edition)

1. Detect VBR Bootkit(such as Rootkit.Win32.Cidox)
2. Detecting/Memory Forging Attempt by a Rootkit(such as TDL4 variants)

http://code.google.com/p/powertool-goog ... 4.2_en.zip

[EP_X0FF]

Incorrectly identifies VBR modification. Aside from this I didn't checked anything else.

+

crashes on checking with invalid selected disk.

[Johnny5]

EP_X0FF,
Can you PM me and explain how to properly identify VBR modifications? Would like to learn how this is done.

[EP_X0FF]

EP_X0FF,
Can you PM me and explain how to properly identify VBR modifications? Would like to learn how this is done.

Just saw your post. In your case program detects normal VBR as modified.

[Vrtule]

Hello,

I see that a few days ago, a new version of PowerTool has been released - a version that will run on 64bit Windows. Do you plan to translate it to English soon?

[m5home]

Hello,

I see that a few days ago, a new version of PowerTool has been released - a version that will run on 64bit Windows. Do you plan to translate it to English soon?

Hi, my ARK can run on 64-bit WINDOWS too. And its language is ENGLISH.
http://www.kernelmode.info/forum/viewto ... =11&t=1691