A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
 #16906  by p4r4n0id
 Thu Nov 29, 2012 9:11 pm
Hi Guys,

Does someone have a copy of the following rootkits ( rootkit.com is down):

- NT ROOTKIT 0.44 by Greg Hoglund - (rootkit.com)
- FU Rootkit by James Butler - (rootkit.com)
- FUTo by Peter Silberman - (rootkit.com)
- phide by 90210 - (rootkit.com)
- phide2 by 90210 - (rootkit.com)
- BadRKDemo by cardmagic - (rootkit.com)
- RKdemo1.1 by MP_ART & EP_X0FF - (rootkit.com)

Thx,

p4r4n0id
 #16910  by EP_X0FF
 Fri Nov 30, 2012 12:01 am
Most of them attached in this thread. Have you looked carefully?
 #16925  by p4r4n0id
 Fri Nov 30, 2012 7:54 am
EP_X0FF wrote:Most of them attached in this thread. Have you looked carefully?
My bad ,pasted the wrong list :)

need only AK922 sample, was able to find only his bins, source code released? looking for snips of kernel inline hooking..

Thx again,

p4r4n0id
 #16929  by EP_X0FF
 Fri Nov 30, 2012 1:20 pm
p4r4n0id wrote:need only AK922 sample, was able to find only his bins, source code released? looking for snips of kernel inline hooking..
AK922 is really not a best example of anything including inline hooking. Frankly speaking it is piece of crap.

Instead see this http://www.kernelmode.info/forum/viewto ... nter#p2849
 #16934  by p4r4n0id
 Fri Nov 30, 2012 5:25 pm
EP_X0FF wrote:
p4r4n0id wrote:need only AK922 sample, was able to find only his bins, source code released? looking for snips of kernel inline hooking..
AK922 is really not a best example of anything including inline hooking. Frankly speaking it is piece of crap.

Instead see this http://www.kernelmode.info/forum/viewto ... nter#p2849
Perfect! will check it out

Thx alot bro!

p4r4n0id
 #16936  by EP_X0FF
 Sat Dec 01, 2012 4:12 am
Additionally if you interested, here is splice library. x86-x64 compat, UM+KM
Attachments
(19.21 KiB) Downloaded 87 times