hu3167343 wrote:We hope so :)delphifocus wrote:Not yet, but maybe open source in the future.hu3167343 wrote:AntiSpy 1.2 releasedIt didn't open source?
Change Log:
Add:
1.Show process list as a process tree.
2.Kill process tree.
Modify:
1.Fixed several bugs.
Download: http://antispy.googlecode.com/files/AntiSpy1.2.zip
attachment:
A forum for reverse engineering, OS internals and malware analysis
Thanks for your work.
I will download it asap and test it.
By the way what makes it different from the rest of the existing tools?
Any new concept or implementing idea?
I will download it asap and test it.
By the way what makes it different from the rest of the existing tools?
Any new concept or implementing idea?
EP_X0FF wrote:Hello,Dear EP_X0FF, Can you help me to test the driver tab about new version of AntiSpy in your win7 system ?
your tool added to List of Anti-Rootkits.
On Windows 7 driver tab is empty. Didn't checked other Windows.
Regards.
In my computer and virtual machine, It can not reappear.
Thanks a million.
Attach new version and I will do the test.
Ring0 - the source of inspiration
EP_X0FF wrote:Attach new version and I will do the test.Attachment is the test version.
Attachments
(1.24 MiB) Downloaded 35 times
Almost every tab is empty now. Put some debug output to see what's wrong.
Ring0 - the source of inspiration
EP_X0FF wrote:Almost every tab is empty now. Put some debug output to see what's wrong.Is the driver loaded?
hu3167343 wrote:YesEP_X0FF wrote:Almost every tab is empty now. Put some debug output to see what's wrong.Is the driver loaded?
Code: Select all
Perhaps exe failed to open it - there is no handle for this device inside antispy.lkd> !object \Driver\AntiSpy
Object: 84ab54d0 Type: (83a29de8) Driver
ObjectHeader: 84ab54b8 (new version)
HandleCount: 0 PointerCount: 3
Directory Object: 8744b828 Name: AntiSpy
lkd> dt nt!_DRIVER_OBJECT 84ab54d0
+0x000 Type : 0n4
+0x002 Size : 0n168
+0x004 DeviceObject : 0x84c099f0 _DEVICE_OBJECT
+0x008 Flags : 0x12
+0x00c DriverStart : 0x95e3f000 Void
+0x010 DriverSize : 0x3c000
+0x014 DriverSection : 0x85065f88 Void
+0x018 DriverExtension : 0x84ab5578 _DRIVER_EXTENSION
+0x01c DriverName : _UNICODE_STRING "\Driver\AntiSpy"
+0x024 HardwareDatabase : 0x82974250 _UNICODE_STRING "\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM"
+0x028 FastIoDispatch : (null)
+0x02c DriverInit : 0x95e7703e long *** ERROR: Module load completed but symbols could not be loaded for \??\C:\antispy\AntiSpy.sys
AntiSpy+3803e
+0x030 DriverStartIo : (null)
+0x034 DriverUnload : 0x95e40088 void +0
+0x038 MajorFunction : [28] 0x95e40006 long +0Ring0 - the source of inspiration
In this version, if AntiSpy Create the driver device failed, it will show a messagebox, like "CreateFile AntiSpy Error".
No message, tabs empty, no handle to device. Put some dbgprints/ods so we can trace loading process.
Ring0 - the source of inspiration