list process thrugh Kernel-Mode, CLI.

#18506 by r3shl4k1sh
Wed Mar 13, 2013 12:04 pm

Does anybody knows about a tool that can list the processes currently running on a system through the kernel (so that it can detect the usual DKOM attacks) and give me the results on the CLI ?

I want to use the tool in my script hence i need the CLI.

Thanks.

Username

r3shl4k1sh

Posts

119

Joined

Tue Feb 05, 2013 10:26 pm

Location

Israel

Contact

Re: list process thrugh Kernel-Mode, CLI.

#18508 by EP_X0FF
Wed Mar 13, 2013 1:15 pm

Procwalker, csrwalker

all x86

http://www.kernelmode.info/forum/viewto ... ?f=11&t=10

csrwalker will do this from user mode, but it will detect every process hider up to date

not work with w8 and maybe 7, i don't remember

also see xuetr, it has cli version

Ring0 - the source of inspiration