A forum for reverse engineering, OS internals and malware analysis 

[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

Forum for announcements and questions about tools and software.
 Topic locked

[2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)

 #13745  by m5home
 Wed Jun 06, 2012 1:29 am
Win64AST is an ARK tool for WIN7X64/WIN8X64/WIN2008R2/WIN2012.
To use this tool, you need to setup .NET Framework 4.0 if your system is WIN7. Because the GUI of this tool is written by VB2010.

Functions:
Process Manager
Kernel Module Viewer
SSDT/SSSDT Viewer
Port Viewer
Force delete file
Forbid create Process/Thread/File/Key/ValueKey
More and more functions will be added in the future.

Publish page: http://www.m5home.com/bbs/thread-5154-1-1.html

Special thanks to: fyyre[DISABLE_PG_DS_V3]
11.jpg
11.jpg (239.36 KiB) Viewed 3074 times
Attachments
(348.27 KiB) Downloaded 471 times

Re: ARK for Win7x64 - Win64AST

 #13828  by EP_X0FF
 Sat Jun 09, 2012 3:54 am
Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.

Re: ARK for Win7x64 - Win64AST

 #13832  by m5home
 Sat Jun 09, 2012 9:39 am
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
Disable PG is not necessary.

If you do not use "Forbid Create XXX" options, you needn't disable PG.

Re: ARK for Win7x64 - Win64AST

 #15662  by m5home
 Tue Sep 18, 2012 2:43 pm
frank_boldewin wrote:
m5home wrote:NEW VERSION RELEASED[2012-09-16].
URL: http://pan.baidu.com/share/link?shareid ... 1915097229
please attach your files here in the thread.
OK.
Attachments
(969.93 KiB) Downloaded 122 times

Re: ARK for Win7x64 - Win64AST

 #15717  by m5home
 Sun Sep 23, 2012 1:47 pm
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
In the new version of WIN64AST(1.00 BETA2), I use standard method to realize all functions, no use kernel hook.
So, "Disable PG" is not a requirement of use this tool.
But, you need to enable test signing mode, and sign the driver use "test signature"(Tool is in the attachment).

Re: ARK for Win7x64 - Win64AST

 #15718  by m5home
 Sun Sep 23, 2012 1:48 pm
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
Could you edit my thread, delete this line:
If you want to use this tool, you need to disable PatchGuard, because I use kernel hook to realize some functions.
And change the title:
ARK for WINDOWS x64 - WIN64AST

Re: ARK for Win7x64 - Win64AST

 #15719  by a_d_13
 Sun Sep 23, 2012 3:55 pm
m5home wrote:
EP_X0FF wrote:Shutdown of PG as requirement -> compromising OS security -> seriously minimizes usefulness of this tool.
Could you edit my thread, delete this line:
If you want to use this tool, you need to disable PatchGuard, because I use kernel hook to realize some functions.
And change the title:
ARK for WINDOWS x64 - WIN64AST
Done.

Thanks,
--AD
 Topic locked
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
 Return to “Tools/Software”