[redp]

Uploaded new version rc8.13
sha-256 hashes:
32bit: 94422314068B2ABDE2D05FAF3064DD977643D5D84B6EC76D4875986C76857311
64bit: 579FCA891C13DD69A746179276CC36EA8AC73766452A36667335675B2A896B42

Changelog:
* Add some support of windows 8 server
* Add -alldrv option to scan & check all (known to me) loaded drivers
* Fix NDIS_COMMON_OPEN_BLOCK structure for vista/w2008/w7/w8
* Add detect of ole32!IMallocSpy installed
* Some bugs was fixed

[redp]

Uploaded new version rc8.15
sha-256 hashes:
32bit: 5B7D03A55358B0F4FB0022E1854B8307CBDD22124D81E3ADD34CAD1FAE1AFD0C
64bit: ECE9AA53D3C226E019A9A9A803AB5557FB3D5822D2BBCFE1B3078747E07263B7

Changelog:
* add -timp option to show threads with some impersonation tokens
* Add NDIS OID handlers checking
* Add TcpOffloadHandlers checking
* Lots of meaningful fields of NDIS protocols/minidrivers/miniports was added to dump (vista/windows 7/windows 8 specific mostly)
* Add dumping of NDIS interrupts (you must use both -ndis & -idt options)
* Add dumping of WheapErrorSourceInitializer (vista only)
* Fixed win32k callout on windows8

[redp]

Uploaded new version rc8.16
sha-256 hashes:
32bit: CE8B2DC33E7E9174E08D7EC5DD70B9C90E12777BDF42D7B544790CC358D932F8
64bit: CE50DB2ADB1522D51C40BD22014A6B3C99B0AF2AFB74DC19609F8B3144EBE5E3

Changelog:
* add -rdata option for checking .rdata sections. These sections must be non-discardable and their names cannot begin with PAGE. Kernel-mode only
* add checking of kernelbase!KernelBaseGlobalData functions pointers (windows 7 only)
* add checking of SSPI dispatcher tables (called from SECPKG_FUNCTION_TABLE.CallPackage function)
* add checking of dxg!gaDxgFuncs table
* fixed function names in W32pServiceTable for windows 8 64bit

[redp]

Uploaded new version rc8.17
sha-256 hashes:
32bit: FE9540E6CAB3A4C5C6044B26E78DCD1EF1546D56E3357DD67577F09D0C6B9B10
64bit: B7A7019D75F80C29274AFE150341B4F3CEE37D6EC5DEF2D2BD1E9EFA525F8687

Changelog:
* Add initial support of windows 8 release preview. pdb for 32bit win32k.sys is still unavailable so all win32k related checks do not work. Also I am sure that this version is very far from full support of w8 release preview (although it is much better than rc8.16 which just crashes on w8 rp)
* Add -acpi option to check some ACPI tables
* Fixed Etw structures for wow64 apps

[redp]

Uploaded new version rc8.18
sha-256 hashes:
32bit: AA43C5FC26CD361492694331A3760241F901D84A427ECBB58D401910CDBE82A0
64bit: 17FFC84327095253C341622790474186BE0045EAE8159810317D248A45F02642

Changelog:
* more support of w8 release preview added. win32k.sys related checks now works
* add -alpc option to show clients of ALPC RPC ports (since vista)
* add checking of some rpcrt4.dll tables
* some other bugs (especially w8rp related) was fixed

[caaat]

Tried to use rc8.22 x64 on Windows 7 with all check flags ( :roll: ) and have troubles:
load_driver(RPHook) returned C0000428
Error loading kernel driver: RPHook - 0x00000241
Also Windows said something about unsigned driver

I'm newbie, so sorry if it's dumb issue

[redp]

Tried to use rc8.22 x64 on Windows 7

disable driver signature enforcement in boot menu

[redp]

wincheck rc8.23 now supports windows 8 rtm build 9200
download

[frank_boldewin]

can you plz put this on a uploaded.to mirror?

[redp]

can you plz put this on a uploaded.to mirror?

yes