KernelMode.info

Hello,

please use next time "Report" button, located right above post so we can response faster and rename your thread. Also all old request posts has been removed as they are off topic. Thread renamed.

Thanks.

EP_X0FF wrote:Hello,

please use next time "Report" button, located right above post so we can response faster and rename your thread. Also all old request posts has been removed as they are off topic. Thread renamed.

Thanks.

OK. Thanks.

WIN64AST 1.03A(with DIGITAL SIGNATURE)

Download URL: http://pan.baidu.com/share/link?shareid ... 1915097229
(If you do not have ID on this forum, you can download WIN64AST via this URL)

Functions:
1.Manage Process(include Module/Thread/Memory/Handle/Window)
2.View Kernel Module
3.View/Disconnect Net Connection
4.Enum/Restore SSDT and SHADOW SSDT
5.Scan/Clear User mode and Kernel mode Inline hook
6.View/Delete Message Hook
7.View/Restore Driver Dispatch Function
8.View/Restore Kernel Object Routine Function
9.View/Delete Callback & Notify
10.Enum/Delete IO Timer
11.Enum/Delete DPC Timer
12.Enum MiniFilter/Disable MiniFilter callback function
13.Enum/Remove Filter Driver
14.View/Backup/Restore/Repair MBR
15.Process Behavior Monitor
16.Edit(Disasm/Modify) Kernel Memory
17.Low-level File operation
18.Low-level Registry operation
19.Forbid create Process/File/RegKey/RegValue and forbid load driver
20.Check digital signature of file
21.Enum/Restore IDT
22.Enum GDT
23.Show value of special register(CR0/CR2/CR3/CR4/DR0/DR1/DR2/DR3/DR6/DR7)
24.Scan/Clear User mode EAT/IAT Hook

What is new:
1.Fix some bugs.
2.Window can be resize now.

Thanks for fixing Registry tab
Thanks for resizeble window
and thanks for Disable Driver Signature Enforcement feature, already in use for loading driver of daily based used program with broken DS

xanax wrote:Thanks for fixing Registry tab
Thanks for resizeble window
and thanks for Disable Driver Signature Enforcement feature, already in use for loading driver of daily based used program with broken DS

Hey, man, "Disable Driver Signature Enforcement without reboot" will trigger PG and lead to BSOD.
So, you can disable DSE when you want to load unsigned driver, and enable DSE after your driver loaded.

yes and no, i'm to tired these days, probably i understand wrong some things
on physical machine with win 7 sp1 i successfully load driver 4-5 times, now i can't anymore
run virtual machine with same system, load same driver once at first try, but also a last time, no work anymore
install completly new win 7 in virtual enviroment, now can't load at all
maybe i was in debug-mode

xanax wrote:yes and no, i'm to tired these days, probably i understand wrong some things
on physical machine with win 7 sp1 i successfully load driver 4-5 times, now i can't anymore
run virtual machine with same system, load same driver once at first try, but also a last time, no work anymore
install completly new win 7 in virtual enviroment, now can't load at all
maybe i was in debug-mode

Try this tool: http://www.kernelmode.info/forum/viewto ... =11&t=3013

i was already in mind something like that, thanks for tool but i can't use it for particular driver which i need, because it's need to be started by service of program which use that driver.
it will be great if there can be put command line option just for Disable DSE and Enable DSE so we can made batch which will for example disable dse, start service which will load driver and then enable dse back again.
starting Win64AST everytime is little overkill, i mean too slowly, or sometimes start program and then i noticied that driver isn't loaded bacause i forget to start Win64AST and disable/enable dse and load driver through service.
sry for bad english.

i use FSPro Labs Hide Folders 2012 program to hide files and folders
Win64AST will see hidden files and folders but when i try to open hidden folder i get BSOD
also when i try copy hidden files to another location it say Operation finished! but nothing is copied

xanax wrote:i use FSPro Labs Hide Folders 2012 program to hide files and folders
Win64AST will see hidden files and folders but when i try to open hidden folder i get BSOD
also when i try copy hidden files to another location it say Operation finished! but nothing is copied

FSPro Labs Hide Folders 2012 use minifilter to hide folder/file.

So you can:
1.Disable its minifilter precall and postcall.(Kernel -> MiniFilter -> (Mouse Right Click) -> Disable Operation -> PreCall and PostCall)[Maybe BSOD, Not a good way]
2.Remove any drivers attach to "\FileSystem\NTFS" and "\FileSystem\FAT32".(Kernel -> Filter Driver -> (Mouse Right Click) -> Remove Filter)[The best way]

Other things:
1."Disable DSE" will enhance in next version.
2.I known, starting Win64AST is very slow, but I cannot solve this, because it depend on .NET4! .NET initialization use a lot of time, I cannot control this.