XueTr is a free anti-virus&rootkit utility.It offers you the ability to detect, analyze and fix various kernel structure modifications and gives you a wide scope of the kernel.With its help,you can easily spot and remove malwares hidden from normal software.
XueTr currently supports the following Windows 32-bit versions:
Windows 2000 SP4
Windows XP (no SP,SP1, SP2, SP3)
Windows Server 2003 (no SP,SP1,SP2,R2)
Windows Vista (no SP,SP1,SP2)
Windows Server 2008 (no SP,SP1)
Windows 7
Currently,the following features are available:
*Process Manager
View system process and thread basic information.
Detect hidden processes,threads,process modules.
Terminate, suspend and resume processes and threads.
View and manipulate process handles,windows and memory regions.
*Kernel Module Viewer
Display kernel module information including ImageBase,Size,Driver Object,ImagePath,ServiceName and Load Order.
Detect hidden kernel modules.
Unload kernel module(dangerous,never try it on Windows 7).
Dump kernel image memory.
Display and delete system driver service information.
*Hook Detector
View and restore SSDT,Shadow SSDT,sysenter and int2e hooks.
View and restore FSD and keyboard disptach hooks.
View and restore kernel code hooks including kernel inline hooks,patches,IAT and EAT hooks.
View and restore usermode process hooks incluing inline hooks,patches,IAT and EAT hooks.
View and restore message hooks(both global and local).
View and restore kernel ObjectType hooks.
Display Interrupt Descriptor Table(IDT).
*System Callback Viewer
Display and remove Kernel Notifications(Process/Thread/Image/Registry/Lego/Shutdown/Bugcheck/FileSystem/Logon).
*Network Viewer
Display current network connections, including the local and remote addresses and state of TCP connections.
View and delete IE plugins and context menu.
View and restore tcpip dispatch hooks.
Display winsock providers(SPI).
View and edit hosts file.
*Filter Viewer
View and remove filters for common devices including disk,volume,keyboard and network devices.
*Registry Viewer
View and edit system registry.
Detect hidden registry entries using live registry hive analysis.
*File Explorer
Detect hidden files using both disk analysis and driver methods.
View and delete locked files and folders.
View file basic information including NTFS Alternate Data Streams.
*Autorun Manager
Display and delete common autorun entries.
*Service Manager
Display Win32 service information (for Ring0 modules,it is included in Kernel Module Viewer).
Change service status and configuration.
*DPC Timer
Enumerate and delete DPC Timer objects.
*Miscellaneous
View and repair common filetype assosications.
View and repair image hijacks.
*Settings
Option to defense from process creation,thread creation,module load and message hook installation.
Option to defense from file creation,registry key creation.
Option to prevent system suspend,log-off,shutdown and reboot.
Option to prevent locking workstation and switching destop.
option to prevent setting system time.
Warning:Use it at your own risk.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
2010-10-01 V0.37:
*Added mouse driver irp hook scan
*Added user32.ll:_apfnDispatch hook scan
*Added LSP/Safeboot repair feature
*Added list and remove feature for hidden reg
*Fixed several bugs.
2010-07-16 V0.36:
*Added GDT detection feature
*Added Object Hijack detection feature for detecting the TDL3 malware
*Fixed one potential BSOD
2010-07-07 V0.35:
*Fixed one potential BSOD
*Fixed several bugs.
2010-05-16 V0.34:
*Added MBR Rootkit detection feature
*Added Input Method Editor(IME) enumeration feature
*Added classpnp\atapi\acpi irp hook scan
*Fixed two potential BSODs
*Fixed several bugs.
2010-04-01 V0.33:
*Added Hot key enumeration feature
*Added Process's timer enumeration feature
*Added Windows Firewall rules displa�
没有合适的资源?快使用搜索试试~ 我知道了~
XueTr 0.37┊查看进程、线程、进程模块、进程窗口信息等┊简体中文绿色免费
共4个文件
txt:2个
config:1个
exe:1个
5星 · 超过95%的资源 需积分: 9 16 下载量 193 浏览量
2010-10-16
19:47:27
上传
评论
收藏 705KB ZIP 举报
温馨提示
本工具目前初步实现如下功能: 1.进程、线程、进程模块、进程窗口信息查看,杀进程、杀线程、卸载模块等功能 2. 内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、Shutdown、Lego 等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6. 查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 10.进程iat、eat、inline hook、patches检测和恢复 11.文件系统查看,支持基本的文件操作 12.查看(编辑)IE插件、SPI、启动项、服务、Host文件、映像劫持 13.ObjectType Hook检测和恢复 14.DPC定时器检测和删除
资源推荐
资源详情
资源评论
收起资源包目录
XueTr0.37.zip (4个子文件)
说明.txt 8KB
XueTr.exe 1.78MB
XueTr.config 2KB
readme.txt 17KB
共 4 条
- 1
资源评论
- luseqingchun2014-12-11有点用处,,不过不大
- ABCD5202328332013-01-12很不错的软件 对我帮助特别大
marksu2006
- 粉丝: 3
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 三次样条插值在C语言如何实现步骤介绍.docx
- SD6084电流模式同步降压转换器固定频率1.5MHz二极管封装SOT23-5
- NokoPrint-wifi蓝牙USB连接打印机[安卓免费App]
- 20211115aMmF9NbS.zip
- 解线性方程组-直接解法:(Gauss)高斯消去法、列主元、全主元 - 北太天元
- MapReduce单词统计 hadoop集群
- 深度学习源码神经网络新闻分类多分类问题ipynb源码带数据集
- 深度学习源码神经网络用预训练的卷积神经网络ipynb源码带数据集
- 深度学习源码神经网络使用词嵌入ipynb源码带数据集
- 深度学习源码神经网络使用LSTM生成文本ipynb源码带数据集
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功