PCHunter anti-rootkit is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation.It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel.With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.
PCHunter currently supports the following Windows versions:
Windows 2000 SP4 (32-bit only)
Windows XP (32-bit only)
Windows Server 2003 (32-bit only)
Windows Vista (32-bit only)
Windows Server 2008 (32-bit only)
Windows 7 (32/64)
Windows 8 (32/64)
Windows 8.1 (32/64)
Windows 10 (32/64)
Currently,the following features are available:
*Process Manager
View system process and thread basic information.
Detect hidden processes,threads,process modules.
Terminate, suspend and resume processes and threads.
View and manipulate process handles,windows and memory regions.
*Kernel Module Viewer
Display kernel module information including ImageBase,Size,Driver Object,ImagePath,ServiceName and Load Order.
Detect hidden kernel modules.
Unload kernel module(dangerous).
Dump kernel image memory.
Display and delete system driver service information.
*Hook Detector
View and restore SSDT,Shadow SSDT,sysenter and int2e hooks.
View and restore FSD and keyboard disptach hooks.
View and restore kernel code hooks including kernel inline hooks,patches,IAT and EAT hooks.
View and restore usermode process hooks incluing inline hooks,patches,IAT and EAT hooks.
View and restore message hooks(both global and local).
View and restore kernel ObjectType hooks.
Display Interrupt Descriptor Table(IDT).
*System Callback Viewer
Display and remove Kernel Notifications(Process/Thread/Image/Registry/Lego/Shutdown/Bugcheck/FileSystem/Logon).
*Network Viewer
Display current network connections, including the local and remote addresses and state of TCP connections.
View and delete IE plugins and context menu.
View and restore tcpip dispatch hooks.
Display winsock providers(SPI).
View and edit hosts file.
*Filter Viewer
View and remove filters for common devices including disk,volume,keyboard and network devices.
*Registry Viewer
View and edit system registry.
Detect hidden registry entries using live registry hive analysis.
*File Explorer
Detect hidden files using both disk analysis and driver methods.
View and delete locked files and folders.
View file basic information including NTFS Alternate Data Streams.
*Autorun Manager
Display and delete common autorun entries.
*Service Manager
Display Win32 service information (for Ring0 modules,it is included in Kernel Module Viewer).
Change service status and configuration.
*DPC Timer
Enumerate and delete DPC Timer objects.
*Miscellaneous
View and repair common filetype assosications.
View and repair image hijacks.
*Settings
Option to defense from process creation,thread creation,module load and message hook installation.
Option to defense from file creation,registry key creation.
Option to prevent system suspend,log-off,shutdown and reboot.
Option to prevent locking workstation and switching destop.
option to prevent setting system time.
Warning:Use it at your own risk.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
Commerrial use is forbidden for free(standard) pchunter version.
2018-08-14 V1.55:
*Support Win10(BuildNumber:17134)
2018-04-26 V1.54:
*Fixed a bug in x64 Win8.1/Win10 system which be patched for Meltdown&Spectre.
2018-03-10 V1.53:
*Support Win10(BuildNumber:16299)
*Fixed a bug in x64 Win7 system which be patched for Meltdown&Spectre.
2017-08-06 V1.52:
*Support Win10(BuildNumber:15063)
2016-10-06 V1.51:
*Support Win10(BuildNumber:14393)
*Added disable LoadDriver feature for x64 system
2016-04-10 V1.5:
*Support Win10(BuildNumber:10586)
2015-10-17 V1.4:
*Sup�
zxczxc123123
- 粉丝: 10
- 资源: 20
最新资源
- C# Winform Excel 转 Chart示例视频
- uniapp-小程序-vue
- 台球检测11-YOLO(v5至v11)、COCO、CreateML、Paligemma、TFRecord、VOC数据集合集.rar
- 富芮坤FR8003作为主机连接FR8003抓包文件20241223-135206.pcapng
- 谷歌股票数据集,google股票数据集,Alphabet股份数据集(2004-2024)
- nuget 库官方下载包,可使用解压文件打开解压使用
- 非wine、原生Linux迅雷安装包deb文件,支持Ubuntu、UOS统信、深度Deepin、LinuxMint、Debain系通用
- KUKA机器人安装包,与PROFINET软件包
- 船舶燃料消耗和二氧化碳排放分析数据集,燃料消耗和碳排放关联分析数据
- req-sign、bd-ticket-ree-public加密算法(JS)
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈