Patchfinder_w2k_2.11
所属分类:Windows编程
开发工具:Visual C++
文件大小:103KB
下载次数:10
上传日期:2009-05-01 15:06:19
上 传 者:
benina
说明: Rootkit upload by benina rea
文件列表:
patchfinder_w2k_2.11 (0, 2004-01-24)
patchfinder_w2k_2.11\patchfinder.dsw (1172, 2004-01-17)
patchfinder_w2k_2.11\pfService (0, 2004-01-24)
patchfinder_w2k_2.11\pfService\main.cpp (6719, 2004-01-24)
patchfinder_w2k_2.11\pfService\pfService.dsp (5996, 2004-01-24)
patchfinder_w2k_2.11\pfService\EventLog.h (7344, 2004-01-17)
patchfinder_w2k_2.11\pfService\ServiceStatus.h (6937, 2004-01-17)
patchfinder_w2k_2.11\pfService\events.h (1410, 2004-01-17)
patchfinder_w2k_2.11\pfService\test.cpp (1984, 2004-01-24)
patchfinder_w2k_2.11\pfService\events.mc (353, 2004-01-17)
patchfinder_w2k_2.11\pfService\events.rc (37, 2004-01-17)
patchfinder_w2k_2.11\pfService\MSG00001.bin (200, 2004-01-17)
patchfinder_w2k_2.11\pfService\IOCP.h (2057, 2004-01-17)
patchfinder_w2k_2.11\pfService\test.h (992, 2004-01-24)
patchfinder_w2k_2.11\pfService\tests_w2k.h (4993, 2004-01-17)
patchfinder_w2k_2.11\pfService\tester_x86_w2k.cpp (698, 2004-01-17)
patchfinder_w2k_2.11\pfService\types.h (325, 2004-01-17)
patchfinder_w2k_2.11\pfService\security.cpp (4455, 2004-01-17)
patchfinder_w2k_2.11\pfService\security.h (157, 2004-01-17)
patchfinder_w2k_2.11\pfDriver (0, 2004-01-24)
patchfinder_w2k_2.11\pfDriver\dbprotect.c (949, 2004-01-17)
patchfinder_w2k_2.11\pfDriver\dbprotect.h (506, 2004-01-17)
patchfinder_w2k_2.11\pfDriver\driver.c (6322, 2004-01-24)
patchfinder_w2k_2.11\pfDriver\driver.h (243, 2004-01-17)
patchfinder_w2k_2.11\pfDriver\interrupt.c (734, 2004-01-17)
patchfinder_w2k_2.11\pfDriver\interrupt.h (614, 2004-01-17)
patchfinder_w2k_2.11\pfDriver\pfDriver.dsp (4755, 2004-01-24)
patchfinder_w2k_2.11\pfDriver\sst.h (702, 2004-01-17)
patchfinder_w2k_2.11\pfDriver\pfDriver.sys (7321, 2004-01-24)
patchfinder_w2k_2.11\TODO.txt (274, 2004-01-17)
patchfinder_w2k_2.11\bin (0, 2004-01-17)
patchfinder_w2k_2.11\bin\pfInstall.exe (32768, 2004-01-17)
patchfinder_w2k_2.11\bin\pfService.exe (53248, 2004-01-24)
patchfinder_w2k_2.11\bin\pfAgentConsole.exe (49152, 2004-01-17)
patchfinder_w2k_2.11\bin\pfDriver.sys (3072, 2004-01-24)
patchfinder_w2k_2.11\inc (0, 2004-01-24)
patchfinder_w2k_2.11\inc\kernel_iface.h (470, 2004-01-17)
patchfinder_w2k_2.11\inc\service_iface.h (1160, 2004-01-17)
patchfinder_w2k_2.11\inc\config.h (892, 2004-01-24)
... ...
Patch Finder 2.10
==================
Overview
---------
Patchfinder (PF) is a sophisticated diagnostic utility designed to
detected system libraries and kernel compromises. Its primary use is
to check if the given machine has been attacked with some modern
rootkits, i.e. programs which tries to hide attacker's activity on the
hacked system, by cheating about the list of active processes, files
on filesystem, running services, registry contents, etc...
New release (2.x) of PF is the first version which is intended to be
not only a proof-of-concept code for developers, but also to be useful
tool for administrators. To make a proper use of the PF, every user
should read the attached PDF paper.
With this tool you should be able to detect even the newest versions
of such rootkits like: Hacker Defender, APX, Vaniquish, He4Hook, and
many more...
Quick Start:
---------------
C:\pf2>pfInstall.exe --install c:\pf2
Now you can use pfAgent (only console version is available now):
C:\pf2>pfAgentConsole.exe
This will run the tests on your machine (taking few seconds, depending
on the CPU speed), display a table with results, and also saves the
results to your system log. You can also specify remote computer name
(e.g. \\KITCHEN) as the first parameter to check the remote system,
provided PF has been installed on it.
PF at least should be run just before every system reboot. This is
crucial for the safety usage. See PDF paper for explanation. You can
add pfAgentConsole.exe to shutdown scripts in Group Policy snap-in:
Group Policy\Local Policy\Computer Configuration\Windows
Settings\Scripts\Shutdown.
It is also a good idea to make use of windows schedule facilities to
run the pfAgentConsole.exe for e.g. every hour.
Supported platforms
-----------------------------
Only Windows 2000. Except support for XP/2003 in future versions.
Download
---------
Get the latest version of patchfinder from http://rootkit.com.
Author
---------
Joanna Rutkowska
joanna at mailsnare dot net
2002-2004.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)
mQGiBEANuecRBADy/SxMGtz6wBr1MR9QLoefFAO4DDm910lS2eeJ7jelilik5/b2
zaTQiqmeeVdGTUSWhQ8WyFPAz6ms6A4bJDqPR5gjrvPI0UXca69B69eEVt6nhwaH
Df2duRNAr0rMbn3Q5pqRgncemVUKI6DYq+1NZAgYwV7JdZEYiGUu5Qx/SwCg/Bx2
J4Ts1J50KWgWLMxvBH4lVS8EAJbVvaoRr1nSVKa34PeUBtNujfx6tOFtbU5f79Km
37OeQ1VPOnnSppKuD6dnHBNJnR34+fr2pxphjqVeWNno66qJM9WpGi9D2IODndpi
EqlOSSL2HR5Rn83yheYEMN2qdNv020jdO6CaCBTPFYOW5byXp9mJ6MPAhONytkB5
DZXVBADVjLI3tqSmdIk5ujQ8xVSLLomqDHyrPWjgIY1bCRqBMKg3KOGkmVfU8Nc0
hfYH67PYsUY8VsGYyC+g8RX72ndzp4Jjkb8WAQmh09k0GJlOlO5O+0L6hCXwgmmA
bwwX8VlWaOIeHedT2dF3CsfRxh6xslQNPE4+qEMj3oeup9uTFrQnSm9hbm5hIFJ1
dGtvd3NrYSA8am9hbm5hQG1haWxzbmFyZS5uZXQ+iFkEExECABkFAkANuecECwcD
AgMVAgMDFgIBAh4BAheAAAoJEDkXZKLXxFvOJHsAn1/Co6aZE09cn7J3A3lhsqtd
guxAAKCGUYzcyq+0/nwTboV6YALf262rrLkCDQRADbpVEAgArQ3mDsv9l5Sks037
yxq/JJ7FJNPZdS+Fln0q/HMUFat1jDQFy+xtIgoBWkecx+fZURlvt+dHYEzbdg4z
+6KQCw9fssbEG3w8K8XvVsZVX4He2hiQ5lG0q/MrEfcXvHk3OBVhpbpex6QGoB3O
SuXtdb2HZ+CYHcQp8IoZjumfs0TsvJAgcgVbKsdT5srDO1syGer2O0k0q+R1BIcT
/kCet80rncgtlFpgy5VUTPoH33Qlcj10Beg2HGC2j+lAdl9RkvR43Vn/9hPmjWW7
8SOJMYzCqT5PjYBWLFtSw1KCzrSj4i2OQWBdbluFDxkSWWh4G3TaBtBgRgSn+Ofx
Ans+BwAFEQgAq35FKTMsDLagphyMV1rHNPBJSlJKqdBGTpSIKkXKWYuItM6FaPCM
bT2nRIYWff2lbmJNnMLapaoaAH4ZGeWKVdw8KsFrpDU4CG08K3XF2VOZj+rirvmb
WSE5M2YSb5l6Q0kh02CrwS5dnUrhz+cr7jy+ofkQSga+ODf+nbUg+IGBCDjsF8ma
170L2AfkfTOebLp4ATFhqzSx9bnPTj3OXBiR+/0nvrEaBi6khpEd5B/CNtviEVlv
sx0xt9s8LcMxlCXApxVsedvl1dc/8kQwLOPQDhaFFQc+4mwlqI1ahsALQ9gtxcbZ
OVlA24fKKxdvJ/Y7Ji0aLr9rDa3lQPnQtohGBBgRAgAGBQJADbpVAAoJEDkXZKLX
xFvOxMMAoOiRip+nA4UlxNH8cZ5dfujNoKzLAJ9GWWGA7oInBvs3Q1xhigjGH0Yc
OA==
=QdzS
-----END PGP PUBLIC KEY BLOCK-----
近期下载者:
相关文件:
收藏者: