понедельник, 13 января 2014 г.

wincheck rc8.51

Download mirror
  • add checking of some callbacks in MS crt modules (like purecall_handler, pInvalidArgHandler etc)
  • add MiFlags dumping
  • some bugs were fixed

3 комментария:

  1. Насколько корректна диагностика UNKNOWN для win32k_sdt:
    Shadow SDT: 9D97E000, limit 339
    win32k_sdt[318] (NtUserAttachThreadInput) hooked, addr 88740D20 UNKNOWN
    win32k_sdt[402] (NtUserGetAsyncKeyState) hooked, addr 8A110758 UNKNOWN
    win32k_sdt[434] (NtUserGetKeyboardState) hooked, addr 8A1106C0 UNKNOWN
    win32k_sdt[436] (NtUserGetKeyState) hooked, addr 886D6708 UNKNOWN
    win32k_sdt[448] (NtUserGetRawInputData) hooked, addr 8A111388 UNKNOWN
    win32k_sdt[490] (NtUserMessageCall) hooked, addr 88B5F438 UNKNOWN
    win32k_sdt[508] (NtUserPostMessage) hooked, addr 8A111D78 UNKNOWN
    win32k_sdt[509] (NtUserPostThreadMessage) hooked, addr 88B5F4C0 UNKNOWN
    win32k_sdt[585] (NtUserSetWindowsHookEx) hooked, addr 8873B3C0 UNKNOWN
    win32k_sdt[588] (NtUserSetWinEventHook) hooked, addr 8873B6B0 UNKNOWN


  2. well, if you don`t trust to my tool - you always can check what happens with windbg

    it seems that your machine has some nasty AV with "rich GUI" who try to protect itself - in your case this is symantec endpoint protection

  3. Этот комментарий был удален администратором блога.