Помощь сайту | Donate
Поиск по сайту
Вход на сайт
Меню
Форум NoWa.cc На главную • Программы • Релизы • Наборы AIO • ОС • Мобила • Игры • Видео • Музыка • Книги • Аудиокниги • Оформление • Photoshop • Юмор • Новости • Железо • Разное Последние комментарии
Wanker
01:27 | 21:33 | ExaFlop 06:57 | eduard33 06:51 | eduard33 06:49 | eduard33 09:46 | diim 18:57 | diim 16:19 | Assur 15:58 | Pepa112 21:17 | Trashman 12:57 | mxhxbug 07:20 | Haul2006 19:15 | Carhel 16:53 | mrjok 09:17 | m4657 03:20 | Haul2006 16:36 | eduard33 14:52 | tinbin 08:05 | m4657 17:32 | marlon Заказ рeклaмы
Купите у нас рекламу ! Your advertising could be here ! E-mail для связи: Партнёры
Для вас работают
brodyga (админ) marlon leteha Ledworld Mansory1 Masarat manivell17 Sanchezzz sibius777 Sergv |
Rootkit Revealer v1.56
Новость от: brodyga
Просмотров: 750
How RootkitRevealer Works Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive (a hive file is the Registry's on-disk storage format). Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures. Can a Rootkit hide from RootkitRevealer? It is theoretically possible for a rootkit to hide from RootkitRevealer. Doing so would require intercepting RootkitRevealer's reads of Registry hive data or file system data and changing the contents of the data such that the rootkit's Registry data or files are not present. However, this would require a level of sophistication not seen in rootkits to date. Changes to the data would require both an intimate knowledge of the NTFS, FAT and Registry hive formats, plus the ability to change data structures such that they hide the rootkit, but do not cause inconsistent or invalid structures or side-effect discrepancies that would be flagged by RootkitRevealer. Is there a sure-fire way to know of a rootkit's presence? In general, not from within a running system. A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised. While comparing an on-line scan of a system and an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable, rootkits can target such tools to evade detection by even them. The bottom line is that there will never be a universal rootkit scanner, but the most powerful scanners will be on-line/off-line comparison scanners that integrate with antivirus. 190 KB Download/Скачать
Раздел: Программы | 27.10.05 | 08:18
|
Design by DolpHin | Disclaimer Реклама | E-mail для связи: | Skype: diim_diim | ICQ: 400632 |