Re: modGREPER - hidden kernel modules detector

[joanna <joanna () invisiblethings org>]

Michael J Freeman wrote:
> Whats the difference between this and FLISTER?
well... if you bothered to read just a few first words from the 
description of these tools you would probably find out, that:

"FLISTER is a proof-of-concept code for detecting files hidden (...) by 
Windows rootkits (...)"

"modGREPER is a hidden module detector for Windows 2000/XP/2003."

and of course module != file. kernel modules are things which are loaded 
into kernel space. some people may now them also as a drivers, although 
I prefer the term module for some reasons.

EXECUTIVE SUMMARY: modGREPER and FLISTER are completely different tools!

joanna.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave