modGREPER - hidden kernel modules detector

[Joanna Rutkowska <joanna () invisiblethings org>]

modGREPER is a hidden module detector for Windows 2000/XP/2003. It
searches through whole kernel memory in order to find structures which
looks like a valid module description objects. Currently two most
important objects type are recognized well known _DRIVER_OBJECT and
_MODULE_DESCRIPTION. GREPER has some sort of artificial intelligence
built in, which allows it recognize if the given bytes actually describe
a module-specific object. The term AI for this algorithm is probably a
little bit exaggerated, since it is just a few bunches of logical rules
which should be satisfied by the potential fields of the structure in
question...

read more and get the tool:

http://invisiblethings.org/tools.html#modgreper

regards,
joanna.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave