Re: modGREPER - hidden kernel modules detector

["James Butler" <james.butler () hbgary com>]

Joanna,
   We (Sherri and I) had already defeated this detection mechanism before
you released it. Perhaps you should see: 
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Sparks

See I knew you or someone was going to do this, but thanks for giving our
presentation even more motivation. It is kinda non-climactic to create
"solutions" for problems that don't exist yet. Now the problem exists
because of you.

Thanks for advancing the discussion on rootkit.com. I was getting bored.

Jamie aka Fuzen


> modGREPER is a hidden module detector for Windows 2000/XP/2003. It 
> searches through whole kernel memory in order to find structures which 
> looks like a valid module description objects. Currently two most 
> important objects type are recognized well known _DRIVER_OBJECT and 
> _MODULE_DESCRIPTION. GREPER has some sort of artificial intelligence 
> built in, which allows it recognize if the given bytes actually 
> > describe a module-specific object. The term AI for this algorithm is 
> probably a little bit exaggerated, since it is just a few bunches of 
> logical rules which should be satisfied by the potential fields of the 
> structure in question...

> read more and get the tool:

> http://invisiblethings.org/tools.html#modgreper

> regards,
> joanna.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave