Another antirootkit tool: CodeWalker

Hi all,

I've developed an antirootkit tool called CodeWalker which can:

+ Detect hidden processes
+ Detect hidden drivers
+ Detect hidden files (support NTFS only)
+ Detect hooks in both kernel mode and usermode.
+ Works on Windows English 2000/XP/2003/Vista/2008.

The tool is currently in beta stage and im looking for people for testing it. I've already tested it with all rootkits samples I have and its detection rate seems optimistic. I think it's very great if you guys test it against your rootkit zoo and provide the result you got with the tool. If there's BSOD (of cos, you can never write a bug free proggie, rite? :P), it would be very appreciated of you to upload minidumps to help me correct the tool. Thanks in advance.

I will update this tool frequently for new detection methods, bug fixs etc. Welcome for your all suggestions, bugs and minidumps :P

Here's the link:

http://cmcinfosec.com/download/cmcark.zip

EDIT: Mispells

Edited by thug4lif3 - 18 November 2008 at 11:30am

I´ll check it and give you my feedback too.

Up.

Im waiting for feedback :)

+FIX:
- fix bug in initializing & acquiring ERESOURCE


Edited by thug4lif3 - 20 November 2008 at 8:55am

Scanning memory then locks up Windows 100% after a few seconds only the mouse moves.
Tested on XP Pro SP2, with no SSDT hooks, AV or firewall software installed.

Richard S.

@GamingMasteR &

In next build I will try to limit the false-positive kernel code modification to lower rate. Thanks ;)

@redhawk:

I'll fix these bugs soon. May be it's becos of GUI bugs.

@controler:

Yes, virustotal always flag "rootkit tool" for programs which drop and load driver. Anyway, it's an anti-"rootkit tool", rite :D?

I will upload the new build asap. Thank you.

Edited by thug4lif3 - 21 November 2008 at 2:49am