Shulou(Shulou.com)06/02 Report--

This article will explain in detail about anti-virus & anti-Rootkit free tool kit AntiSpy, the content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.

AntiSpy is a free but powerful suite of anti-virus and anti-rootkit tools that gives security researchers the highest level of access to help us detect, analyze, and restore various kernel changes and hook settings. In this way, with the help of AntiSpy, we can easily find and deal with malware that cannot be detected by ordinary scanners.

A powerful manual antivirus assistant tool

AntiSpy is a completely free and powerful manual antivirus assistant tool. It can enumerate deep hidden processes, files, network connections, kernel objects, etc., and can also detect various hooks in user mode and kernel state. With its help, we can easily delete all kinds of stubborn viruses, Trojans and Rootkit, and give us a clean and comfortable Internet environment.

Development environment

Development tools: Visual Studio 2008

User layer: MFC

Kernel layer: WDK7600

Third-party library: Codejock toolkit pro

Code structure AntiSpy_Root_Dir ├── LICENSE (Open Source Protocol) ├── README.md (AntiSpy Project introduction document) ├── doc (tool introduction) Version update record, etc.) │ ├── Readme.txt ├── icon (AntiSpy software icon) │ └── icon.ico ├── src │ ├── Antispy (AntiSpy main project code) │ │ ├── Common (header file shared by driver and interface, Data structure, etc.) │ │ ├── SpyHunter (AntiSpy user interface code) Written in MFC) │ │ ├── SpyHunter.sln (VS2008 project file) │ │ └── SpyHunterDrv (AntiSpy kernel driver code) │ └── ResourceEncrypt (project to encrypt drivers and other resources) │ ├── ResourceEncrypt │ ├── ResourceEncrypt.sln │ └── clear.bat └── tools ├── ResourceEncrypt.exe (compiled encryption tool) └── TestTools.exe (tool for testing the availability of AntiSpy security capabilities) function introduction

AntiSpy currently implements the following functions, including, but not limited to:

Process Manager

1. View process threads, modules, windows, memory, hotkeys, timers, permissions and other information

2. View the process running time, command line, current directory, PEB and other information

3. Close the process, close the thread, uninstall the module, copy the process memory, and find the process module

4. Create a process to debug DUMP

5. Inject modules into the process

6. Scan process Ring3 hook

View and restore various hooks

1. View and restore common kernel hooks, including SSDT, Shadow SSDT, FSD, keyboard, mouse, TCPIP, Classpnp, Atapi, Acpi, IDT, Object hook, kernel entry, etc.

2. Iat, eat, inline hook, patches detection and recovery of kernel modules

3. View and uninstall user-level message hooks

4. View and delete Notify Routine information such as CreateProcess, CreateThread, LoadImage, Registry, Shutdown, etc.

Kernel object viewing and management

1. View the kernel driver module, copy the memory of the kernel driver module, and uninstall the driver kernel module

2. View and delete kernel timers such as DPC and IO timers

3. View and end of the system thread

4. Check the WorkerThread information

5. View and restore kernel debug registers

6. Enumerate filter drivers such as disk, volume, keyboard, network layer, etc.

7. Kernel object hijacking detection

8. Detection and recovery of direct IO processes

Registry Editor

1. By parsing the original hive, you can view and edit hidden registry key values

2. Quickly navigate to the most commonly used registry key

File Manager

1. Display basic information of the file, including file name, file attribute, file size, etc.

2. Quickly navigate to the most commonly used folder

3. View and edit hidden files through the underlying operation of IRP

4. View and delete locked files and folders

5. Calculate file hash and file comparator

System Service Manager

1. Enumeration and operation of system services. You can enumerate hidden services.

2. Manage system services, such as changing startup order, startup status, etc.

Boot self-startup item management

1. Be able to enumerate almost all boot items in the system

2. Manage startup items, including stopping, running, and permanent deletion

Network information management

1. Check the networking status of the application, including port, remote address and other information

2. View, edit and reset hosts files to the default

3. View and repair system LSP information

Some other common functions

1. Enumeration and deletion of system users and hidden users

2. Disable anti-virus options such as process creation, thread creation, driver loading, etc.

3. Unlock registry, task manager, command interpreter, etc.

4. Repair the safe mode

5. View and edit system memory and process memory in hexadecimal form

6. Disassemble system memory and process memory

7. Detection and repair of MBR virus

8. Enumeration and repair of commonly used file association items

9. Detection and repair of image hijacking

10. Enumeration and management of IME input method

11. Anti-espionage recorders, including anti-screenshot recorders, etc.

User interface process management

Process menu

Network connection management

Document management

Automatic running software management

License agreement

The development and release of the tool follows the Mulan PSL v1 open source license agreement.

About anti-virus-anti-Rootkit free tool kit AntiSpy how to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.