Tools no image

Published on January 26th, 2011 | by NJ Ouchn


Tuluka kernel inspector v1.0.394.77 released

Tuluka is a new powerful AntiRootkit, which has the following features:

  • Detects hidden processes, drivers and devices
  • Detects IRP hooks
  • Identifies the substitution of certain fields in DRIVER_OBJECT structure
  • Checks driver signatures
  • Detects and restores SSDT hooks
  • Detects suspicious descriptors in GDT
  • IDT hook detection
  • SYSENTER hook detection
  • Displays list of system threads and allows you to suspend them
  • IAT and Inline hook detection
  • Shows the actual values of the debug registers, even if reading these registers is controlled by someone
  • Allows you to find the system module by the address within this module
  • Allows you to display contents of kernel memory and save it to disk
  • Allows you to dump kernel drivers and main modules of all processes
  • Allows you to terminate any process
  • Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
  • Allows to build the stack for selected device
  • Much more..

Tuluka v1.0.360.51 Beta (04.08.2010)

  • Initial testing version

Tuluka v1.0.394.77 (14.10.2010)

  • Improved detection of processes, drivers and threads
  • Added buttons “Find stealth processes” and “Find stealth drivers”
  • Improved stability

Tuluka is tested on the following operating systems(32-bit):

  • Windows XP SP0 SP1 SP2 SP3
  • Windows Server 2003 SP0 SP1 SP2 R2
  • Windows Vista SP0 SP1 SP2
  • Windows Server 2008 SP0 SP1 SP2
  • Windows 7 SP0 SP1


Tags: , , , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑