Tuluka kernel inspector v1.0.394.77 released
Tuluka is a new powerful AntiRootkit, which has the following features:
- Detects hidden processes, drivers and devices
- Detects IRP hooks
- Identifies the substitution of certain fields in DRIVER_OBJECT structure
- Checks driver signatures
- Detects and restores SSDT hooks
- Detects suspicious descriptors in GDT
- IDT hook detection
- SYSENTER hook detection
- Displays list of system threads and allows you to suspend them
- IAT and Inline hook detection
- Shows the actual values of the debug registers, even if reading these registers is controlled by someone
- Allows you to find the system module by the address within this module
- Allows you to display contents of kernel memory and save it to disk
- Allows you to dump kernel drivers and main modules of all processes
- Allows you to terminate any process
- Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more
- Allows to build the stack for selected device
- Much more..
Tuluka v1.0.360.51 Beta (04.08.2010)
- Initial testing version
Tuluka v1.0.394.77 (14.10.2010)
- Improved detection of processes, drivers and threads
- Added buttons “Find stealth processes” and “Find stealth drivers”
- Improved stability
Tuluka is tested on the following operating systems(32-bit):
- Windows XP SP0 SP1 SP2 SP3
- Windows Server 2003 SP0 SP1 SP2 R2
- Windows Vista SP0 SP1 SP2
- Windows Server 2008 SP0 SP1 SP2
- Windows 7 SP0 SP1
About the Author
NJ Ouchn "Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Related Posts
Habu v0.0.45 – Python Network Hacking Toolkit →
The Social-Engineer Toolkit (SET) v7.7 “Blackout” Released →
Belati v.0.2.2-dev – swiss army knife for OSINT →
