RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don''t attempt to hide their files or registry keys).
Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive (a hive file is the Registry''s on-disk storage format).
Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume''s file system structures.
| 軟體資訊 | |
|---|---|
| 檔案版本 | Rootkit Revealer 1.60 |
| 檔案名稱 |
RootkitRevealer.zip
|
| 檔案大小 | 183KB |
| 系統 | Windows 2000 / XP / Vista / Windows 7 / Windows 8 / Windows 10 / Windows 10 64-bit |
| 支援語系 | Multiple languages |
| 軟體類型 | 免費軟體 |
| 更新日期 | 2005-12-08 |
| 更新日誌 | 沒有資料 |
| 作者 | Microsoft SysInternals |
| 官網 | http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx |