This forum uses cookies. Click X button to hide this message. What is stored? 
Total Commander Forum Index Total Commander
Forum - Public Discussion and Support
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Hunting rootkits / Windows NT "native" file/regist

 
Post new topic   Reply to topic    Total Commander Forum Index -> Plugins and addons: devel.+support (English) Printable version
View previous topic :: View next topic  
Author Message
CCRDude
Junior Member
Junior Member


Joined: 01 Oct 2007
Posts: 26

PostPosted: Wed Jan 30, 2008 1:59 pm    Post subject: Hunting rootkits / Windows NT "native" file/regist Reply with quote

Here are two new plugins for NT/2000/XP/2003/Vista users, that allow browsing the file system and the registry through NT native methods.

Useful mostly to hunt down rootkit files (and registry entries), for rootkits that hide themselves from the Win32 subsystem, but not the native WinNT underneath.

More details in the thread on the originating forum linked to above Smile
Back to top
View user's profile Send private message
icfu
Power Member
Power Member


Joined: 10 Sep 2003
Posts: 6052

PostPosted: Wed Jan 30, 2008 2:36 pm    Post subject: Reply with quote

Quote:
We might create an installer to automate this

You don't need an installer, just create two archives and add pluginst.inf file in each of them:
Code:
[plugininstall]
description=Windows NT Native mode plugin for the file system
descriptiondeu=Windows-NT-Nativmodus-Plugin für das Dateisystem
type=wfx
file=NTFiles.wfx
defaultdir=NTFiles


Code:
[plugininstall]
description=Windows NT Native mode plugin for the registry
descriptiondeu=Windows-NT-Nativmodus-Plugin für die Registry
type=wfx
file=NTRegistry.wfx
defaultdir=NTRegistry


Icfu
_________________
This account is for sale
Back to top
View user's profile Send private message Send e-mail
byblo
Senior Member
Senior Member


Joined: 20 Feb 2005
Posts: 209

PostPosted: Fri Feb 01, 2008 12:44 am    Post subject: Reply with quote

Very interesting. Does it kill a process if needed, before deleting the file ?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Total Commander Forum Index -> Plugins and addons: devel.+support (English) All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Impressum: This site is maintained by Ghisler Software GmbH

Using phpBB © 2001-2005 phpBB Group