Rootkit Revealer 1.71 Download
| Downloads: | 28985 |
|---|---|
| Op. System: | Windows 2000 / XP / 2003 / Vista / Windows7 |
| License: | Freeware |
| Last updated: | 2006-11-11 |
| File size: | 225.97 KB |
| Publisher: | Microsoft SysInternals |
Publisher description for Rootkit Revealer 1.71
RootkitRevealer (RR) is a tool to detect rootkits. It is an advanced scheme that runs on all Win Operating systems to find and list any discrepancy, usually APIs, which seems to be a potential rootkit, be it kernel-mode or user-mode types. RR is excellent in identifying AFX, Vanquish, and HackerDefender. Where RR limits it scope is with rootkits that play out in the open, that do not mask any of their files or registry keys, such as Fu. RR uses the typical differences between actual view of registry / APIs to the system view of the same items to point out potential threats. Actual view is called the high view and the system view is called the low view. The high level is the API for Windows and the low level is the file system’s volume raw content or what is known as the registry hive, the on-disk format of the registry’s data. Along with this manipulation, rootkits also seek to mask themselves, becoming hidden in any list of a directory. This occurs with both the user and kernel modes. Again, RR sees this as it compares the info given to it from the Windows API and what it checks and sees in the structures of the volume’s file system, even in the FAT and NTFS types.