과거 XueTr이라 불렸던 안티 루트킷 프로그램의 개명버젼입니다.

XueTr은  x86 시스템만 지원했었지만, PC Hunter부터는 x64 버젼도 지원합니다.

거의 왠만한 기능은 다 보유하고 있는 초강력 안티 루트킷 프로그램입니다.


(출처  : http://www.xuetr.com/)


Supported OS:

Windows 2000 SP4 (32-bit only)

Windows XP (32-bit only)

Windows Server 2003 (32-bit only)

Windows Vista (32-bit only)

Windows Server 2008 (32-bit only)

Windows 7 (32/64)

Windows 8 (32/64)



Currently,the following features are available:


*Process Manager

View system process and thread basic information.

Detect hidden processes,threads,process modules.

Terminate, suspend and resume processes and threads.

View and manipulate process handles,windows and memory regions.


*Kernel Module Viewer

Display kernel module information including ImageBase,Size,Driver Object,ImagePath,ServiceName and Load Order.

Detect hidden kernel modules.

Unload kernel module(dangerous).

Dump kernel image memory.

Display and delete system driver service information.


*Hook Detector

View and restore SSDT,Shadow SSDT,sysenter and int2e hooks.

View and restore FSD and keyboard disptach hooks.

View and restore kernel code hooks including kernel inline hooks,patches,IAT and EAT hooks.

View and restore usermode process hooks incluing inline hooks,patches,IAT and EAT hooks.

View and restore message hooks(both global and local).

View and restore kernel ObjectType hooks.

Display Interrupt Descriptor Table(IDT).


*System Callback Viewer

Display and remove Kernel Notifications(Process/Thread/Image/Registry/Lego/Shutdown/Bugcheck/FileSystem/Logon).


*Network Viewer

Display current network connections, including the local and remote addresses and state of TCP connections.

View and delete IE plugins and context menu.

View and restore tcpip dispatch hooks.

Display winsock providers(SPI).

View and edit hosts file.


*Filter Viewer

View and remove filters for common devices including disk,volume,keyboard and network devices. 

 

*Registry Viewer

View and edit system registry.

Detect hidden registry entries using live registry hive analysis.


*File Explorer

Detect hidden files using both disk analysis and driver methods.

View and delete locked files and folders.

View file basic information including NTFS Alternate Data Streams. 


*Autorun Manager

Display and delete common autorun entries.


*Service Manager 

Display Win32 service information (for Ring0 modules,it is included in Kernel Module Viewer).

Change service status and configuration.


*DPC Timer

Enumerate and delete DPC Timer objects.


*Miscellaneous

View and repair common filetype assosications.

View and repair image hijacks.


*Settings

Option to defense from process creation,thread creation,module load and message hook installation.

Option to defense from file creation,registry key creation.

Option to prevent system suspend,log-off,shutdown and reboot.

Option to prevent locking workstation and switching destop.

option to prevent setting system time.



PCHunter_free.rar


저작자 표시 비영리 변경 금지
신고
by Sone 2013.02.15 00:13