morph3us.org

Entries tagged as dkom

Finding hidden drivers in Windoze NT

(Monday, February 13. 2006)

Lately I had an idea to simply detect loaded kernel drivers which hide their presence after their execution. I'm sure this method is already known/used but because I never read of it I decided to write it down.

You have to reboot your box and start the system with enabled boot logging - hit F8 before Windoze boot screen and select the entry "Enable Boot Logging". Another possibilty to boot with enabled logging is to hand the /BOOTLOG option to the Windoze kernel as a parameter by editing the `boot.ini' file.

Continue reading this entry..

Posted by in Windows at 12:32

Defined tags for this entry: dkom, kernel driver, malware, rootkit, windows

Related entries by tags:

Strange pings and broken Windows services
New external 400GB USB2 harddisk drive
Why Windows is less secure than GNU/Linux
Welcome Vista - Goodbye Windows
Unaddressed DoS vulnerabilities in IE 6 SP2
o2 XDA Trion rocks :)
"Killing" Windows's system process
"Exploiting" Windows Spider Solitaire
Windoze 03 Server SP1 DDK
MS06-001

Comment (1) | Trackbacks (0)

(Page 1 of 1, totaling 1 entries)

Entries tagged as dkom

Quicksearch

Categories

Syndication

Blogroll

Tagged entries

Entries tagged as dkom

Finding hidden drivers in Windoze NT