rootkit.com

main menu

home

forums
Show me new threads!

bookmarks

view blogs

vault

you must be level 2 to upload files to your vault

downloads

you must be logged on, and level 1, to access downloads

Rootkit Collection

File	Contributer	Link
Hacker Def...	hf	n/a
HE4Hook	admin	n/a
BASIC CLAS...	hoglund	n/a
Vanquish	xshadow	n/a
NT Rootkit	hoglund	n/a
FU	fuzen_op	n/a
WinlogonHi...	JeFFOsZ	n/a
klister	joanna	n/a
Patchfinde...	joanna	n/a
MyNetwork	hoglund	n/a
MTDWin	hoglund	n/a
NTFSHider	hoglund	n/a
VideoCardK...	hoglund	n/a
VICE	fuzen_op	n/a
Klog	Clandestin...	n/a
NtIllusion	Kdm	n/a
AFX Rootki...	TheRealAph...	n/a
SInAR	vulndev	n/a
Shadow Wal...	Clandestin...	n/a
BootRootki...	dereksoede...	n/a
CHAZ - Nim...	neocrackr	n/a
Clandestin...	merlvingia...	n/a
FUTo	petersilbe...	n/a
Windows Me...	alcapone66...	n/a
RAIDE	petersilbe...	n/a
BOOT KIT	vipinkumar	n/a
BluePill	Joanna and...	n/a
DEFRAG	blume1975	n/a
Keyboard H...	chpie	n/a
CheatEngin...	DarkByte	n/a

backends
A news back-end to implement RootKit news into your website is here or more advanced version here.

An XML/RSS feed that includes both NEWS and BLOGS for RootKit is here: XML/RSS.

Beta feed for replied posts here. feedback to admins not forums, we know about times being off...

ROOTKIT
Will RE for Cash

Thursday September 02nd

Featured Article: Nostalgia: n00bk1t, an advanced ring3 rootkit in C by jeffosz

Symbol Type Viewer 32Bit/64Bit v1.0.0.3 (beta) : New Release

By: YoLeJedi

Symbol Type Viewer 32Bit/64Bit v1.0.0.3 (beta)

Symbol Type Viewer is a tool which makes it possible to easily
visualize the types which can be defined in the symbols of the modules of the
systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert
these informations for the C language (.h) and the disassembler IDA of DataRescue
(.idc).

Symbol Type Viewer allows to :

download the symbols (pdb) very simply.
sail and visualize in a detailed way the types and their members in the
form of tree structure
easily find the unused areas in the structures (padding). These areas are
theoretically usable to put personal data there
translate the structures for the C Language (.h) and for IDA script (.idc)
of DataRescue (http://www.datarescue.com/idabase/)
personalize the formatting: addition of suffix in the names of types, freeze
the sizes of structures and members (the pointers become ULONG32 for a 32bit
system and UINT64 for a 64bit system)
apply searchs of texts or regular expressions
do a batch processing by treating all modules met in a directory and its
under-directories. For example: C:\Windows

Download
Info
Screenshot_viewer
Screenshot_translator

If you have proposals to improve this tool, if you meet bug or if you want
quite simply to discuss with me, do not hesitate to contact me.

About Symbol Type Viewer : stv (at) syseclabs com

Other : yolejedi (at) free fr

ok, ok... my english is awkward...

what ?... very awkward ?

Aaarch...Sorry... However, I work my English the every day. I will succeed in
rendering comprehensible me ;-)

CHRONOLOGY

[+] February 27th, 2008 : Version 1.0.0.3 beta (32Bit / 64Bit)

Addition of a function of research starting from a text or a regular expression

Addition of buttons of navigation keeping in memory the 100 last selections
Possibility of fixing the size of the pointers in the structures for the
C language. This option can be very useful when one wishes to make a work
with 32bits processes in an 64bits environment.
Possibility of personalizing a suffix at the end of all the names of the
unions, structures, enumerations and functions. This makes it possible to
use the entities formatted in projects while avoiding the conflicts of declaration
which can appear.
All the entities deduced or without name (unnamed) met in the members from
the structures have a single name then. In order to give a maximum of information
making it possible to identify the role of these entities, it is added to
the single name the names of all the members dependant on this entity. Each
name of added member is separated by a character "_"
Addition of Exit menu (Thanks to ouadji, most crazy of my friends
: "An application without Exit menu is not a application. It's like the Camenbert…
There doesn't exist Alsatian Camembert cheese...". What else
?)
[bug] Correction of a problem of size of pointers in 64bit structures formatted
for IDA script
[bug] Correction of a problem of principal window refresh under Vista.
[bug] Correction of a problem when one makes "Brut copy" with the "Format
view" panel wich is empty. (Thanks to ouadji)

[+] January 15th, 2008 : Version 1.0.0.2 beta (32Bit / 64Bit)

Symbol Type Viewer is now compatible with the versions 32bits and 64bits
of Windows.
The functions met in the structures are now accessible directly since the
tree view.
Preparing of the tree with icons significant.
In the format C structures, the unused zones appear now clearly in red.
These zones are theoretically available to store personal data.
[bug] Correction of bad size estimate with certain local structures.

[+] December 29th, 2007 : Version 1.0.0.1 beta (32Bit)

[bug] Correction of a problem giving (with certain parameters of system
appearance) a nonwhite background in the formatted structures view. This can
be disturbing. Especially when the background appears in black. (Thanks
to DarKPhoeniX).
[bug] Correction of a bad management of the variable system _NT_SYMBOLS_PATH
when this one isn't completly in lower case (Thanks to Neitsa)

[+] December 28th, 2007 : Version 1.0.0.0 beta (32Bit)

Initial version

read comments (8) / write comment

recent comments:
v1.0.0.6 (beta) : New Release YoLeJedi 19.May:12:18
v1.0.0.5 (beta) : New Release YoLeJedi 12.May:18:07
v1.0.0.4 (beta) : New Release YoLeJedi 21.Mar:19:57
Outstanding ZHadum 05.Mar:10:27
The tool I always wanted but was to lazy to code buri 04.Mar:18:00

views: 2650 printer-friendly version

ROOTKITS, Subverting the Windows Kernel
By: Greg Hoglund and Jamie Butler

Rootkits are powerful tools to compromise computer systems without detection. Get the original and best book on the subject here.

logged users

active for last 5 minutes

registered users:80290

There are currently 0 registered users and 29 guests browsing the website.

Welcome our latest registered user: samel

recent board posts
subject author date
rootkit is systan Sep / 01
help! i ca... qxsl2000 Aug / 31
ndis simpl... b919134 Aug / 30
ZwXxx Rout... systan Aug / 25
Hiding "sc... brym Aug / 24
MSV1_0_LOG... eKKiM Aug / 22
Driver Com... tp012409 Aug / 22
network fi... b919134 Aug / 18
I can't st... al3xey Aug / 12
Windows Vi... 120decibels Aug / 11
Creating a... masterjippo Aug / 10
New to Roo... arapes Aug / 07
DPC lock. Spec0p Aug / 05
Whats up w... Ntsc Aug / 05
Hiding Tcp... _MAX_ Jul / 27

recently replied posts
subject author date
rootkit is systan Sep/01
Hiding "sc... systan Sep/01
ZwXxx Rout... systan Sep/01
ndis simpl... _MAX_ Aug/31
help! i ca... qxsl2000 Aug/31
header Vir... systan Aug/25
MSV1_0_LOG... eKKiM Aug/22
Driver Com... vrtulex Aug/22
I can't st... vrtulex Aug/22
network fi... b919134 Aug/19

recent blog entries
littlebu Aug 24, 04:27
DiabloNova Aug 16, 04:49
DiabloNova Aug 13, 16:44
DiabloNova Aug 09, 15:25
DiabloNova Aug 05, 15:52

Best Screenshots / Analog
May 14, 2010
dep.png /
click on the picture to enlarge and see description
!
read comments (0)
write comment
view archive(90) :
Analog(53) / Best Screenshots(37)
submit a picture to gallery

the most active news users
based on the number of news posts for last 30 days

user nr. of posted news

select skin

"The Internet ? Is that thing still around ?" - Homer Simpson.