Results 1 to 10 of 10

Thread: detecting hacker defender GOLD

  1. #1
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,415

    detecting hacker defender GOLD

    I don't know it's value as it's in Chinese - therefore the app displays "???" but detections are in English


    Here's a screenshot:


    The Beginning Of The End For Rootkits?

    On May 30, Holy_father lamented in a comment posted on his site, "One of my priorities this summer [will be] to beat IceSword." He went on to call it "such a nice tool, [a] real challenge."

    What could have caused the much-loathed creator of Hacker Defender to moan so mournfully in the face of a competing development?

    IceSword is a rootkit-beating program from Xfocus.net. The site is the home of a Chinese group of security researchers who've published a number of Windows vulnerabilities. The group famously announced last December some major security holes in Internet Explorer that Microsoft scrambled to patch.

    In a posting on the Hacker Defender site, one commenter noted: "Most rootkits hide services from service management controllers by hooking some API such as EnumServicesStatus..." To combat such rootkits, he added: "IceSword maps the advapi32.dll... and gets the 'pure' (unhooked) EnumServicesStatus." This permits the program to detect anything that may have been hiding behind these services.
    Last edited by lynchknot; July 19th, 2005 at 02:04 AM.

  2. #2
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Nice screenshot, perhaps you would care to talk us through it.
    I'm using Windows 7 - you got a problem with that?

  3. #3
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,415
    I think you'd be much more qualified in interpreting functions of this app. some of the icons are obvious but the readout pane on the right is more up your alley. This screenshot is obviously running processes. At least I know what the "BHO" icon implies.






    A port explorer



    I have no idea what this is



    Others are: startups, services, SPI (netbios, tcip, etc), BHO, SSDT (I haven't a clue), a few other's I have no idea what they are - but I believe if you took a look at the right pane, you would know it's intended function. If this is truly frustrating "Holy Father" then this is a significant advancement in rootkit detection.
    Last edited by lynchknot; July 21st, 2005 at 20:43 PM.

  4. #4
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    I don't know if you read those articles you linked Lynch but there is a whole load of crap in them, I can only assume the author has attended too many rave parties. Ice Sword may be able to detect HxDef GOLD but if you can't read it how are you gonna know?
    I'm using Windows 7 - you got a problem with that?

  5. #5
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,415
    It would probably show in the panes - much like Security Task Manageer. Can you understand STM without the labels? I know you can but it's more than I know currently.

  6. #6
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Perhaps some nice individual can translate the text strings for us and then I or someone else may be able to swap them in the executable - any volunteers?
    I'm using Windows 7 - you got a problem with that?

  7. #7
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,415
    Well, Resource Hacker would not be the one to modify files. I have IDA pro disassembler but have not explored it's capabilities - nor do I know how to use it. If no one reads Chinese we would need to copy the text to send it to Babel Fish (I know, not a great translator)
    Last edited by lynchknot; July 24th, 2005 at 20:49 PM.

  8. #8
    Junior Member
    Join Date
    Aug 2005
    Posts
    3
    hehe

    icesword has been by passed

    ch0pper aka themaskdemon

  9. #9
    Junior Member
    Join Date
    Aug 2005
    Posts
    3
    also icesword is now in english

  10. #10
    Junior Member
    Join Date
    Sep 2005
    Posts
    16
    With rootkits, it's prevention more than cure IMO.









    As there is little cure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •