SysTracer更新至v1.0.0.11
by mayin on Jan.16, 2012, under SysTracer
v1.0.0.11更新日志 (2011.1.16)
- 启动时不自动运行全局监控模式
- 合并连续的相同日志
- 修改驱动几个可能导致蓝屏的问题
v1.0.0.10更新日志
修改一个退出时可能导致蓝屏的BUG
v1.0.0.9 更新日志
这个版本优化了R0和R3的通讯协议,并没有做界面上的修改,所以对于用户使用来说感觉和上版没有区别,不过对于SysTracer来说也算是大的改动了,放上来希望大家能帮忙测试一下,多提宝贵意见! :)
v1.0.0.8 更新日志
1. 在界面显示中增加了内核HOOK的详细信息
2. 增加了对网络共享目录中运行程序的监控支持
v1.0.0.7 更新日志
- 修改了界面显示的问题
- 修改了跟踪单个进程不显示的问题
- 修改了若干驱动的问题
v1.0.0.6更新日志:(2011-04-25)
- 重新编写界面程序,提供更友好的日志查看。
- 驱动增加了HOOK检查。
- 修改REPORT文件格式。
- 修改了一些BUG。
VB Magazine January 2012
by niucool on Jan.10, 2012, under Virus Bulletin
Here is the January 2012 issue of VB Magazine.
VB Magazine December 2011
by niucool on Dec.07, 2011, under Virus Bulletin
Here is the December issue of VB Magazine.
VB Magazine October 2011
by niucool on Oct.01, 2011, under Virus Bulletin
Here is the October issue of VB Magazine.
VB Magazine September 2011
by niucool on Sep.02, 2011, under Virus Bulletin
Here is the September issue of VB Magazine.
VB100 August 2011
by niucool on Aug.24, 2011, under Virus Bulletin
For a reader named Thanh, I just uploaded the latest magazine of VB100 (August 2011).
As a Chinese, I noticed two Chinese Anti-virus companies: Qihoo and Rising are also in the list. According to the test results, they are surely not in the same level.
Qihoo is rising, while Rising is sinking.
DirMon updated to v1.0.1
by niucool on Aug.06, 2011, under System Research
Actually in most cases, we don’t need to use the mighty sword like SysTracer or FileMon to know what’s happening in your file system. So why not choose the very light weight tool DirMon?
Major features:
- Support all Windows NT platforms: Windows 2000 ~ windows 7 both 32-bit and 64-bit
- Light weight and easy to use, no administrator privilege needed.
- Monitor all changes in a directory with flexible options.
Change history:
v1.0.1 (2011-08-05)
- Support both Chinese and English
Please download the latest version of DirMon here.
Virus Bulletin Magazine July & August 2011
by niucool on Aug.05, 2011, under Virus Bulletin
3 Comments :magzine, virus bulletin more...
Exception Handler in Windows 64-bit
by niucool on Jul.19, 2011, under System Research
Structured Exception Handling (SEH) is a very important mechanism in Windows operating system. The most famous article describing SEH in Windows 32 bits is from Windows wizard Matt Pietrek: A Crash Course on the Depths of Win32™ Structured Exception Handling .
On the x64, Microsoft changes its way to handle exception. You could still use __try and __except to catch and handle exceptions, but the internal implements are totally changed by Microsoft. There are still some good articles talking about the x64 SEH:
A good article for major concepts: Exceptional Behavior – x64 Structured Exception Handling
Series of articles in depth: Programming against the x64 exception handling support
So why should we learn these details if we could still use __try and __except to handle all exceptions? The answer is: when you port your code from 32-bit to 64-bit, your SEH might not work if your code is dynamically generated. You have to use new Win64 APIs RtlInstallFunctionTableCallback and RtlAddFunctionTable to manually handle your code exceptions. Furthermore, some PE packers might not work when processing Win64 PE files since they could not take advantage of Win32 SEH tricks any more.
iAppleTracker——Windows下查看iPhone/iPad记录的GPS信息
by niucool on Apr.26, 2011, under System Research
这是一个在Windows下运行的iPhone/iPad GPS日志查看器,开发这个小东西花了我两个晚上。原始想法来源于iPhoneTracker,关于这个软件的实现原理和常见问题都可以在前面那个网址上查到。区别在于iPhoneTracker是运行在MAC OS上的,我这个程序是运行在Windows下的,当然前提是您曾经使用过iTunes进行了备份。
iAppleTracker的下载地址请点这里。
程序主界面:
查询后的结果:
-
Tools for Download
SysReveal.zip v1.0.0.72 
ThreatenReveal.zip v1.0.0.24 
SysTracer.zip v1.0.0.11 Our tool-sets are under developing, only latest versions are available.
Please send your feedback to: epocsoft@gmail.com