FLISTER for Windows

Discussion in 'other security issues & news' started by nick s, Jan 25, 2005.

Thread Status:
Not open for further replies.
  1. nick s

    nick s Registered Member

    Nov 20, 2002
    Found a new tool for detecting the presence of rootkits:

    FLISTER for Windows (Tools section) and FLISTER - uncovering files hidden by Windows rootkits

    "FLISTER is a proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. FLISTER works on Windows 2000, XP and 2003."

    As an example, if run on a system compromised by Hacker Defender (1.0), you will get an "error while scanning directory (err = 0xc000000f)" when it detects a hidden file. In the pic, the hidden file's name starts with "hx" and is not visible in Explorer (on the left).


    Attached Files:

Thread Status:
Not open for further replies.