Most computer users remember the scandal of the Sony BMG rootkit few years ago, where the company rootkit functions as the computer systems that are installed distributed with some of his music CDs. Rootkits are still not a major threat to many as. It is more likely to be infected by a virus or a trojan with a rootkit. Rootkits are designed to hide in a computer system, to avoid detection by normal security programs and system tools makes them dangerous.
Code Walker is a rootkit-detection software that was developed by a forum member from Sysinternals. The current version is 0.24b has been released in the software program is clearly a work in progress. It is a portable software from local drives or removable drives can be done.
The safety program proposes a thorough analysis of the computer system at startup, it does take a few minutes. You can use this in-depth analysis that will lead directly to the main program interface. The main interface uses tabs to display different types, including system processes, the hidden code, and hack kernel mode user mode.
Connected hard disks on the right side with the option to select all or some of them for a scan is shown. The same cycle has been proposed at the beginning of the program is carried out below. The results are displayed in the registers after the completion of the scan.
The developer explains his program:
For hidden driver detection, you can test it with some pretty well hidden driver PoC such as phide_ex and many builds of Rustock.B variants. Although you have to use the “Hardcore Scan” method to detect them.
For code hooking detection, the engine walks all the branches of scanned module i.e any execution path of it to detect modification (btw, that’s why i call it CodeWalker). IMHO, It can detect code hooking very well especially with rootkits that place abnormal hooks like Rustock.C (FF25 & FF15 – jmp/call dword ptr [abc]) tho there’re still some problems with false-positive hooks/modifications.