Zitat von
Bernhard Geyer:
Du kannst ja mal googeln ob du aus den verfügbaren Sourcecode zu Quelloffenen Rootkit-Remove Kits was herausfindest.
Bei Ring0 Rootkits, ohne Treiberprogrammierung, und ohne genialem Windows Sysinternal know how, nicht die geringste Chance,
etwas zu finden.
http://www.delphibasics.info/home/de...hunterbyms-rem
detector for hidden processes. It has several listing methods to detect processes, making use of native apis and kernel mode drivers (The screenshot details complete available options). The article shows how the author of Process Hunter, Ms-Rem, created the application, describing the concepts used in detail alongside code executing those concepts.
Full source code of Process Hunter is attached at the bottom of the page.