Gynvael
February 5th, 2009, 10:10
Just to inform you guys, I've released the new ExcpHook.
Places to download:
http://www.woodmann.com/collaborative/tools/ExcpHook
http://code.google.com/p/openrce-snippets/
http://gynvael.coldwind.pl/?id=148
Places for feedback:
http://gynvael.coldwind.pl/?id=148
This post.
Places to download:
http://www.woodmann.com/collaborative/tools/ExcpHook
http://code.google.com/p/openrce-snippets/
http://gynvael.coldwind.pl/?id=148
Places for feedback:
http://gynvael.coldwind.pl/?id=148
This post.
Quote:
| ExcpHook Exception Monitor is an exception monitor, made for Windows XP. The monitoring part is kernel-level (technically, in a driver), so in opposite to user-land monitors, ExcpHook does not have to be a debugger for the monitored processes, nor it doesn't have to change their environment/code/data in anyway. Additionally, ExcpHook is not tied up with one process - it monitors every process in the system, letting the user filter out the interesting processes by providing a part of the image name of the process. |
Code:
0.0.4 -> 0.0.5-rc2
* Fixed 100% CPU eating bug
* Rewritten the code to use IOCTL insted of Write/Read
* Added driver status checking mechanism
* Commented the source code, made it more readable
* Fixed multiCPU/multicore race condition possibility
* Fixed BSoD on some systems when patching the kernel
* Added some more spinlocks here and there
* Fixed BSoD on some kernel versions, the signature seeking
mechanism has been changed to a more decent one
* Added general/control register logging/display
* Added image name acquiring from EPROCESS
* Added one-instatnce-at-a-time limit (this is needed due to design)
* Added disasembly display (using diStorm lib)
* Added some more minor things
