Grouped Access Tools (GAT)

[I am Baas]

Grouped Access Tools (GAT) is a very powerful tool that is designed to fight malware, debug applications, software and games, by a means of accessing, editing, analyzing, and manipulating the software. It is able to open processes that are running or start new programs. The user can do very many tasks to the process, such as: suspend, wipe it's memory, terminate, crash, force close, edit it's memory, search for values, and memory dump. Grouped Access Tools has other tools such as running in system mode, running Explorer in system mode, logging processes, and a format converter.

Download stand alone version (1.4 Beta, 325 kb)

[Kranor]

Program is not standalone

When trying to launch it directs you to a website to download a package that must be installed for gat to work these include

6 different DLL's
activex controls
and a .cab file containing copies of these files
Gat looks for these files via absolute paths. So you are unable to move these to the program folder to make it work.

This one is NOT portable in anyway.

Sorry try again

[I am Baas]

Sorry try again

There's a stand alone version available for download but you were probably too lazy to read to the end of my post or look for the portable version download link yourself.

GAT should run without the need to download any extra package/ DLLs/ activeX controls/ etc. It writes however to the registry @
HKEY_CURRENT_USER\Software\VB And VBA Program Settings\Grouped Access Tools\Settings and
HKEY_CURRENT_USER\Software\VB And VBA Program Settings\Grouped Access Tools

[I am Baas]

Oh, don't give me that "sorry try again" bullocks. When was the last time you made a submission?

[garbanzo]

thanks for the post Baas. the standalone version works nicely, and i don't mind some reg entries for something like this

[Kranor]

The stand alone version was the version that I used, I got this on a direct download from the zone dev site prefering as always to research an app before I use it and not follow links blindfolded. I tried it on a total of 8 computers, 7 of which it failed to run in each case asking for the add on pack. Installation of the addon pack requires admin rights.

Oh and Baas ...up yours....

[I am Baas]

Grouped Access Tools (GAT) now at version 1.5

-Release Notes-

· 1.5 Stable:
· Redesigned the Command Pancrav interface to have 5 tabbed command lines
· Added new Auto Process type: None
· Added File menu
· Added various safegaurds
· Fixed "Invalid use of Null" crash
· Fixed Overflow Crash
· Fixed Open Browser Windows Media Edition bug
· Fixed Find DLL software hang up
· Fixed File Properties software hang up
· Fixed Go To File's Folder software hang up
· Fixed Set Normal File Attributes software hang up
· Fixed Auto File's log scroll stop bug
· Fixed Auto Process' log scroll stop bug
· Fixed Auto File's finite log bug
· Fixed Auto Process' finite log bug

[SkylerLyon]

Hello, I am Skyler the creator of Grouped Access Tools. I just wanted to notify everyone that I fixed the portable version along with many other fixes.

Here is a link to the page:

http://zone-dev.com/gat.php

Release Notes:

· 1.7 Stable:
· Included required files package in install
· Fixed required files package for the portable version
· Fixed portable version
· Faster install

· 1.6 Stable:
· Redesigned Auto Process to handle processes that were previously instantiated
· Added new commands to Command Pancrav
· Fixed Windows 64bit File and Process Information hang up
· Fixed process enumeration bugs
· Fixed various memory leaks
· Fixed Value Search -> SearchEx -> Decreased By

[m^(2)]

Nice, thanks.

[SkylerLyon]

I will also make some youtube tutorials on how to fight malware with GAT. Stay tuned

[m^(2)]

Suggestion: Would be nice if user could dismiss dialogs (i.e. search) with Esc.
And a help file would be more useful than a youtube movie...
Also, could you elaborate, how do you find hidden processes?
Ring 0, right?

[SkylerLyon]

I am planning on writing a better read me. Hidden Process scanning is automatic. Hidden processes are processes that have rewritten the kernel process table to exclude itself from process enumeration. This causes other process managers to not see their process.

[m^(2)]

I am planning on writing a better read me. Hidden Process scanning is automatic. Hidden processes are processes that have rewritten the kernel process table to exclude itself from process enumeration. This causes other process managers to not see their process.

Yeah, I know. I asked about detection.
BTW there are other ways of hiding a process, i.e. hook on NtQuerySystemInformation. It's better because it works with guest rights.

[SkylerLyon]

Cool, I will implement that. I have had a lot of trouble with user rights in XP 64bit and Vista; so I hope those API will grant me the access in those OSes too.

[m^(2)]

Cool, I will implement that. I have had a lot of trouble with user rights in XP 64bit and Vista; so I hope those API will grant me the access in those OSes too.

I think there's misunderstanding.
NtQuerySystemInformation is what is called by EnumProcesses and Process32First/Next. Also it's called directly by Windows' taks manager.
Application can hide itself by injecting own code to all processes it can access and hooking NtQuerySystemInformation, then filtering the list of processes returned by this function.

I don't think that you can use it somehow to detect a hidden executable.