Grouped Access Tools (GAT)

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Post Reply
Message
Author
User avatar
SkylerLyon
Posts: 7
Joined: Sat Nov 08, 2008 12:13 pm
Contact:
Contact SkylerLyon

#16 Post by SkylerLyon »

Well right now GAT doesn't use the lower level NT API so it has less access, but I could use that API to get it. As for further hidden process detection I could make prevention code that would stop any new and unwanted threads and modules. The WriteProcessMemory API will be harder to prevent.
Top
User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:
Contact m^(2)

#17 Post by m^(2) »

You can compare your executable file and it's memory image + do the same with all system libraries.
Preventing unwanted ones seems hard as system libraries can load different things in different OSes.
BTW will you tell me how do you detect hidden processes? Please... :)
Top
User avatar
SkylerLyon
Posts: 7
Joined: Sat Nov 08, 2008 12:13 pm
Contact:
Contact SkylerLyon

#18 Post by SkylerLyon »

Well what I mean is this:

Do a module enumeration of GAT, see if there are modules that aren't on the default list, then wiping and terminating the module.
Create a timer that does thread enumeration of GAT, see if there are any extra threads that shouldn't be there, then suspend and terminate those threads.
Top
User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:
Contact m^(2)

#19 Post by m^(2) »

SkylerLyon wrote:Well what I mean is this:

Do a module enumeration of GAT, see if there are modules that aren't on the default list, then wiping and terminating the module.
Create a timer that does thread enumeration of GAT, see if there are any extra threads that shouldn't be there, then suspend and terminate those threads.
I think that warning about threads is better than killing. Or at least you should ask the user what to do. It may cause issues with legit 3rd party extensions.
Top
User avatar
SkylerLyon
Posts: 7
Joined: Sat Nov 08, 2008 12:13 pm
Contact:
Contact SkylerLyon

#20 Post by SkylerLyon »

There is always going to be 3rd party issues with API hooking prevention. So either I go with automatic prevention, detection and user asked prevention, or a more advanced way of hidden process detection.
Top
User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:
Contact m^(2)

#21 Post by m^(2) »

SkylerLyon wrote:There is always going to be 3rd party issues with API hooking prevention. So either I go with automatic prevention, detection and user asked prevention, or a more advanced way of hidden process detection.
I'd recommend the second or (if you have some ideas) the 3rd option. Or actually combination of these 2.
Top
User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

#22 Post by I am Baas »

Grouped Access Tools updated. Version 1.8 available @ http://zone-dev.com/gat.php
Top
User avatar
webfork
Posts: 10821
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:
Contact webfork

Re: Grouped Access Tools (GAT)

#23 Post by webfork »

Old thread update: site offline, here's a few possible mirrors:

Grouped Access Tools - Free download and software reviews - CNET Download.com
https://download.cnet.com/Grouped-Acces ... 17575.html

Grouped Access Tools (free) download Windows version
https://en.freedownloadmanager.org/Wind ... -FREE.html

Grouped Access Tools free Download
https://softwiki.net/Grouped_Access_Tools.html
Top
Post Reply

Return to “Portable Freeware Submission”