Grouped Access Tools (GAT)

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
User avatar
SkylerLyon
Posts: 7
Joined: Sat Nov 08, 2008 12:13 pm
Contact:

#16 Post by SkylerLyon » Wed Nov 12, 2008 1:15 pm

Well right now GAT doesn't use the lower level NT API so it has less access, but I could use that API to get it. As for further hidden process detection I could make prevention code that would stop any new and unwanted threads and modules. The WriteProcessMemory API will be harder to prevent.

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

#17 Post by m^(2) » Wed Nov 12, 2008 1:31 pm

You can compare your executable file and it's memory image + do the same with all system libraries.
Preventing unwanted ones seems hard as system libraries can load different things in different OSes.
BTW will you tell me how do you detect hidden processes? Please... :)

User avatar
SkylerLyon
Posts: 7
Joined: Sat Nov 08, 2008 12:13 pm
Contact:

#18 Post by SkylerLyon » Wed Nov 12, 2008 1:46 pm

Well what I mean is this:

Do a module enumeration of GAT, see if there are modules that aren't on the default list, then wiping and terminating the module.
Create a timer that does thread enumeration of GAT, see if there are any extra threads that shouldn't be there, then suspend and terminate those threads.

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

#19 Post by m^(2) » Wed Nov 12, 2008 2:00 pm

SkylerLyon wrote:Well what I mean is this:

Do a module enumeration of GAT, see if there are modules that aren't on the default list, then wiping and terminating the module.
Create a timer that does thread enumeration of GAT, see if there are any extra threads that shouldn't be there, then suspend and terminate those threads.
I think that warning about threads is better than killing. Or at least you should ask the user what to do. It may cause issues with legit 3rd party extensions.

User avatar
SkylerLyon
Posts: 7
Joined: Sat Nov 08, 2008 12:13 pm
Contact:

#20 Post by SkylerLyon » Wed Nov 12, 2008 2:13 pm

There is always going to be 3rd party issues with API hooking prevention. So either I go with automatic prevention, detection and user asked prevention, or a more advanced way of hidden process detection.

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

#21 Post by m^(2) » Wed Nov 12, 2008 2:16 pm

SkylerLyon wrote:There is always going to be 3rd party issues with API hooking prevention. So either I go with automatic prevention, detection and user asked prevention, or a more advanced way of hidden process detection.
I'd recommend the second or (if you have some ideas) the 3rd option. Or actually combination of these 2.

User avatar
I am Baas
Posts: 4146
Joined: Thu Aug 07, 2008 4:51 am

#22 Post by I am Baas » Wed Jan 14, 2009 10:20 pm

Grouped Access Tools updated. Version 1.8 available @ http://zone-dev.com/gat.php

User avatar
webfork
Posts: 9103
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Grouped Access Tools (GAT)

#23 Post by webfork » Fri May 22, 2020 6:29 am

Old thread update: site offline, here's a few possible mirrors:

Grouped Access Tools - Free download and software reviews - CNET Download.com
https://download.cnet.com/Grouped-Acces ... 17575.html

Grouped Access Tools (free) download Windows version
https://en.freedownloadmanager.org/Wind ... -FREE.html

Grouped Access Tools free Download
https://softwiki.net/Grouped_Access_Tools.html

Post Reply