Anti-Rootkit

prasiddutta
prasiddutta used Ask the Experts™
on
Hello,
I need anti-rootkit source in delphi? Anyone can help me. Good presentation appreciate.

prasid
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Guessing here, but the idea of root-kit checking is that the standard libraries and hooks that the OS uses to do standard things are bypassed in order to check their integrity.  Delphi probably has no method of bypassing those without writing big chunks of assembler code.  In other words I don't think Delphi is the right tool for this job.
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

A concrete example of what I referred to in my above comment is given in the above link.  If the OS FindFirstFile/FindNextFile API has been subverted by a rootkit then the anti-rootkit detector has to use a different means to emulate the FindFirstFile/FindNextFile API.  Delphi tends to put a friendly wrapper around these API's to make them easy to use, but that is not what is needed for this type of application.

Author

Commented:
This example don't help me. But thanks, I got a good tool.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

>I got a good tool.

A Delphi tool?

Author

Commented:
No no, which link you provide. This is good tool.
Yes, the tools that Sysinternals wrote are so good that Microsoft bought the company.
In fact Delphi is just as good as C++ in this context. Both need assembly code to do the stuff. No one forces you t ouse the VCL in Delphi, it is just a lot easier....

Author

Commented:
I know Delphi can help me lot? Anyone can help me? Please.
Delphi could be used to write a Root Kit Revealer
You could use a chicken feather to crack open a boiled egg

Life alas is not long enough to pursue even one of the above objectives successfully.  Did you read the bit in that link which said:-

"The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service."

Does that not give an insight into what one is up against?

Author

Commented:
Still I waiting for good and helpful answer.
(1) Delphi is not the language to use for this type of application.

(2) The code that makes up such an application has to second-guess hackers, crackers, malware writers around the world.  If the question "How Do I...?" has to be asked then, with all due respects, the person asking that question needs to choose a more modest target.  To write anti-malware one needs to think like a malware author.
I made a self coding in delphi!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial