| View previous topic :: View next topic |
| Author |
Message |
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
 Posted: Sat Jul 15, 2006 5:46 pm Post subject: DiamondCS Advanced Process Manipulation |
|
|
Released on July 16, 2006 (Australia time), so hot off the presses (maybe, it is hard to tell from their web site the actual release date, although this is the first time I have noticed this program):
"Freeware process exploration and manipulation tool
What is DiamondCS APM?
DiamondCS APM is an advanced process/module viewer and manipulation utility that allows unique control over target processes by becoming a part of them.
Take control of a process by becoming a part of it
Unlike conventional process viewers, DiamondCS APM doesn't control processes by remotely sending them instructions. Instead, APM safely attaches a part of itself to the target process, essentially becoming a part of that process. Once 'inside', APM is free to perform actions on behalf of the target process. For example, if it calls the ExitProcess API call, the target process terminates.
Control processes in ways that aren't conventionally possible
Because of this 'insider' nature, APM is able to do some remarkable things that aren't otherwise possible. For example, it can determine the commandline of any process by making it call the GetCommandLine API function. It can use FreeLibrary and LoadLibrary to unload and load DLLs into the process (allowing you to make plugins for virtually any program!). It can even determine which ports the target process is using! APM has even been used here in our lab to disinfect an explorer.exe-infecting rootkit-style trojan from a test machine, making it an excellent anti-trojan tool."
http://www.diamondcs.com.au/index.php?page=apm
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
 |
wawadave
Special Response Team
Special Response Team
Joined: Nov 22, 2002
Posts: 21503
Location: Installing Vista http://tinyurl.com/2l9qyd
|
|
| Back to top |
|
|
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5394
|
| Posted: Wed Jul 19, 2006 1:44 am Post subject: |
|
|
APM is a great system analysis tool. You can use it to spot malware that tries to hide by running within the context of another process thru DLL injection. APM allows you to unload the infective DLL so it can be safely eliminated.
ProcessGuard by DiamondCS is also a highly effective rootkit/malware preventative. Version 3 has just been released. Many trojans attempt to disable your security programs as part of their MOI, but ProcessGuard will still be actively protecting you should that happen.
| Quote: | | It is considered by experts to be a must-have program for all users of Windows, and is the only program available that can prevent the infection of all known rootkit trojans. |
_________________
Negster22 - MS MVP - Consumer Security 2006-2008 
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16543
|
| Posted: Wed Jul 19, 2006 2:56 am Post subject: |
|
|
Is ProcessGuard similar to WinPatrol? If so would one suffice?
|
|
| Back to top |
|
|
miekiemoes
Security Expert
Premium Member
Joined: Oct 20, 2004
Posts: 1130
Location: Belgium
|
|
| Back to top |
|
|
wawadave
Special Response Team
Special Response Team
Joined: Nov 22, 2002
Posts: 21503
Location: Installing Vista http://tinyurl.com/2l9qyd
|
|
| Back to top |
|
|
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
| Posted: Wed Jul 19, 2006 4:06 pm Post subject: |
|
|
| Ikeb wrote: | | Is ProcessGuard similar to WinPatrol? If so would one suffice? |
No, they are actually quite dissimilar. As I understand it, WinPatrol watches for system changes. When one occurs, it asks whether or not you want to permit the change to happen.
PG stops programs, processes, services and drivers from running completely unless they have actively permitted to run. It also prevents dll injections and rootkits from worming their way into the Windows kernal.
I use both, along with Prevx1, ZAP, AVG (network version), SpywareGuard, SpywareBlaster, plus Spybot S&D immunization; and, then run everything behind a SonicWALL TZ-170 with active gateway AV, anti-spyware and intrusion prevention all done at a packet level scan.
Yep, I like protection.
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
