Announcement

**Dochilt** · 18.11.2005, 19:53

Is possible find rootkits(example of the Sony rootkit) and is possible find the DT if it include a rootkit mode.

**Rahu** · 18.11.2005, 23:49

The problem with rootkits is that if others find out how it chooses what files to hide, they could easily exploit it to hide malicious software :/

**xeroxide** · 19.11.2005, 01:49

Originally Posted by Jellman

Hows it going guys and gals?

Firstly i would like to thank the DT devs for a gr8 app! Im very much looking forward to DT4 64bit.

Secondly i was wondering, in light of this sony root kit scandal, would it be possible to system hook DT? ie Root kit the DT files so that anti virtual drive software cannot find dt? I bet there have been load's 'a posts regarding this, i was just wondering if that is possible, or ethical.

Scott

i believe the spdt layer does this.
but not important. as long as they make it damn hard for others to blacklist it. so far so good.

**DarkStar251** · 19.11.2005, 07:17

Plus, DT will be specifically targeted by the CP vendors. You can bet they already have V4 installed on various machines and are pulling apart piece by piece.

As long as you know exactly what you are looking for, then you can find the files, so hiding D-T via a rootkit would only work till the CP vendors updated.

After all, once you know there is something to look for, and exactly WHAT you are looking for, Sony's Rootkit is very easy to find.

**Sabrehawk** · 19.11.2005, 08:12

prolly damn hard to rootkit something that operates at
the .sys level of the system as a driver and keep it from
bashing your OS to kingdom come.

**Jellman** · 19.11.2005, 15:33

yeh, i guess it would be targeted by cp venders, but lets say, if you system hook dt, in a good way, not that stupid $sys$ crap, thats just stupid. say you write the code so that only the dt files can be hooked. Also all the hooked files have randomly generated names and attrebutes also have random code buffers, so the filesize of the hooked files is random (to a point). So it makes each indevidual install different, ie you could base the randomisation of the hooked file attrebutes on system specs etc. or the time it takes a system to complete a 1k pie calculation or somthing.

Im prolly just being stupid here, just slap me if im being silly, just a thought

**Nemerov** · 19.11.2005, 18:23

At least a registry branch is hidden from the windows API in 3.47, namely:
HKLM\System\ControlSet001\Services\*your_DT_driver _name*\Cfg\0Jf40

**Numanoid** · 28.11.2005, 03:26

Originally Posted by Nemerov

At least a registry branch is hidden from the windows API[/url] in 3.47, namely:
HKLM\System\ControlSet001\Services\*your_DT_driver _name*\Cfg\0Jf40

Yes, I've been wondering about this for sometime. In light of the Sony stuff, people are now starting to ask about it (another other RootkitRevealer issues) on the SysInternals site.

I'm just assuming that whatever it is, it's benign :wink:

Paul

**Jito463** · 28.11.2005, 18:43

Yes, it is quite benign.

Announcement

Rootkit DT

Rootkit DT

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment