XueTr Changelog =============== Change log: 2011-12-03 V0.45: *Fixed several bugs. 2011-11-09 V0.44: *Added computer examination feature *Fixed several bugs. 2011-09-12 V0.43: *Fixed several bugs. 2011-08-30 V0.42: *Fixed several bugs. 2011-06-25 V0.41: *Added WinIO enumeration feature *Fixed several bugs. 2011-06-06 V0.40: *Improved NTFS ADS scan *Fixed several bugs. 2011-03-02 V0.39: *Improved kernel hook scan *Improved object hook scan *Fixed several bugs. 2010-11-30 Special version for www.52pojie.cn: *Added worker thread enumeration feature *Fixed several bugs. 2010-10-01 V0.37: *Added mouse driver irp hook scan *Added user32.ll:_apfnDispatch hook scan *Added LSP/Safeboot repair feature *Added list and remove feature for hidden reg *Fixed several bugs. 2010-07-16 V0.36: *Added GDT detection feature *Added Object Hijack detection feature for detecting the TDL3 malware *Fixed one potential BSOD 2010-07-07 V0.35: *Fixed one potential BSOD *Fixed several bugs. 2010-05-16 V0.34: *Added MBR Rootkit detection feature *Added Input Method Editor(IME) enumeration feature *Added classpnp\atapi\acpi irp hook scan *Fixed two potential BSODs *Fixed several bugs. 2010-04-01 V0.33: *Added Hot key enumeration feature *Added Process's timer enumeration feature *Added Windows Firewall rules display *Fixed several bugs. 2009-12-20 V0.32: *Fixed a potential BSOD *Fixed a bug in deleting folders on FAT partitons 2009-12-13 V0.31: *Several bugs fixed *Added common filetype assosiations *Added a configuration file 2009-11-22 V0.30: *Fixed two potential BSODs *XueTr now can highlight suspicious images *Various internal improvements to explorer 2009-10-08 V0.29: *XueTr now fully supports Windows 7 Build 7600 x86 *Added option to prevent switching destop *Added option to prevent locking workstation *Added kernel bugcheck callback list and remove feature *Improved kernel hook scan 2009-07-07 V0.28: *Added:XueTr now displays IE context menu *Added option to prevent system time modification *Added list and remove feature for CmpCallback *Fixed a bug in registry hive parse *Fixed one autorun entry enumeration bug 2009-05-28 V0.27: *Full support Windows Vista SP2 and Windows Server 2008 SP1 x86 *Fixed a bug handling null-embeded registry keys *Fixed a bug in display of function index for Ring3 hook scan *Added file force delete support for exFAT file system *Several internal improvements 2009-04-27 V0.26: *Fixed out of memory issue on unusual scenario 2009-04-25 V0.25: *Fixed a rare driver load failure issue *Added Force Shutdown feature *Added support for Safe Mode 2009-04-10 V0.24: *Added DPC Timer enumeration feature *Added Unload Modules Globally feature *Added Kernel Module Load Order display *Added delay delete file feature *Added file attributes display *Improved ability to track double jumps in kernel code hook scan *Improved unknown image identification for kernel hooks *Fixed a bug in retrieving Shadow SSDT address *Fixed a bug in FAT32 file system analysis *Improved right menu,more feature to explorer 2009-03-22 V0.23: *Improved message hook scan:XueTr now displays thread id and image name *Improved prevent registry creation feature,added defense from RegRestoreKey method *Improved file search *Fixed a diver bug 2009-03-15 V0.22: *Added Traditional Chinese language support *Added Find Files feature *Fixed a bug in parsing file properties *Fixed a ObjectType hook display issue *Fixed a bug XueTr failed to delete service config registry in some cases 2009-03-01 V0.21: *Fixed a bug in SPI display *Reduced some false positives in kernel module scan *Fixed a file verification issue *XueTr now supports maximuming its child windows *XueTr now supports displaying process modules in sub window *Fixed a bug XueTr may hang when deleting some driver's notifications *Added prevent Registry Creation feature *Added Lock File After Deletion feature *Added Who Locked Me Viewer feature in file list 2009-02-16 V0.20: *Added support for Windows 7 Beta(test) *Added PE digital signature verification *Added Find Unsigned Modules feature *Improved thread information viewer,XueTr now displays modules for thread entries *Added defense from some kind of dll injection *Added defense from fake process id *XueTr now reports code inject on startup *Added driver service name display in kernel module list *Several bugs fixed 2009-02-05 V0.19: *XueTr's disk analysis now supports exFAT file system *Added termintate process & delete file feature in process list *Added File Corporation display 2009-02-02 V0.18: *Added more autorun entries display *Added Find Module feature in process list *Reduced some false positives in kernel module scan *Fixed a driver deadlock issue 2009-01-30 V0.17: *Added remove message hook feature *Added Process Window Viewer and Manipulator *Added prevent system log off,shutdown & restart feature 2009-01-26 V0.16: *XueTr now can auto select its internal language *Added prevent process,thread,file creation,image load and message hook installation feature *Added registry hive live analysis feature *Added self defense *Improved kernel hook scan *Fixed some GUI bugs 2009-01-17 V0.15: *Added Suspend and Resume Process feature *Added disk analysis for NTFS,FAT32,FAT16 partitions(on by default) 2009-01-06 V0.14: *Added ObjectType hook scan *Fixed an issue XueTr failed to enum files in removable devices *Fixed a GUI bug 2009-01-02 V0.13: *Improved GUI display *Added IE Plugin,SPI,Common Autorun Entries,Image Hijack and Hosts File Viewer *Fixed a bug displaying filters 2008-12-22 V0.12: *Fixed an incompatibility issue with Micropoint 2008-12-11 V0.11: *Fixed some bugs XueTr failed to initialize in some cases