RootkitRevealer

Sysinternals RootkitRevealer
Developer(s)	Bryce Cogswell and Mark Russinovich
Final release	1.7 / November 1, 2006; 18 years ago
Written in	Microsoft C++
Operating system	Windows XP and Windows Server 2003
Platform	IA-32
Size	231 KB
Available in	English
Type	Security software
License	Closed-source freeware
Website	technet.microsoft.com/en-us/sysinternals/bb897445

RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich.^[2]^[3]^[4] It runs on Windows XP and Windows Server 2003 (32-bit-versions only). Its output lists Windows Registry and file system API discrepancies that may indicate the presence of a rootkit. It is the same tool that triggered the Sony BMG copy protection rootkit scandal.^[5]

RootkitRevealer is no longer being developed.^[1]^: 08:16

References

^ ^a ^b Russinovich, Mark; Margosis, Aaron (28 July 2011). Mark Russinovich and Aaron Margosis: Introducing Windows Sysinternals Administrator's Reference. Channel 9. Microsoft Corporation. Retrieved 10 November 2011.
^ Kleiman, D.; Hunter, L.E. (2006). Winternals Defragmentation, Recovery, and Administration Field Guide. Syngress. p. 143. ISBN 978-0-08-048987-2. Retrieved 2025-02-28.
^ Pyles, J. (2009). PC Technician Street Smarts: A Real World Guide to Comptia A+ Skills. Serious skills. John Wiley & Sons, Incorporated. p. 380. ISBN 978-0-470-59351-6. Retrieved 2025-02-28.
^ Todd, A.; Benson, J.; Peterson, G.; Franz, T.; Stevens, M.; Raines, R. (2007). "Analysis of Tools for Detecting Rootkits and Hidden Processes". Advances in Digital Forensics III (PDF). Vol. 242. New York, NY: Springer New York. p. 89–105. doi:10.1007/978-0-387-73742-3_6. ISBN 978-0-387-73741-6. Retrieved 2025-02-28.
^ Russinovich, Mark (31 October 2005). "Sony, Rootkits and Digital Rights Management Gone Too Far". Mark's Blog. Retrieved 10 November 2011.

This Microsoft Windows software-related article is a stub. You can help Wikipedia by expanding it.

v t e Microsoft security products
Numbers in brackets are the years of the initial release of the product.
For Windows	Windows Firewall [2001] Baseline Security Analyzer [2004] Malicious Software Removal Tool [2005] Microsoft Defender Antivirus [2006] Microsoft SmartScreen [2006] Microsoft Safety Scanner [2011]
For Windows Server	Exchange Online Protection [2007] System Center Data Protection Manager [2007] Identity Manager [2010]
Discontinued	MSAV [1993] Threat Management Gateway [1997] Microsoft Security Essentials [2009] OneCare Safety Scanner [2006] Unified Access Gateway [2007] Windows Live OneCare [2006] RootkitRevealer [2006] Enhanced Mitigation Experience Toolkit [2009]
Related topics	Data Execution Prevention Kernel Patch Protection Mandatory Integrity Control MS Antivirus (malware) User Account Control