RootkitRevealer

Sysinternals RootkitRevealer
Developer(s)	Bryce Cogswell and Mark Russinovich
Final release	1.7 / November 1, 2006;18 years ago
Written in	Microsoft C++
Operating system	Windows XP and Windows Server 2003
Platform	IA-32
Size	231 KB
Available in	English
Type	Security software
License	Closed-source freeware
Website	technet.microsoft.com/en-us/sysinternals/bb897445

Last updated February 28, 2025

RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich.^[2]^[3]^[4] It runs on Windows XP and Windows Server 2003 (32-bit-versions only). Its output lists Windows Registry and file system API discrepancies that may indicate the presence of a rootkit. It is the same tool that triggered the Sony BMG copy protection rootkit scandal.^[5]

RootkitRevealer is no longer being developed.^[1]^: 08:16

References

1 2 Russinovich, Mark; Margosis, Aaron (28 July 2011). Mark Russinovich and Aaron Margosis: Introducing Windows Sysinternals Administrator's Reference. Channel 9 . Microsoft Corporation. Retrieved 10 November 2011.
↑ Kleiman, D.; Hunter, L.E. (2006). Winternals Defragmentation, Recovery, and Administration Field Guide. Syngress. p. 143. ISBN 978-0-08-048987-2 . Retrieved 2025-02-28.
↑ Pyles, J. (2009). PC Technician Street Smarts: A Real World Guide to Comptia A+ Skills. Serious skills. John Wiley & Sons, Incorporated. p. 380. ISBN 978-0-470-59351-6 . Retrieved 2025-02-28.
↑ Todd, A.; Benson, J.; Peterson, G.; Franz, T.; Stevens, M.; Raines, R. (2007). "Analysis of Tools for Detecting Rootkits and Hidden Processes". Advances in Digital Forensics III (PDF). Vol. 242. New York, NY: Springer New York. p. 89–105. doi: 10.1007/978-0-387-73742-3_6 . ISBN 978-0-387-73741-6 . Retrieved 2025-02-28.
↑ Russinovich, Mark (31 October 2005). "Sony, Rootkits and Digital Rights Management Gone Too Far". Mark's Blog. Retrieved 10 November 2011.

This Microsoft Windows software-related article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[ch9-video-1] 1 2 Russinovich, Mark; Margosis, Aaron (28 July 2011). Mark Russinovich and Aaron Margosis: Introducing Windows Sysinternals Administrator's Reference. Channel 9 . Microsoft Corporation. Retrieved 10 November 2011.

[c676-2] Kleiman, D.; Hunter, L.E. (2006). Winternals Defragmentation, Recovery, and Administration Field Guide. Syngress. p. 143. ISBN 978-0-08-048987-2 . Retrieved 2025-02-28.

[c827-3] Pyles, J. (2009). PC Technician Street Smarts: A Real World Guide to Comptia A+ Skills. Serious skills. John Wiley & Sons, Incorporated. p. 380. ISBN 978-0-470-59351-6 . Retrieved 2025-02-28.

[i403-4] Todd, A.; Benson, J.; Peterson, G.; Franz, T.; Stevens, M.; Raines, R. (2007). "Analysis of Tools for Detecting Rootkits and Hidden Processes". Advances in Digital Forensics III (PDF). Vol. 242. New York, NY: Springer New York. p. 89–105. doi: 10.1007/978-0-387-73742-3_6 . ISBN 978-0-387-73741-6 . Retrieved 2025-02-28.

[5] Russinovich, Mark (31 October 2005). "Sony, Rootkits and Digital Rights Management Gone Too Far". Mark's Blog. Retrieved 10 November 2011.

[1]

[2]

[3]

[4]

[5]

v t e Microsoft security products
Numbers in brackets are the years of the initial release of the product.
For Windows	Windows Firewall [2001] Baseline Security Analyzer [2004] Malicious Software Removal Tool [2005] Microsoft Defender Antivirus [2006] Microsoft SmartScreen [2006] Microsoft Safety Scanner [2011]
For Windows Server	Exchange Online Protection [2007] System Center Data Protection Manager [2007] Identity Manager [2010]
Discontinued	MSAV [1993] Threat Management Gateway [1997] Microsoft Security Essentials [2009] OneCare Safety Scanner [2006] Unified Access Gateway [2007] Windows Live OneCare [2006] RootkitRevealer [2006] Enhanced Mitigation Experience Toolkit [2009]
Related topics	Data Execution Prevention Kernel Patch Protection Mandatory Integrity Control MS Antivirus (malware) User Account Control

RootkitRevealer

See also

References