PC Hunter V1.56发布,支持Win10(17763)

PC Hunter是一个Windows系统信息查看软件,同时也是一个手工杀毒辅助软件。

2019年01月31日发布V1.56版本。

免费版本下载地址:本地下载(md5:16893D2B5A1E96D04F82BD2D55F2241D)
其中PCHunter32.exe是32位版本,PCHunter64.exe是64位版本。

本工具目前初步实现如下功能:

1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除
9.注册表编辑
10.进程iat、eat、inline hook、patches检测和恢复
11.文件系统查看,支持基本的文件操作
12.查看(编辑)IE插件、SPI、启动项、服务、Host文件、映像劫持、文件关联、系统防火墙规则、IME
13.ObjectType Hook检测和恢复
14.DPC定时器检测和删除
15.MBR Rootkit检测和修复
16.内核对象劫持检测
17.WorkerThread枚举
18.Ndis中一些回调信息枚举
19.硬件调试寄存器、调试相关API检测
20.枚举SFilter/Fltmgr的回调
21.系统用户名检测

免责声明:这只是一个免费的辅助软件,如果您使用本软件,给您直接或者间接造成损失、损害,本公司概不负责。从您使用本软件的一刻起,将视为您已经接受了本免责声明。

Posted on 2月 1, 2013 at 10:45 by admin · Permalink
In: 原创工具

498 Responses

Subscribe to comments via RSS

  1. Written by amy
    on 2018-10-16 at 21:55
    回复 · Permalink

    大哥,17763加载驱动失败哦,希望能看到。

  2. Written by EricCartman
    on 2018-10-17 at 23:29
    回复 · Permalink

    你好,请问怎样开启自我保护功能?电脑中了病毒后无差别关闭进程,除了360坚挺着,其他软件包括你的软件一旦打开就被关闭。

  3. Written by null
    on 2018-10-22 at 21:41
    回复 · Permalink

    把强力删除文件加到右键菜单呗。

  4. Written by davise
    on 2018-10-26 at 20:40
    回复 · Permalink

    支持大神

  5. Written by 匿名
    on 2018-11-10 at 22:10
    回复 · Permalink

    avast自我防护给自动杀掉了

  6. Written by szfz
    on 2018-11-21 at 09:05
    回复 · Permalink

    能开发个右键强制删除软件吗,试过很多这类,都没有PC Hunter强大。很多别的软件删不掉的PC Hunter都能搞定,只是PC Hunter需要打开并定位到目录才能找到文件,效率低。

  7. Written by haiy
    on 2018-11-22 at 15:43
    回复 · Permalink

    请问什么时候支持1809?

  8. Written by 匿名
    on 2018-11-23 at 09:53
    回复 · Permalink

    系统更新到1809就不能用了,提示驱动未加载

  9. Written by keccak
    on 2018-12-17 at 19:40
    回复 · Permalink

    不支持server 2019 datacenter

  10. Written by Air
    on 2019-01-04 at 21:30
    回复 · Permalink

    大佬为何用wosign的数字证书呢?wosign名声很差啊。

  11. Written by huber Bogdani
    on 2019-01-10 at 06:48
    回复 · Permalink

    hello

    Thank you for your good program (pchunter).

    I need Command line version of your program.

    Please send me the download link, even if the old version is available.

    thank you

  12. Written by pedoc
    on 2019-01-14 at 10:58
    回复 · Permalink

    不支持win10 1809

  13. Written by 匿名
    on 2019-01-29 at 11:48
    回复 · Permalink

    win10 1809用不了,请快点儿更新吧,谢谢

  14. Written by samui
    on 2019-02-03 at 14:03
    回复 · Permalink

    真的感谢您能够一直更新

  15. Written by zzkse
    on 2019-02-06 at 08:28
    回复 · Permalink
  16. Written by 过客
    on 2019-02-17 at 20:58
    回复 · Permalink

    感谢老哥的感谢!!

  17. Written by 匿名
    on 2019-02-27 at 11:53
    回复 · Permalink

    感谢一直更新,win10又能用了

  18. Written by 匿名
    on 2019-02-28 at 00:19
    回复 · Permalink

    17763不就是1809么 你们喊啥啊

  19. Written by 匿名
    on 2019-03-05 at 19:25
    回复 · Permalink

    大哥,17763加载驱动失败哦,希望能看到

  20. Written by King
    on 2019-04-03 at 10:07
    回复 · Permalink

    你好,我想跟你交换下友链!

  21. Written by BlitheHusky
    on 2019-04-12 at 15:32
    回复 · Permalink

    老哥,18362.53加载驱动失败了,19H1快发布了,记得及时适配哦。

  22. Written by 笑熬浆糊
    on 2019-04-26 at 11:04
    回复 · Permalink

    老哥,windows 1903驱动加载失败了!

  23. Written by love889
    on 2019-04-30 at 16:28
    回复 · Permalink

    多年一直使用的利器,刚更新到 win10 1903 驱动无法加载了

  24. Written by 娄巴迪
    on 2019-05-16 at 00:21
    回复 · Permalink

    十万火急,最新的2019年4、5月份的各类Windows更新包打完后,使用PCHunter任何版本(包括最新版),点击任意核心功能tab,立马蓝屏,报0x0000001e错误。希望作者能尽快修正问题。谢谢!

  25. Written by hqduyjs
    on 2019-05-21 at 06:24
    回复 · Permalink

    Спасибо за информацию!!!!!

  26. Written by woca007
    on 2019-05-25 at 10:56
    回复 · Permalink

    有毒啊,打开就把电脑搞死了

  27. Written by xuing
    on 2019-05-25 at 12:18
    回复 · Permalink

    最新1903系统。提示加载驱动失败0.0

  28. Written by 11552
    on 2019-05-25 at 20:54
    回复 · Permalink

    Win10 1903系统。提示加载驱动失败 麻烦更新一下

  29. Written by 匿名
    on 2019-05-31 at 17:45
    回复 · Permalink

    Please update new version for Windows 10 1903.

  30. Written by Juda
    on 2019-06-02 at 02:40
    回复 · Permalink

    Prawdopodobnie, niestety nie będzie już jakichkolwiek aktualizacji dla PC Hunter, ponieważ USA blokują aktualizacje dla Huawei .

  31. Written by Juda
    on 2019-06-02 at 02:40
    回复 · Permalink

    Probably, unfortunately, there will no longer be any updates for PC Hunter, because the US is blocking updates for Huawei.

  32. Written by Elliott
    on 2019-06-07 at 16:18
    回复 · Permalink

    1903不能用,提示驱动未加载

  33. Written by qqq
    on 2019-06-14 at 15:03
    回复 · Permalink

    windows2008下打开出现蓝屏

  34. Written by aaa
    on 2019-06-15 at 16:33
    回复 · Permalink

    遇到了于楼上一样的问题,windows7 64位,安装了最新更新,发现所有的pchunter打开后,点击核心功能模块立马蓝屏,编号为0x0000001e

  35. Written by 匿名
    on 2019-06-17 at 10:26
    回复 · Permalink

    WIN7 4月份之后的版本 点开驱动列表就会蓝瓶

  36. Written by Elliott
    on 2019-06-18 at 19:21
    回复 · Permalink

    1903不行,,

  37. Written by breakplus
    on 2019-06-20 at 13:19
    回复 · Permalink

    蓝屏啊

  38. Written by yloko
    on 2019-06-24 at 02:03
    回复 · Permalink

    PCHunter
    在检测驱动类的时候,会引发蓝屏,具体原因不明

  39. Written by PchunterFans
    on 2019-06-25 at 11:59
    回复 · Permalink

    …………………………………..
    3: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff800046ebcc6, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: 0000000000000008, Parameter 1 of the exception

    Debugging Details:
    ——————

    *** WARNING: Unable to verify timestamp for PCHunter64ar.sys
    *** ERROR: Module load completed but symbols could not be loaded for PCHunter64ar.sys
    *************************************************************************
    *** ***
    *** ***
    *** Either you specified an unqualified symbol, or your debugger ***
    *** doesn’t have full symbol information. Unqualified symbol ***
    *** resolution is turned off by default. Please either specify a ***
    *** fully qualified symbol module!symbolname, or enable resolution ***
    *** of unqualified symbols by typing “.symopt- 100”. Note that ***
    *** enabling unqualified symbol resolution with network symbol ***
    *** server shares in the symbol path may cause the debugger to ***
    *** appear to hang for long periods of time when an incorrect ***
    *** symbol name is typed or the network symbol server is down. ***
    *** ***
    *** For some commands to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: ExceptionRecord ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Either you specified an unqualified symbol, or your debugger ***
    *** doesn’t have full symbol information. Unqualified symbol ***
    *** resolution is turned off by default. Please either specify a ***
    *** fully qualified symbol module!symbolname, or enable resolution ***
    *** of unqualified symbols by typing “.symopt- 100”. Note that ***
    *** enabling unqualified symbol resolution with network symbol ***
    *** server shares in the symbol path may cause the debugger to ***
    *** appear to hang for long periods of time when an incorrect ***
    *** symbol name is typed or the network symbol server is down. ***
    *** ***
    *** For some commands to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: ContextRecord ***
    *** ***
    *************************************************************************

    OVERLAPPED_MODULE: Address regions for ‘PCHunter64ar’ and ‘USBSTOR.SYS’ overlap

    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000469f100
    GetUlongFromAddress: unable to read from fffff8000469f1c8
    0000000000000000 Nonpaged pool

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 – 0x%08lx

    FAULTING_IP:
    nt!SeCreateAccessStateEx+126
    fffff800`046ebcc6 8b06 mov eax,dword ptr [rsi]

    BUGCHECK_STR: 0x1E_c0000005_R

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

    PROCESS_NAME: PCHunter64.exe

    CURRENT_IRQL: 0

    ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

    EXCEPTION_RECORD: fffff8800dcaa2e8 — (.exr 0xfffff8800dcaa2e8)
    ExceptionAddress: fffff800046ebcc6 (nt!SeCreateAccessStateEx+0x0000000000000126)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 0000000000000000
    Parameter[1]: 0000000000000008
    Attempt to read from address 0000000000000008

    TRAP_FRAME: fffff8800dcaa390 — (.trap 0xfffff8800dcaa390)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000001
    rdx=fffff8a016f039ce rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800046ebcc6 rsp=fffff8800dcaa520 rbp=fffff8800dcaa649
    r8=000000000000000f r9=0000000000000000 r10=fffff8800dcaa610
    r11=fffff8800dcaa600 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz na pe nc
    nt!SeCreateAccessStateEx+0x126:
    fffff800`046ebcc6 8b06 mov eax,dword ptr [rsi] ds:00000000`00000000=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER: from fffff8000457c9e8 to fffff80004495aa0

    STACK_TEXT:
    fffff880`0dca9b18 fffff800`0457c9e8 : 00000000`0000001e ffffffff`c0000005 fffff800`046ebcc6 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0dca9b20 fffff800`044a3f42 : fffff880`0dcaa2e8 00000000`00000000 fffff880`0dcaa390 00000000`00000008 : nt!KiDispatchException+0x1c8
    fffff880`0dcaa1b0 fffff800`044a1c62 : 00000000`00000000 00000000`00000008 b8000003`d3d21800 00000000`00000000 : nt!KiExceptionDispatch+0xc2
    fffff880`0dcaa390 fffff800`046ebcc6 : fffffa80`0c76c7a0 fffff880`0dcaa600 fffff880`746c6644 fffff880`0dcaa600 : nt!KiPageFault+0x422
    fffff880`0dcaa520 fffff800`046c409d : 00000000`00000000 fffff880`0dcaa649 00000000`00000000 00000000`00000000 : nt!SeCreateAccessStateEx+0x126
    fffff880`0dcaa570 fffff880`047828ed : 00000000`00000000 fffff880`0dcaa649 00000000`04ef0040 ffffffff`80000620 : nt!SeCreateAccessState+0x35
    fffff880`0dcaa5b0 00000000`00000000 : fffff880`0dcaa649 00000000`04ef0040 ffffffff`80000620 00000000`00000000 : PCHunter64ar+0x618ed

    STACK_COMMAND: kb

    FOLLOWUP_IP:
    PCHunter64ar+618ed
    fffff880`047828ed ?? ???

    SYMBOL_STACK_INDEX: 6

    SYMBOL_NAME: PCHunter64ar+618ed

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: PCHunter64ar

    IMAGE_NAME: PCHunter64ar.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 5b728e12

    FAILURE_BUCKET_ID: X64_0x1E_c0000005_R_PCHunter64ar+618ed

    BUCKET_ID: X64_0x1E_c0000005_R_PCHunter64ar+618ed

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:x64_0x1e_c0000005_r_pchunter64ar+618ed

    FAILURE_ID_HASH: {b194f66a-a64d-1b0b-ab3e-745983fff316}

    Followup: MachineOwner
    ———

    最新版一直会蓝屏,打开驱动管理或者启动项分页都会蓝屏

  40. Written by 凌云神风
    on 2019-06-28 at 19:59
    回复 · Permalink

    姚哥,我是在公安内网用的,现在一机两用貌似封杀了pchunter,只有xuetr可以运行了,修改名字也不行了,这个能解决吗

  41. Written by 匿名
    on 2019-07-02 at 18:53
    回复 · Permalink

    win7更新补丁后回蓝屏

  42. Written by 匿名
    on 2019-07-08 at 22:19
    回复 · Permalink

    蓝屏 一开始好好的,点别的选项卡就蓝屏,说是一个sys文件引发的:(

  43. Written by andrey5processorx64
    on 2019-07-10 at 13:48
    回复 · Permalink

    Thanks big! Super program!
    But some features are missing: full editing “REG_binary” keys Registry (modify binary data) AND modify “REG_multi_sz” keys Registry! Very necessary!
    PLEASE, add this features!

  44. Written by andre5processorx64
    on 2019-07-10 at 13:50
    回复 · Permalink

    谢谢大! 超级节目!
    但一些功能缺失:完全编辑”REG_binary”键注册表(修改二进制数据)和修改”REG_multi_sz”键注册表! 非常有必要!
    请添加此功能!

  45. Written by 匿名
    on 2019-07-16 at 14:52
    回复 · Permalink

    KB4503269这个补丁必蓝

  46. Written by xiaoyue
    on 2019-07-24 at 10:10
    回复 · Permalink

    win10 1903 无法加载驱动,望更新

  47. Written by 123
    on 2019-07-29 at 01:28
    回复 · Permalink

    PC Hunter V1.56 里面,检查更新跳转的网址,还是老域名。

  48. Written by 匿名
    on 2019-08-05 at 14:09
    回复 · Permalink

    为什么直接加在驱动失败啊

  49. Written by xswuch
    on 2019-08-10 at 06:14
    回复 · Permalink

    系统已更新到18362 加载驱动失败,期待更新

  50. Written by 匿名
    on 2019-08-10 at 17:28
    回复 · Permalink

    大神,快更新吧,1903发布好几个月了

Subscribe to comments via RSS

Leave a Reply