Dvrscan scan is an advanced tool created by ekknod for scanning PE images / PCI devices / EFI memory tables. All though there are instructions on the GitHub repo. We have made additional instructions for normal people to follow. Either path should lead to success. In the download box we have downloaded the archive from ekknods website and password protected it to prevent bots from scanning the file on our server. If you wish to download directly from ekknod’s website the URL is provided also. Please note you may need a VPN to access ekknod’s website.

Credits:

ekknodekknod

File Download (Winrar required): Download

File Password: “phoenix”

Original Download: https://ekknod.xyz/forum/index.php?action=software

File MD5: 27be65fa2bc81fb885f8121610768a049ac7bd6bc757f26e0f5646b88be3c6cf

File Scan: https://www.virustotal.com/gui/file/27be65fa2bc81fb885f8121610768a049ac7bd6bc757f26e0f5646b88be3c6cf?nocache=1

Instructions

Download and extract the dvrscan archive where ever you want. Run cmd (command prompt) as admin and type:

bcdedit -set testsigning ON

Hit enter.

Navigate to your dvrscan folder. Go into the “unsigned” folder and right click the driver.inf file and click install.

You should get a window popup suggesting you to restart your computer. Click yes on this popuup.

After reboot, open cmd as admin and cd to your dvrscan folder.

If your dvrscan folder is on your desktop you will type:

cd C:/Users/[input your username]/Desktop/dvrscan

Use the other slash if your copy/pasting

For this example we are going to use the command “Client.exe –scanpci” (two dashes). Your output of the command should be similar as to below.

Click here or scroll to the bottom of the page for the full command list.

Uninstall driver (DO NOT SKIP THIS)

Once you are done using dvrscan you will need to revert your system back to normal.

Navigate to C:/Windows/System32/Drivers and locate “driver.sys”

Rename “driver.sys” to “driver.sys_”

Run cmd as admin and enter:

bcdedit -set testsigning OFF

Reboot your computer after this and your done.

Resources

Command list:

  • –scan scan target process memory changes
    • –pid (optional) target process id
    • –usecache (optional) we use local cache instead of original PE files
    • –savecache (optional) dump target process modules to disk
  • –scanefi scan abnormals from efi memory map
    • –dump (optional) dump found abnormal to disk
  • –scanpci scan pci cards from the system
    • –advanced (optional) test pci features
    • –block (optional) block illegal cards
    • –cfg (optional) print out every card cfg space
    • –bar (optional) print out every card bar space

scan system / process integrity
https://github.com/ekknod/drvscan
56 forks.
250 stars.
2 open issues.

Recent commits: