Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit


AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect, analyze and restore various kernel modifications and hooks.With its assistance, you can easily spot and neutralize malware, hidden from normal detectors.


  • IDE: Visual Studio 2008
  • Userspace: MFC
  • WDK: WDK7600
  • Third-party Library: Codejock toolkit pro

Code Structure

├── LICENSE                        
├── doc                             (AntiSpy introduction files)
│   ├── Readme.txt 
│   └── 说明.txt
├── icon
│   └── icon.ico
├── src                               
│   ├── Antispy                     (AntiSpy main project)
│   │   ├── Common                  (The common structs&defines,used by userspace&kernel)
│   │   ├── SpyHunter               (Userspace project,written in MFC)
│   │   ├── SpyHunter.sln           (VS2008 solution file)
│   │   └── SpyHunterDrv            (Kernel project)
│   └── ResourceEncrypt             (Encryption tool project)
│       ├── ResourceEncrypt         (Encrypt driver and other resources)
│       ├── ResourceEncrypt.sln     (VS2008 solution file)
│       └── clear.bat
└── tools
    ├── ResourceEncrypt.exe        
    └── TestTools.exe               (Used to test the functionality of Antispy)


Currently,the following features are available(including but not limited to):

Process Manager

  • Display system process and thread basic informations.
  • Detect hidden processes,threads,process modules.
  • Terminate, suspend and resume processes and threads.
  • View and manipulate process handles,windows and memory regions.
  • View and manipulate process hotkeys,privileges,and timers.
  • Detect and restore process hooks incluing inline hooks,patches,iat and eat hooks.
  • Inject dll,dump process memory.
  • Create debug dump,include mini dump and full dump.

Kernel Module Viewer

  • Display kernel module basic information,include image base,size,driver object,and so on.
  • Detect hidden kernel modules.
  • Unload kernel modules.
  • Dump kernel image memory.
  • Display and delete system driver service informations.

Hook Detector

  • Detect and restore SSDT,Shadow SSDT,sysenter and int2e hooks.
  • Detect and restore FSD and keyboard disptach hooks.
  • Detect and restore kernel code hooks including kernel inline hooks,patches,iat and eat hooks.
  • Detect and restore message hooks,both global and local.
  • Detect and restore kernel ObjectType hooks.
  • Display Interrupt Descriptor Table(IDT).

Other Kernel Information Viewer

  • View and remove kernel notifications.
  • View filters for common devices include disk,volume,keyboard and network devices.
  • View IO timers,DPC timers,system threads,and so on.

Registry Manager

  • View and edit system registry.
  • Detect hidden registry entries using live registry hive analysis.

File Manager

  • Display file basic information,include file name,size,attributes,and so on.
  • Detect hidden files.
  • View and delete locked files and folders.

Service Manager

  • Display system services basic informations.
  • Control services status.
  • Modify services startup type.

Autorun Manager

  • Display almost all kinds of system autorun types.
  • Enable,disable or permanently delete autoruns.

Network Viewer

  • Display current network connections,include TCP and UDP informations.
  • View and delete IE plugins and context menu.
  • Display winsock providers(LSP).
  • View and edit hosts file.

Other Tools

  • Hex Editor - View and edit memory,include ring3 process memory and ring0 system memory.
  • Disassembler - Like OllyDBG,support ring3 process memory and ring0 system memory.


  • Custom color settings.

User Interfaces

Process Tree

Process Menu


File Manager

AutoRun Manager

Contact and support author:

November 28, 2019


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments
Đào Trọng Chương

I cant’ to use for win 10 64bit. Thanks it”s only 32bit.

3 years ago

how can i download this app as it wont show in my app store

Atlant Security
1 year ago
Reply to  Hakin9 TEAM

do you ever check what you write? The software supports only 32 bit operating systems, Windows 7 32 bit. It is ANCIENT. It does not work on any modern OS.

1 year ago

As long as it is for Windows, it will never support mindern OSs.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023