WKE is a free but powerful Windows kernel research tool. It supports from Windows XP to Windows 10, 32-bit and 64-bit. Compare to popular tools (such as WIN64AST and PCHunter), WKE is a highly customizable tool and it can run on the latest Windows 10 without updating binary files.
Main Features:
- Process management (Module, Thread, Handle, Memory, Window, Windows Hook, etc.)
- File management
- Registry management
- Kernel-mode callback, filter, timer, NDIS blocks and WFP callout functions management
- Kernel-mode hook scanning (MSR, EAT, IAT, CODE PATCH, SSDT, SSSDT, IDT, IRP, OBJECT)
- User-mode hook scanning (Kernel Callback Table, EAT, IAT, CODE PATCH)
- Memory editor and symbol parser (it looks like a simplified version of WINDBG)
- Protect process, hide/protect/redirect file or directory, protect registry and falsify registry data
- Path modification for driver, process and process module
- Enable/disable some obnoxious Windows components