FileLook:: Tells CF to extract file properties of a file. Does not delete file. File Properties are only available for PE files DirLook:: Tells CF do list out the contents of the folder 简单来说一个是看档案性质 一个是看资料夹内容清单 因为我觉得似乎没有很实用....所以就没有介绍过来了 XD RootKit:: C:\Windows\System32\drivers\rootkit.sys You should use it for ALL rootkit-hidden files. Unlike Collect:: it will not rely solely on Catchme & shall not be hampered by FAT32 file-systems. It wont collect samples nor create a submit.zip. The files will be moved to C:\QooBox\Quarantine\c\windows\system32 or wherever their original locations are. can be used on any type of files. As long as it exist on the machine, be it hidden or not. 这个新增的指令似乎是针对Rootkit的... 没有实战经验... --

※ 发信站: 批踢踢实业坊(ptt.cc) ◆ From: 140.114.123.109