FileLook:: Tells CF to extract file properties of a file. Does not delete file. File Properties are only available for PE files DirLook:: Tells CF do list out the contents of the folder 簡單來說一個是看檔案性質 一個是看資料夾內容清單 因為我覺得似乎沒有很實用....所以就沒有介紹過來了 XD RootKit:: C:\Windows\System32\drivers\rootkit.sys You should use it for ALL rootkit-hidden files. Unlike Collect:: it will not rely solely on Catchme & shall not be hampered by FAT32 file-systems. It wont collect samples nor create a submit.zip. The files will be moved to C:\QooBox\Quarantine\c\windows\system32 or wherever their original locations are. can be used on any type of files. As long as it exist on the machine, be it hidden or not. 這個新增的指令似乎是針對Rootkit的... 沒有實戰經驗... --

※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.114.123.109