The archive is password protected and you must provide the captcha code to download. Use WinRar or the latest 7-Zip to open the file. The results.

The software has been reviewed at Softpedia and analyzed manually by UC malware analysts. The feedback has been positive so far.

The software contains functionality that may trigger a false positive in some AV's. The software does not perform any functions without the user's consent. One of the example being, if the user wants to intentionally inject, for whatever reasons a DLL into game or whatever process. An AV may consider this functionality to be malicious.

Downloads: 6,647

The password: mY6RWpWMtAXdD2FT


Please enter the text you see (case insensitive). The listed characters must be entered clockwise starting from twelve o'clock.


The software "C" kernel driver (included in the professional version) enables arbitrary kernel memory to be read and written (R W) without the need to enable kernel debugging, and you can also scan the entire user space memory and the kernel physical memory with the tool.

And that's not all. You can browse and edit the kernel arbitrary memory. The memory viewer is able to draw the kernel memory in real time. This functionality is a big help in windows internals research and malware analysis.

You can purchase the professional version of the software using this link: HEX DEREF PRO

If you previously encountered false positivies in any prior version of the sofware in some AV's. The rename protection for methods in the obfuscator was the cause. For a commercial .NET executable, you want to use a method renamer to make reversing process of your software more time consuming. To backup my claim. Check the report for v1.09 of the software.

For those who does not know what method renamer actually does. A method looks like this in a .NET executable:

public bool NoMethodRenamerWasUsed() {. . . }
public bool UusCqxyOA3BL8OUNoQnEO2RcHHx () { . . . } // The rename protection was used for methods, constants and variables

The latter was enough to make 1/3 of AV's that are listed at to deem your software, that has been clean since the day one, as a trojan.