Author Topic: RootKit Hook Analyzer: Check for kernel rootkit hooks on your Windows system.  (Read 2512 times)

0 Members and 1 Guest are viewing this topic.

Software Santa

  • Administrator
  • *****
  • Posts: 4445
RootKit Hook Analyzer: Check for kernel rootkit hooks on your Windows system.

Check for active kernel rootkits on your system

New: version 2.00 adds support for Windows x64 edition

RootKit Hook Analyzer is a security tool which will check if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. If any of these system services are intercepted and modified it means that there is a possibility that the safety of your system is at risk and that spyware, viruses or malware are active.

Are kernel hooks always bad ?

Kernel hooks are out of fashion these days and not officially documented and considered deprecated by Microsoft. The pioneering heroes of the old days who discovered how to actually implement them have all adopted the new fashion of advising against using kernel hooks as a programming practice. Often kernel hooks are unnecessary because there are documented ways which allow a programmer to achieve his goal. However in a lot of system tools such as monitoring and antivirus software, kernel hooks are the only available technique to get the difficult job done and thus an unavoidable necessary evil. Important is that if your kernel system services are hooked that you can find out which is the responsible software that makes use of these techniques. Inspired by all the discussions going on about the Sony CD protection rootkit, we have developed the RootKit Hook Analyzer.

RootKit Hook Analyzer will tell you what kernel hooks are active on your system. It displays all kernel system services along with their base addresses, responsible modules as well as product names companies and module descriptions. If no hooks are active on your system it means that all system services are handled by NTOSKRNL.EXE, the principal base component of most Windows operating systems which is developed by Microsoft. All you have to do to find out what kernel hooks are installed on your system is press the Analyze button at the bottom of the screen. RootKit Hook Analyzer also allows you to view installed system modules and drivers with their base addresses as well as file and product information as well as the responsible companies.

The RootKit Hook Analyzer is for free and runs on Windows XP, 2000 and 2003 Server on both 32 and 64 bit editions. 

Categories: Microsoft Windows - system security - rootkit detection


This Site was Opened on January 1st, 2007

Welcome Visitor:

Spam Harvester Protection Network
provided by Unspam

The Software Santa Privacy Policy