Even madExcept's .BPL module hooks (loaded by Delphi) are detected. Of course the purpose of such is a tool is simple, discovering existing hooks can help you diagnose your system, especially if you find instability between hooking packages or just want to know what process hooks what. I have not included any sort of "unhook" option in DbgHook, kX-Ray does this for any type of hook, kernel or user mode. I feel that in doing so I would be "working against" what Madshi has spent a lot of time developing so please do not ask me for such an option. If you absolutely need that option you can download my other program "kX-Ray".
I would appreciate any feedback if you find this utility useful. For best performance please run DbgHook.exe more than once, you'll find that after scanning one time, the second scan and any thereafter will be much faster. This week I plan to add support for IAT hook detection so I will post an updated build when I have the free time to do it. Email bindshell
Debug Hook v1.2
32-bit OS support only (at present)
2K, XP, 2K3, Vista
Note:
Debug Hook is Ring3 Code ONLY so it requires no driver. Do not let this fool you however, it doesn't use standard methods for enumerating processes, opening them or reading memory, all of these APIs are emulated and are part of my Symbiote Project.
*Vista users* You must right-click DbgHook.exe and choose "Run as Administrator" so that Debug Hook has sufficient access rights.
Download Installer
--Iconic
reflink: http://forum.madshi.net/viewtopic.php?t=4739