What tool can I use to analyze Hooks (SSDT, Inline etc.) on Windows 7 / 2008? (x64 Platform)
Rku (Rootkit Unhooker) is the only tool I know, which is not available for x64 platforms.
Asked
Active
Viewed 1,313 times
1 Answers
2
As Arun suggests, GMER scans for:
- hidden processes
- hidden threads
- hidden modules
- hidden services
- hidden files
- hidden disk sectors (MBR)
- hidden Alternate Data Streams
- hidden registry keys
- drivers hooking SSDT
- drivers hooking IDT
- drivers hooking IRP calls
- inline hooks
And it also run's fine on x64/x86 machines (currently testing it on my x64)
I haven't tested these but they might help:
