P. 1
Malwares

Malwares

|Views: 702|Likes:

More info:

Published by: Markus Johan Kiril Klyver on Jan 14, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/20/2013

pdf

text

original

type

Rootkit detection and removal

oS

Windows nt, 2000, XP, Vista

Hardware

License

Freeware

nIAP Validated

no

Common Criteria

Developer

not identifed (Internet domain registered
by “Domain Discreet” in Portugal)

Availability

http://www.gmer.net/

GMER v1.0.15.14972

Section 4 Anti-Malware Tools

159

IA Tools Report

Abstract

Detour-style hooks are often indicative of malicious

code attempting to co-opt OS processes.

HookExplorer scans all loaded DLLs associated with

a process, then scans their import tables for hijacked

function pointers in the import address table. Te

frst instruction for each function pointer is then

disassembled and examined to try to detect standard

detour-style hooks that may be present. Te tool can

optionally also scan every function in the image

export table for detour-style hooks, one of the few

scans possible for dynamically-loaded DLLs.

iDefense HookExplorer

type

Rootkit detection (unauthorized hook
detector)

oS

Windows with VisualBasic 6 runtime
libraries and Microsoft Common Controls
object Linking and embedding Control
eXtension

Hardware

License

GPL

nIAP Validated

no

Common Criteria

Developer

iDefense Labs (owned by VeriSign)

Availability

http://labs.idefense.com/fles/labs/
releases/previews/HookExplorer/

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->