Reputation: 2555
How to check if a process is being hooked?
Is their a a way to see if an application is being hooked? I want to be able to see if an application is being hooked, and if so maybe see what exactly is being hooked? I am not sure if this is possible but I would like to know. I am just looking for a prexisting application that does this to monitor some processes.
Upvotes: 3
Views: 1680
Answers (1)
Reputation: 5607
There are lots of different methods to hook functions. Some are easy to detect, some are harder.
HookShark is capable of detecting quite a lot of the common hooking methods.
On thing that it cannot detect is hooking via vtable replacement in object instances. The intruder replaces the vtable pointer at the beginning of a dynamically allocated object with a pointer to his faked vtable where the functions to be hooked are redirected. No program from the outside can detect this because it cannot know what chunks of memory are vtable pointers.
Upvotes: 1
Related Questions
- Monitoring application calls to DLL
- how to hook all new processes in Windows
- How to disable an hooking to my process?
- How can I monitor activity in a process that I spawned?
- How to detect an external program monitoring your process?
- Hooking into a running process to monitor its status
- Checking if an API is monitored (hooked?)
- Hook processes
- C# Hook Windows Processes to Check for Debugging Processes
- Monitoring windows processes