Kernel Mode Hooks Window

Vba32 AntiRootkit
Vba32 AntiRootkit Graphic User Interface
Kernel Mode Hooks Window

Kernel Mode Hooks Window

The Kernel Mode Hooks window provides information on the following types of hooks:

SYSENTER hooks
hooks by modifying SSDT table
hooks by modifying Shadow SSDT table
hooks by modifying IDT table
hooks by modifying export tables of main kernel modules
hooks by modifying machine code of functions

The window holds a list of functions which adresses have been replaced with specifying their numbers, names, base addresses, current addresses as well as the names of the modules that have installed the hook.

The hooks installed by the VBA32 driver are coloured in grey. All other modules are displayed in black.

Also the window allows restoring hooks. To do this, select a function and press the Restore button.

Vba32 AntiRootkit hooks main Kernel Mode Hooks Window
Kernel Mode Hooks window

To restore all hooks, press the Restore ALL button.

Warning: Restoring hooks may cause BSOD or system instability as a whole.

Vba32 AntiRootkit

Vba32 AntiRootkit > Kernel Mode Hooks Window

Vba32 AntiRootkit