Detecting Main Kernel Modules Export Table Hooks

Vba32 AntiRootkit checks export tables of main kernel modules for hooks by replacing export function addresses with rootkit handlers.

Export tables of the following modules are checked for hooks:

  • ndis.sys
  • hal.dll
  • ntoskrnl.exe

Vba32 AntiRootkit kernel hooks Detecting Main Kernel Modules Export Table Hooks
Detecting main kernel modules export table hooks

To restore detected hooks, use the Restore and Restore All buttons.

 

Detecting Main Kernel Modules Export Table Hooks