|
Detecting Shadow SSDT Hooks |
|
Vba32 AntiRootkit checks the integrity of the Win32 subsystem services table (Shadow SSDT). When a hook has been detected, the name of the modified service is displayed with specifying its number in the Shadow SSDT table, basic and current addresses of the service as well as the name of the module that has installed the hook. To restore detected hooks, use the Restore and Restore All buttons. |
