Jump to content

  • Log In with Google      Sign In   
  • Create Account

Detailing the Hookers

Posted by adeyblue, 01 July 2011 · 370 views

Sorry to crush your hopes but this isn't a post about my new job as a prostitute army drill sergeant. Nope, it's just another post of me shilling my wares.

In some distant part of the mists o'time, I wrote a little tool who purpose was to report pending messages and other misc info for a thread and the windows it owns. It's safe to say this was tangentially useful at best.

That was until I saw somebody, somewhere, ask if there was a tool that would or could list currently active Windows hooks and had an idea. After that idea sank (pineapple juice and tea do not go together even if you like them both), I went and stuck hook enumeration together with message and window enumeration to add to my previous work of desktop heap enumeration. Yep, if you need things enumerating, you can count on me.

So here we have it, MsgLister + hooks = MsgHookLister. The download zip contains the source for the app and the driver that pokes into undocumented Windows structures as well as x64 and x86 binaries.

A screenie of window mode
Posted Image

And of hook mode - how exciting
Posted Image

Hmm, what to enumerate now...

If you make your command Windows full screen then we won't see the "This copy of Windows is not genuine" message on the Desktop. ;)

It looks like an interesting tool, however as a programmer I'm more interested in how it works. Are you planning to explain how it works at all?


May 2016 »

222324252627 28