Jump to content

  • Log In with Google      Sign In   
  • Create Account




- - - - -

Detailing the Hookers

Posted by , 01 July 2011 · 405 views

Sorry to crush your hopes but this isn't a post about my new job as a prostitute army drill sergeant. Nope, it's just another post of me shilling my wares.

In some distant part of the mists o'time, I wrote a little tool who purpose was to report pending messages and other misc info for a thread and the windows it owns. It's safe to say this was tangentially useful at best.

That was until I saw somebody, somewhere, ask if there was a tool that would or could list currently active Windows hooks and had an idea. After that idea sank (pineapple juice and tea do not go together even if you like them both), I went and stuck hook enumeration together with message and window enumeration to add to my previous work of desktop heap enumeration. Yep, if you need things enumerating, you can count on me.

So here we have it, MsgLister + hooks = MsgHookLister. The download zip contains the source for the app and the driver that pokes into undocumented Windows structures as well as x64 and x86 binaries.

A screenie of window mode
Posted Image

And of hook mode - how exciting
Posted Image

Hmm, what to enumerate now...






If you make your command Windows full screen then we won't see the "This copy of Windows is not genuine" message on the Desktop. ;)

It looks like an interesting tool, however as a programmer I'm more interested in how it works. Are you planning to explain how it works at all?

Thanks
Ben

Trackbacks for this entry [ Trackback URL ]

There are no Trackbacks for this entry

December 2016 »

S M T W T F S
    12 3
45678910
11121314151617
18192021222324
25262728293031