Detailing the Hookers

Sorry to crush your hopes but this isn't a post about my new job as a prostitute army drill sergeant. Nope, it's just another post of me shilling my wares.

In some distant part of the mists o'time, I wrote a little tool who purpose was to report pending messages and other misc info for a thread and the windows it owns. It's safe to say this was tangentially useful at best.

That was until I saw somebody, somewhere, ask if there was a tool that would or could list currently active Windows hooks and had an idea. After that idea sank (pineapple juice and tea do not go together even if you like them both), I went and stuck hook enumeration together with message and window enumeration to add to my previous work of desktop heap enumeration. Yep, if you need things enumerating, you can count on me.

So here we have it, MsgLister + hooks = MsgHookLister. The download zip contains the source for the app and the driver that pokes into undocumented Windows structures as well as x64 and x86 binaries.

A screenie of window mode
Posted Image

And of hook mode - how exciting
Posted Image

Hmm, what to enumerate now...

Jul 11 2011 02:07 AM
If you make your command Windows full screen then we won't see the "This copy of Windows is not genuine" message on the Desktop. ;)

It looks like an interesting tool, however as a programmer I'm more interested in how it works. Are you planning to explain how it works at all?


