I am sorry. But i have to clarify this.
Hookshark is no antirootkit
I see that my tool has been confused with antirootkits. Well it's not.
It is thought for analysing game hacks. Game hacks make many alterations and patches to a game, in very different manners. To look for things a hack might modify, i wrote hookshark.
Unlike other tools, it really compares every module byte by byte and shows relocation hooks. It scans EAT and IAT of EVERY module found. It looks for Hardware-Breakpoints set on Threads. It even detects manually mapped code, through searching intermodular calls and code references. (listed as red sections), which is popular in game hacks, because many anticheats will not search for hack-signatures in private memory rather than in mapped images, assuming Dll-Injection.
My newest version, which will be released September 1st, will also detect Hooks of virtual function methods, intermodular vtable redirections and if you set verbosity high, it will list all modified relocated pointers in data sections. This hasn't been done before.
http://img9.abload.de/img/wutuqmn.png
http://h-3.abload.de/img/vmethods0evy.png
http://img9.abload.de/img/vtablehooksqou2.jpg
http://h-3.abload.de/img/hsharkmh1y.jpg
Anyways. I just wanted to point out that HookShark has no self-defense, only operates in usermode, and is in no way a reliable source of rootkit detection.
==================================
EDIT: HookShark 0.9
http://rapidshare.com/files/416679944/H ... k.rar.html
					
										
																										
            


 
										


