GetHooks for Windows x86 2k/XP/Vista/7/8

GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.

The source is now available on GitHub.

gethooks usage screenshot

gethooks --help
gethooks --about
gethooks --options
gethooks --examples


GetHooks monitors SetWindowsEx() type hooks. The recognized hooks are:

WH_MSGFILTER(-1)
WH_JOURNALRECORD(0)
WH_JOURNALPLAYBACK(1)
WH_KEYBOARD(2)
WH_GETMESSAGE(3)
WH_CALLWNDPROC(4)
WH_CBT(5)
WH_SYSMSGFILTER(6)
WH_MOUSE(7)
WH_HARDWARE(8)
WH_DEBUG(9)
WH_SHELL(10)
WH_FOREGROUNDIDLE(11)
WH_CALLWNDPROCRET(12)
WH_KEYBOARD_LL(13)
WH_MOUSE_LL(14)

Here's an example:
----------------------------------------------------------------------------[b]
[Found] [HOOK 0x000100E5 @ 0xFE60AA78] [1:07:48 AM  12/4/2011]

Id: WH_CBT
Desktop: Default
Owner/Origin/Target: AvastUI.exe (PID 1536, TID 3972 @ 0xFDBC1C80)
----------------------------------------------------------------------------[e]

Several days of GetHooks monitoring output from one of my Vista SP2 computers can be found here.


Download  rss notification  e-mail notification

  Release     Date     Info  
  1.01  (HTTPS)     December 14, 2011  
  sha1 268257226c9ef94b7a39b1eacbea3d70a092f28a  
  Built on Dec 14 2011 at 00:48:09  
  • Fixed failure to start on some XP and PE operating systems. 
  1.0  (HTTPS)     December 7, 2011  
  sha1 fd9a93a83ea36143a3e4a5e8ee2e40be29822b73  
  Built on Dec 5 2011 at 00:56:22  
  • Initial GetHooks release for XP/Vista/7/8. 

Please review the FAQ and known issues. If you still have questions email me: Jay Satiro <raysatiro$at$yahoo{}com> and put GetHooks in the subject.


Share

Click one of the social sharing buttons below to share GetHooks with other people you know that may find it useful.



Donate

After a lot of research (special thanks to alex$at$ntinternals{}org) I designed and developed GetHooks as free software. The program's estimated cost so far has exceeded $6000 as of October 13, 2011. If you find this program useful and it has saved you time or money then you are welcome to donate time or money.

You can donate time by improving GetHooks via GitHub or you can donate money in support of the work that I've already done by clicking the PayPal donate button below. Please do not donate based on future development.