This is the result:
I wrote a quick unhook function but its erratic at best and keeps BSOD'ing me... So I'll update this once I've got that working flawlessly.
If it DOES pick something up, make a note of what it is because it may be perfectly legit. For instance various AV's hook NtOpenProcess to protect its main process. However, if it pics something like NtQueryDirectoryFile chances are you've got a rootkit. However, if it doenst pick anything up... thats a good thing.
In the pic I hooked several items, for demonstration purposes.
Driver: 90% inline assembly, 10% C.
GUI: 100% C++.
If you want, you can download it here: http://www.box.net/shared/q2ird2tchx
Jotti:
Code: Select all
File: SSDTHookScanner.zip
Status: OK
MD5: 3a55afbebe8bda872eaec00e0a85122a
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing