Description

For testing were used antirootkit Gmer and Ring3 API Hook Scanner.

The results were zero because neither of them could detect the loaded DLL modules.

Detection efficiency, Inline Hook Scanner Test results of all three tools are on the video:

                                                 

Inline Hook Scanner is a tool that goes through all running processes and lists the attached modules. It recognizes inline hook modules.
The program contains whitelist files which is updatable. The program displays the resulting log with a list of loaded modules.
The program enumeratively goes through the running processes and lists the loaded (hooked) modules.
Malicious modules can be detected by file type.
The program scans the modules at Ring3 level.


Mainframe


Scanning







Versions:
Actual version: 3.9

Version 3.9 - Full program revision.
Version 3.8 - Code revision (Release).
Version 3.7 - Code revision (Debug).
Version 3.6 - Program revision
Version 3.5 - Modifying and revising module access.
Version 3.4 - Test - core modification.
Version 3.3 - update of Whitelist.
Version 3.2 - WhiteList revision.
Version 3.1 - Code revision..
Version 2.3 - Added White List.
Version 2.2 - Add module for detecting loaded libraries.
Version 2.1 - Code revision.
Version 2.0 - Adding access right.
Version 1.5 - Creating the core of process management.
Version 1.0 - Creating the core of process access.

​