search

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
https://systeminformer.sourceforge.io
MIT License
10.6k stars 1.36k forks source link

Ability to enumerate registered hooks #1947

Open TETYYS opened 6 months ago

TETYYS commented 6 months ago

Description of the feature, modification, idea or suggestion

I think someone asked about this before in old PH forum, but I would like to have it here again since I feel like there are more capabilities with SystemInformer.

There is no application that I know of that has ability to enumerate and display global hooks. I imagine the reason is that the structure where these hooks are stored is undocumented and probably in kernel memory somewhere, but undocumented things don't stop SystemInformer, do they?

This capability would help to detect keyloggers or applications causing system instability. If one hooks WH_MOUSE_LL and returns from callback function with a delay, user will feel that delay in his cursor movement.

Proposed implementation details (optional)

No response

TETYYS commented 6 months ago

also related https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-registerhotkey , but thats a completely different thing that would require a completely different implementation

TETYYS commented 6 months ago

Ok nevermind this is where I remember seeing it - https://github.com/tigros/HookTools. I'm just gonna leave the issue in case you want to consider it for integration into SystemInformer