Ring3 API Hook Scanner
NoVirusThanks Ring3 API Hook Scanner is a powerful usermode utility to help detect some types of usermode hooks in processes such as inline, IAT and EAT hooks. No driver is needed and detailed information is provided about detected API hooks.
We have developed also the command-line version of the program, it has been included into third-party free security applications, such as Buster Sandbox Analyzer and others, to list usermode hooks. Specific processes can be scanned via command-line or all currently running processes can be scanned as well.
Available command-line parameters:
Scan every running process: Ring3Scan_Cmdline.exe /pid:all Scan only the running process with PID 1234: Ring3Scan_Cmdline.exe /pid:1234 Scan only the running process with PID 1234 and redirect output to a file: Ring3Scan_Cmdline.exe /pid:1234 > C:\Ring3Hooks.log
NoVirusThanks Ring3 API Hook Scanner is fully compatible with the following 32-bit and 64-bit Microsoft Windows Operating Systems: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2012, Windows 7, Windows 8, Windows 8.1
Reviewed by Martin Brinkmann for gHacks.net
|Last Updated||04 February 2015|
|Operating System||Windows All (32-bit / 64-bit)|
Recent Changes and Fixes
[04-02-2015] - v18.104.22.168 + Added a button to stop the scan [05-05-2014] - v22.214.171.124 + Minor fixes and optimizations + Optimized the About window [07-04-2014] - v126.96.36.199 + Minor fixes and optimizations + Created an installer version [13-10-2012] - v188.8.131.52 + Fixed the commandline version to not save the file disasm.txt [16-09-2012] - v184.108.40.206 + Fixed bug in IAT hook scan for x86 version