PDA

View Full Version : Hooking Windows API



ScriptGod
29.08.2004, 12:52
Operating System: Windows 2000 Professional
Burning Software: Nero 6.3.1.10
Anti-virus Software: AntiVir 6.27 / VICE 2.0
DAEMON Tools Version: 3.46

Hello,

I have a little question... Why does the Daemon Tools Driver hook some Windows APIs like NtOpenKey, NtEnumrateKey etc.? Some tools indentify this as a rootkit technic...

cya
ScriptGod

Development
29.08.2004, 13:25
If it does it then obviously there IS need for it.
Such method also is used eg by Regmon and other system applications and there is nothing unusual in it.
It is standard way of hooking APIs and surely cannot be used as method to "identify" something. So it is problem only of those tools if they see something bad in this.

If you have more questions on this then you can mail me to venom386@daemon-tools.cc