APIHookCheck Results

Checks started on 02 April 2004 14:42.16

Checking imports from KERNEL32.DLL for discrepancies

API Address	API Name	API Hooked By	Remarks
10001420	FindNextFileW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
100014B0	FindFirstFileW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001890	CreateProcessW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001810	CreateProcessA	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001380	LoadLibraryA	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
100013C0	LoadLibraryW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001970	WriteConsoleA	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
100019D0	WriteFile	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001910	WriteConsoleW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space

Total number of imported APIs checked : 717

Checking exports of KERNEL32.DLL for discrepancies

API Address	API Name	API Hooked By	Remarks
10001810	CreateProcessA	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001890	CreateProcessW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
100014B0	FindFirstFileW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001420	FindNextFileW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001380	LoadLibraryA	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
100013C0	LoadLibraryW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
77E87E7C	ReadFile	(unknown)	API contains instruction that jumps to 7FFA3A74, this is outside KERNEL32.DLL's memory space
10001970	WriteConsoleA	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
10001910	WriteConsoleW	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space
100019D0	WriteFile	C:\WINNT\System32\apihookdll.dll	API exists outside KERNEL32.DLL's memory space

Total number of exported APIs checked : 826

Checking imports from ADVAPI32.DLL for discrepancies

API Address	API Name	API Hooked By	Remarks
10001B90	CreateProcessAsUserA	C:\WINNT\System32\apihookdll.dll	API exists outside ADVAPI32.DLL's memory space
10001A50	CreateProcessWithLogonW	C:\WINNT\System32\apihookdll.dll	API exists outside ADVAPI32.DLL's memory space
10001AF0	CreateProcessAsUserW	C:\WINNT\System32\apihookdll.dll	API exists outside ADVAPI32.DLL's memory space

Total number of imported APIs checked : 401

Checking exports of ADVAPI32.DLL for discrepancies

API Address	API Name	API Hooked By	Remarks
10001B90	CreateProcessAsUserA	C:\WINNT\System32\apihookdll.dll	API exists outside ADVAPI32.DLL's memory space
10001AF0	CreateProcessAsUserW	C:\WINNT\System32\apihookdll.dll	API exists outside ADVAPI32.DLL's memory space
10001A50	CreateProcessWithLogonW	C:\WINNT\System32\apihookdll.dll	API exists outside ADVAPI32.DLL's memory space
77DB1CF0	EnumServiceGroupW	(unknown)	API contains instruction that jumps to 7FFA435E, this is outside ADVAPI32.DLL's memory space
77DC34DC	EnumServicesStatusA	(unknown)	API contains instruction that jumps to 7FFA43C1, this is outside ADVAPI32.DLL's memory space
77DC7EA0	EnumServicesStatusExA	(unknown)	API contains instruction that jumps to 7FFA4487, this is outside ADVAPI32.DLL's memory space
77DE54FC	EnumServicesStatusExW	(unknown)	API contains instruction that jumps to 7FFA4421, this is outside ADVAPI32.DLL's memory space

Total number of exported APIs checked : 564

Checking imports from PSAPI.DLL for discrepancies

No Discrepancies

Total number of imported APIs checked : 19

Checking exports of PSAPI.DLL for discrepancies

No Discrepancies

Total number of exported APIs checked : 19

Checking imports from IPHLPAPI.DLL for discrepancies

No Discrepancies

Total number of imported APIs checked : 46

Checking exports of IPHLPAPI.DLL for discrepancies

No Discrepancies

Total number of exported APIs checked : 117

Checking imports from SNMPAPI.DLL for discrepancies

No Discrepancies

Total number of imported APIs checked : 26

Checking exports of SNMPAPI.DLL for discrepancies

No Discrepancies

Total number of exported APIs checked : 38

Checking imports from NETAPI32.DLL for discrepancies

No Discrepancies

Total number of imported APIs checked : 151

Checking exports of NETAPI32.DLL for discrepancies

No Discrepancies

Total number of exported APIs checked : 317

Checking kernel32.dll's imports from NTDLL.DLL for discrepancies

No Discrepancies

Total number of imported APIs checked : 330

Checking exports of NTDLL.DLL for discrepancies

API Address	API Name	API Hooked By	Remarks
77F87F0C	LdrLoadDll	(unknown)	API contains instruction that jumps to 7FFA41E9, this is outside NTDLL.DLL's memory space
77F83DA8	NtCreateFile	(unknown)	API contains instruction that jumps to 7FFA488D, this is outside NTDLL.DLL's memory space
77F83C5F	NtDeviceIoControlFile	(unknown)	API contains instruction that jumps to 7FFA45F7, this is outside NTDLL.DLL's memory space
77F86E21	NtEnumerateKey	(unknown)	API contains instruction that jumps to 7FFA3E1C, this is outside NTDLL.DLL's memory space
77F85D3A	NtEnumerateValueKey	(unknown)	API contains instruction that jumps to 7FFA3F11, this is outside NTDLL.DLL's memory space
77F86AF1	NtOpenProcess	(unknown)	API contains instruction that jumps to 7FFA4828, this is outside NTDLL.DLL's memory space
77F8593C	NtQueryDirectoryFile	(unknown)	API contains instruction that jumps to 7FFA3CF0, this is outside NTDLL.DLL's memory space
77F83B3F	NtQuerySystemInformation	(unknown)	API contains instruction that jumps to 7FFA3B5E, this is outside NTDLL.DLL's memory space
77F839D2	NtQueryVolumeInformationFile	(unknown)	API contains instruction that jumps to 7FFA4527, this is outside NTDLL.DLL's memory space
77F8ECBF	NtReadVirtualMemory	(unknown)	API contains instruction that jumps to 7FFA3FE9, this is outside NTDLL.DLL's memory space
77F8669A	NtResumeThread	(unknown)	API contains instruction that jumps to 7FFA3DC1, this is outside NTDLL.DLL's memory space
77F96D62	NtVdmControl	(unknown)	API contains instruction that jumps to 7FFA3D52, this is outside NTDLL.DLL's memory space
77F83DA8	ZwCreateFile	(unknown)	API contains instruction that jumps to 7FFA488D, this is outside NTDLL.DLL's memory space
77F83C5F	ZwDeviceIoControlFile	(unknown)	API contains instruction that jumps to 7FFA45F7, this is outside NTDLL.DLL's memory space
77F86E21	ZwEnumerateKey	(unknown)	API contains instruction that jumps to 7FFA3E1C, this is outside NTDLL.DLL's memory space
77F85D3A	ZwEnumerateValueKey	(unknown)	API contains instruction that jumps to 7FFA3F11, this is outside NTDLL.DLL's memory space
77F86AF1	ZwOpenProcess	(unknown)	API contains instruction that jumps to 7FFA4828, this is outside NTDLL.DLL's memory space
77F8593C	ZwQueryDirectoryFile	(unknown)	API contains instruction that jumps to 7FFA3CF0, this is outside NTDLL.DLL's memory space
77F83B3F	ZwQuerySystemInformation	(unknown)	API contains instruction that jumps to 7FFA3B5E, this is outside NTDLL.DLL's memory space
77F839D2	ZwQueryVolumeInformationFile	(unknown)	API contains instruction that jumps to 7FFA4527, this is outside NTDLL.DLL's memory space
77F8ECBF	ZwReadVirtualMemory	(unknown)	API contains instruction that jumps to 7FFA3FE9, this is outside NTDLL.DLL's memory space
77F8669A	ZwResumeThread	(unknown)	API contains instruction that jumps to 7FFA3DC1, this is outside NTDLL.DLL's memory space
77F96D62	ZwVdmControl	(unknown)	API contains instruction that jumps to 7FFA3D52, this is outside NTDLL.DLL's memory space

Total number of exported APIs checked : 1187