You are hereProducts / MsgHookLister
MsgHookLister
Introduction
MsgHookLister is a tool that outputs information about windows and their threads, including details of pending messages such as what they are, who sent them, when, and by which method.
And now, that's not all. In this jazzed up version 2.0, MsgLister has grown to love another Win32k/User object type, the simple hook. To further this new love, the ability to scan the system for any and all active global or per-thread Win32 hooks has been added.
Capturing
MsgHookLister works only on Vista and above and on both x86 and x64 architectures.
Window Messages
Message listing displays data regarding unprocessed messages of both queued and non-queued type, that's those sent by PostMessage and the SendMessage family respectively. Thread only messages sent by PostThreadMessage and internal only messages that are processed solely on the kernel side are also included in the output.
Associated Win32 thread state is also reported such as if PostQuitMessage has been called and with what value, if any WM_PAINT, WM_TIMER or WM_QUIT messages are to be generated, and the thread flags.
A technical article on the creation of the first version of MsgLister is available here and on hook finding here.
Hooks
Hook listing does largely the same as above. Unlike message listing which targets a specific window and thread combination, the hook listing enumerates all threads on the system and checks them for targeted hooks. Interactive sessions are then broken down into the Windowstations they contain, and they into Desktops which are probed for global hooks.
Download & Install
The download includes both x86 and x64 binaries as well as the source code, which you'll need the WDK 7.0 to build.
Download Now
Size: 0.97 MB
MD5: dc232c09fce95e18280e12e05ebb2833
SHA1: 267edbe0c6a18baf5610c6158a1073e868f63a45
CRC32: 89dbdf2e