This screen shot should show the difference in hooks between PG & AD

Mind you I have Ghostwall installed also.

Exactly, these are the questions i have about this picture:

http://www.wilderssecurity.com/showthread.php?t=107526

???

Controller, it's unclear to me if your screenshot shows all the difference.

It is highly likely that there is a great overlap between kernel hooks for both PG and Appdefend , which isn't reflected in your screenshot.

I would venture a guess that install order, or load order would affect what is being shown.

xmen

yes you are correct. if the two are installed together, you see overlap.
next two screens taken with only AD installed, not PG.

Notice how everything in the log after the yes dissapears with PG enabled and comes back with Pg Disabled.

Disabled PG

Then installing PG and looking at the Log with PG enabled or disabled,
I see Pg occupies the same 6 spaces, AD gets the rest.

Sorry for all the screen shots people. Don't worry I won't flood the site with alot of JPGs.

controler

I did seperate installs of PG and Appdefend (actually Regdefend+appdefend),
in terms of total number of hooks it's almost the same.

Quite surprising given that Appdefend includes Regdefend.

Of the 6 hooks that Appdefend has they include
ZwDeleteKey,
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey

Which are related to control over registry, which PG doesn't do. So this is actually due to Regdefend.

What's surprising to me is that there are hooks in PG not in the appdefend+regdefend combo.

To be clear, those hooks listed above, are in the GSS combo (RD+Appdefend), but not in PG.

But overall the number of hooks in PG is roughly the same as the GSS combo because , there are roughly the same number of hooks used by PG not in GSS combo. You can see those in controller's first screenshot of GSS and PG installed together.

-{ Quote: "To be clear, those hooks listed above, are in the GSS combo (RD+Appdefend), but not in PG.

But overall the number of hooks in PG is roughly the same as the GSS combo because , there are roughly the same number of hooks used by PG not in GSS combo. You can see those in controller's first screenshot of GSS and PG installed together." }-

ProcessGuard covers some areas which AppDefend doesn't (reading process memory) or differently than AppDefend (RegDefend handles normal driver installation through registry, where PG doesnt) , so there is bound to be differences in what they cover.

The next beta(s) will cover more items which need to be protected which I talked about it the beta release thread.