How to prevent keyboard hook? Hard question:-/
:confused: I am deverloping a security app now, my app has a input-password form, so I need a module to prevent another spy program stealing my password. Hence, there is a HARD question in my mind now, that is, how can detect if there is any spy program running in back ground which uses low level keyboard hook to steal my password.
I have worked hard and asked a lot of questions to try to solve this, but I still can not. But I think you - Experts - could give me a solution, so I submit this Q to Codeguru.com and hope some of you could help me.
Thanks so much,
Here is one sample of spy program:
Sample KeyLogger
and my job is to detect this kind of software, which currently running in back ground?
:o Below is one victim sample:
http://n-line.co.kr/~dotruong/temp/form.jpg
Experts, please help me!
Thanks very much,
Thanks, pls give me more help
Thanks, Puzzolino,
But the psy App I said above (Sample KeyLogger), it has a timer, and re-hook every one second, so it allways stay in lower layer than me. I don't think it is good way to create my timer with smaller interval and do the same (rehook every ticktime).
So now I am thinking about installing API Hook to detect if any spy app which calls function "SetWindowHookEX", if yes I will reinstall my KeyBoard Hook to put it in lower level and note user about Spy App. But I am not sure that I can do it and maybe it is very dificult for me. So I need more help?
Right now I could not find out another way (the best), could any one of you known, please tell me?
Thanks,
So how can I do to solve it?
Thanks AlanMason very much for your long reply,
But actually, I look puzzled now, I don't known how can do it now. I develop it in both Windows 9X and NT(2000/XP), so what is the best solution for me.
AlanMason, you meant that I can use Hook API to detect spy app-which uses LLKeyboardHook? But Galathaea suggeted that I should not! So, really, I am not able to find out the best solution.
I have also followed the suggestion of Sam Hobbs, but until now I could not find the fit answer for my question - poor my searching skill.
Anyway, thank you very much and hope you could give me more help.
Thanks in advance,
Thanks, I would like to ask more...
AlanMason, Thank you very much,
You gave me much help. You understand deeply about OS, more more deeper than I can.
About solution for windows2000/XP I have a new Ideal and would like to have your opinion?
I have just visit http://www.madshi.net and tried to run some Demos in http://www.madshi.net/madCollection.exe , it is good sample about API Hook. So, now I plan to do like below:
When ever I show my input-password form I will do the followings before that:
-register my own low level keyboard hook and and NOT call CallNextHookEx when users type in my form - as Puzzolino mentioned.
-also before this time, I will hook the API function: SetWindowsHookEx to detect if any spy app try to install keyboard hook (call SetWindowsHookEx) within the user-typing-password time. If yes, I will re-register my own low level keyboard hook to make sure it is in lower layer than spy app, and also let user known about the spy app (kill it or not).
But I don't known is it OK or not, so I need more opinions from you.
Thank you in advance,
If any of you have a Ideal, please let me know, it will be helpful for me.