I am deverloping a security app now, my app has a input-password form, so I need a module to prevent another spy program stealing my password. Hence, there is a HARD question in my mind now, that is, how can detect if there is any spy program running in back ground which uses low level keyboard hook to steal my password.
I have worked hard and asked a lot of questions to try to solve this, but I still can not. But I think you - Experts - could give me a solution, so I submit this Q to Codeguru.com and hope some of you could help me.
Thanks so much,
Here is one sample of spy program: Sample KeyLogger
and my job is to detect this kind of software, which currently running in back ground?
you can register your own low level hook before showing your input-password form and NOT call CallNextHookEx, thus preventing the other hooks from getting notifications.
You will release your hook when the form closes.
Anyway, I can't guarantee your hook will be always called before any other one installed... you'll have to try it.
But the psy App I said above (Sample KeyLogger), it has a timer, and re-hook every one second, so it allways stay in lower layer than me. I don't think it is good way to create my timer with smaller interval and do the same (rehook every ticktime).
So now I am thinking about installing API Hook to detect if any spy app which calls function "SetWindowHookEX", if yes I will reinstall my KeyBoard Hook to put it in lower level and note user about Spy App. But I am not sure that I can do it and maybe it is very dificult for me. So I need more help?
Right now I could not find out another way (the best), could any one of you known, please tell me?
The API interception technique is a powerful possibility, but I might suggest the possibility of just not processing the hook request of other apps instead of fighting for supremacy in the hook chain, as that could easily cause the hook chain to grow unbounded if the other app does verifications that its hook is receiving messages...
"It's hard to believe in something you don't understand." -- the sidhi X-files episode
AlanMason, Thank you very much,
You gave me much help. You understand deeply about OS, more more deeper than I can.
About solution for windows2000/XP I have a new Ideal and would like to have your opinion?
When ever I show my input-password form I will do the followings before that:
-register my own low level keyboard hook and and NOT call CallNextHookEx when users type in my form - as Puzzolino mentioned.
-also before this time, I will hook the API function: SetWindowsHookEx to detect if any spy app try to install keyboard hook (call SetWindowsHookEx) within the user-typing-password time. If yes, I will re-register my own low level keyboard hook to make sure it is in lower layer than spy app, and also let user known about the spy app (kill it or not).
But I don't known is it OK or not, so I need more opinions from you.
Thank you in advance,
If any of you have a Ideal, please let me know, it will be helpful for me.
Hey , here is one more idea ..
Develop your own password box , (which dont support giving text to anybody with WM_GETTEXT, this can be done very easily and I will leave this on you). Then have a thin keyboard filter driver which waits on EVENTs , now whenever your password box has focus then you triger the event so that the keyboard filter driver start's reading the keys , ( it should read the keys but not let 'em reach to any app,I mean dont pass the keystokes onwords from filter driver ) this will cause a problem ,that your password box wont get any key stroke events .But as user completes typing password and press enter you send anather triger to event , now the Filter driver can safely store the keys pressed which your password box can read.
From your ideal, I have just googled the word "keyboard filter driver" and found this program is very good one, using keyboard filter driver: http://www.anti-keylogger.net
It can detect any program that tends to monitor keyboard actions, and ask user for dicision...
I wish I could do like this, but I think it is very dificult for me, right now I don't know how to do, where to start.
So, if you have any experience please give me advices. It would be very useful for me.