CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Join Date
    Oct 2003
    Location
    VN
    Posts
    8

    Smile How to prevent keyboard hook? Hard question:-/

    I am deverloping a security app now, my app has a input-password form, so I need a module to prevent another spy program stealing my password. Hence, there is a HARD question in my mind now, that is, how can detect if there is any spy program running in back ground which uses low level keyboard hook to steal my password.
    I have worked hard and asked a lot of questions to try to solve this, but I still can not. But I think you - Experts - could give me a solution, so I submit this Q to Codeguru.com and hope some of you could help me.

    Thanks so much,

    Here is one sample of spy program:
    Sample KeyLogger
    and my job is to detect this kind of software, which currently running in back ground?

    Below is one victim sample:


    Experts, please help me!
    Thanks very much,

  2. #2
    Join Date
    May 1999
    Location
    Southern California
    Posts
    12,266
    This question was asked a few months ago and I think there were answers. I think I don't know any more than what is in the answers. So see if you can find the previous answers.

  3. #3
    Join Date
    Oct 2002
    Location
    Italy
    Posts
    324
    Hi,
    you can register your own low level hook before showing your input-password form and NOT call CallNextHookEx, thus preventing the other hooks from getting notifications.
    You will release your hook when the form closes.

    Anyway, I can't guarantee your hook will be always called before any other one installed... you'll have to try it.
    Regards,
    Marco Era
    www.marcoera.com

    Latest post on my blog: Back to the Amiga's times

  4. #4
    Join Date
    May 2000
    Location
    Scotland, Livingston.
    Posts
    728
    Registering your own hook and not passing on notifications would not prevent an eavesdropper from installing a hook after you have done so.

    Take a look at CreateDesktop.
    Last edited by Dave McLelland; October 10th, 2003 at 06:24 AM.
    Dave Mclelland.

  5. #5
    Join Date
    Oct 2003
    Location
    VN
    Posts
    8

    Smile Thanks, pls give me more help

    Thanks, Puzzolino,
    But the psy App I said above (Sample KeyLogger), it has a timer, and re-hook every one second, so it allways stay in lower layer than me. I don't think it is good way to create my timer with smaller interval and do the same (rehook every ticktime).

    So now I am thinking about installing API Hook to detect if any spy app which calls function "SetWindowHookEX", if yes I will reinstall my KeyBoard Hook to put it in lower level and note user about Spy App. But I am not sure that I can do it and maybe it is very dificult for me. So I need more help?
    Right now I could not find out another way (the best), could any one of you known, please tell me?

    Thanks,

  6. #6
    Join Date
    May 1999
    Location
    Southern California
    Posts
    12,266
    Search for previous answers.

  7. #7
    Join Date
    Sep 2002
    Posts
    1,747
    The API interception technique is a powerful possibility, but I might suggest the possibility of just not processing the hook request of other apps instead of fighting for supremacy in the hook chain, as that could easily cause the hook chain to grow unbounded if the other app does verifications that its hook is receiving messages...
    */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/

    "It's hard to believe in something you don't understand." -- the sidhi X-files episode

    galathaea: prankster, fablist, magician, liar

  8. #8
    Join Date
    Oct 2003
    Location
    VN
    Posts
    8

    Smile So how can I do to solve it?

    Thanks AlanMason very much for your long reply,
    But actually, I look puzzled now, I don't known how can do it now. I develop it in both Windows 9X and NT(2000/XP), so what is the best solution for me.

    AlanMason, you meant that I can use Hook API to detect spy app-which uses LLKeyboardHook? But Galathaea suggeted that I should not! So, really, I am not able to find out the best solution.

    I have also followed the suggestion of Sam Hobbs, but until now I could not find the fit answer for my question - poor my searching skill.

    Anyway, thank you very much and hope you could give me more help.

    Thanks in advance,

  9. #9
    Join Date
    May 1999
    Location
    Southern California
    Posts
    12,266
    Take a close look at the SetWindowsHookEx function documentation. I think there is something there that will do what you need.

  10. #10
    Join Date
    May 2000
    Location
    Scotland, Livingston.
    Posts
    728
    That still does not take care of hardware loggers or unauthorised modifications like keyboard drivers.
    Dave Mclelland.

  11. #11
    Join Date
    May 1999
    Location
    Southern California
    Posts
    12,266
    Originally posted by Dave McLelland
    That still does not take care of hardware loggers or unauthorised modifications like keyboard drivers.
    That is not what the question is asking for.

  12. #12
    Join Date
    May 2000
    Location
    Scotland, Livingston.
    Posts
    728
    Originally posted by Sam Hobbs
    Take a close look at the SetWindowsHookEx function documentation. I think there is something there that will do what you need.
    Ive looked at the MSDN documentation for SetWindowsHookEx and cant see anything that would help here. Can you be a bit more specific about you answer, youve got me intregued.
    Dave Mclelland.

  13. #13
    Join Date
    Oct 2003
    Location
    VN
    Posts
    8

    Smile Thanks, I would like to ask more...

    AlanMason, Thank you very much,
    You gave me much help. You understand deeply about OS, more more deeper than I can.
    About solution for windows2000/XP I have a new Ideal and would like to have your opinion?

    I have just visit http://www.madshi.net and tried to run some Demos in http://www.madshi.net/madCollection.exe , it is good sample about API Hook. So, now I plan to do like below:

    When ever I show my input-password form I will do the followings before that:
    -register my own low level keyboard hook and and NOT call CallNextHookEx when users type in my form - as Puzzolino mentioned.
    -also before this time, I will hook the API function: SetWindowsHookEx to detect if any spy app try to install keyboard hook (call SetWindowsHookEx) within the user-typing-password time. If yes, I will re-register my own low level keyboard hook to make sure it is in lower layer than spy app, and also let user known about the spy app (kill it or not).

    But I don't known is it OK or not, so I need more opinions from you.

    Thank you in advance,

    If any of you have a Ideal, please let me know, it will be helpful for me.

  14. #14
    Join Date
    Aug 1999
    Location
    <Classified>
    Posts
    6,882
    Hey , here is one more idea ..
    Develop your own password box , (which dont support giving text to anybody with WM_GETTEXT, this can be done very easily and I will leave this on you). Then have a thin keyboard filter driver which waits on EVENTs , now whenever your password box has focus then you triger the event so that the keyboard filter driver start's reading the keys , ( it should read the keys but not let 'em reach to any app,I mean dont pass the keystokes onwords from filter driver ) this will cause a problem ,that your password box wont get any key stroke events .But as user completes typing password and press enter you send anather triger to event , now the Filter driver can safely store the keys pressed which your password box can read.
    Regards,
    Ramkrishna Pawar

  15. #15
    Join Date
    Oct 2003
    Location
    VN
    Posts
    8

    Thumbs up Thank Krishnaa!

    From your ideal, I have just googled the word "keyboard filter driver" and found this program is very good one, using keyboard filter driver: http://www.anti-keylogger.net

    It can detect any program that tends to monitor keyboard actions, and ask user for dicision...
    I wish I could do like this, but I think it is very dificult for me, right now I don't know how to do, where to start.
    So, if you have any experience please give me advices. It would be very useful for me.

    Thank you very much,

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured