-
October 10th, 2003, 12:20 AM
#1
How to detect KeyBoardLogger Program - Spy app?
Hello everyone, I would like to ask a question:
Is there any way to detect if there would be any Spy app running in back ground which installed LL Keyboard Hook to steal User's password?
Thanks a lot,
http://www.codeguru.com/forum/showth...hreadid=267170
-
October 13th, 2003, 11:30 AM
#2
Unfortunately, on the NT systems (which are the only ones that support the low-level keyboard hook you mention), there is no documented way of enumerating global hooks. You would need to probably go down to ring0 and program a kernel mode driver to spy on whatever internal table the user32 module uses to track such things, which means you will need to figure out the format of that table and deal with synchronisation, etc.
There are known methods for Consumer windows enumeration, however. Other than that, I think your only option would be to use an API interception scheme as detailed in the thread you link to, and ensure that your interception either gets created first or that an alternate hook which does not call up the chain gets installed after the API hooks are set.
*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
"It's hard to believe in something you don't understand." -- the sidhi X-files episode
galathaea: prankster, fablist, magician, liar
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|