CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    Join Date
    Mar 2005
    Location
    Canada Alberta
    Posts
    80

    Anti-Keylogger program

    I was brainstorming a program which would assist in catching any kind of keylogger no matter what method they used, my idea was to just have a program emulate keypresses as fast as it can, my question is if I just create a normal window and use the send key command on this window will the keylogger still detect the keystrokes even though there is no actual input area?

    oh this helps decide wether or not you have a keylogger running by overloading the poor little keylogger > what you look for (and I'll probably have my program graph this for you) is changes in your HDD's size, and also monitor the ram usage of your programs, any sudden increase in either of these stats would represent the pressence of a keylogger.
    In C, you merely shoot yourself in the foot.

    In C++, you accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical care is impossible, because you can't tell which are bitwise copies and which are just pointing at others and saying, "That's me, over there."

  2. #2
    Join Date
    Mar 2004
    Location
    (Upper-) Austria
    Posts
    2,899

    Re: Anti-Keylogger program

    Well you should take a look on how various key logger works. Without knowing the problem you won't be able to find a solution for this.

    http://www.codeguru.com/Cpp/W-P/syst...cle.php/c5699/
    http://www.codeguru.com/Cpp/W-P/syst...cle.php/c2891/
    http://www.codeguru.com/Cpp/W-P/syst...cle.php/c2891/

    But your solution above sounds a little bit more overhead. But it could work though... Then you would need API Hooking...
    I am not offering technical guidiance via email or IM
    Come on share your photo with us! CG members photo album!
    Use the Code Tags!

  3. #3
    Join Date
    Mar 2005
    Location
    Canada Alberta
    Posts
    80

    Re: Anti-Keylogger program

    May be a bit over head but it's the only method that can, IMHO, catch any kind of keylogger no matter how they capture keys

    thanks for the link, and what does the nts stuff in your sig mean?
    In C, you merely shoot yourself in the foot.

    In C++, you accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical care is impossible, because you can't tell which are bitwise copies and which are just pointing at others and saying, "That's me, over there."

  4. #4
    Join Date
    Mar 2004
    Location
    (Upper-) Austria
    Posts
    2,899

    Re: Anti-Keylogger program

    Quote Originally Posted by barrensoul
    May be a bit over head but it's the only method that can, IMHO, catch any kind of keylogger no matter how they capture keys
    Your problem is quite interesting and I understand all your effort, I will sleep over it, maybe I will find something.

    Quote Originally Posted by barrensoul
    thanks for the link, and what does the nts stuff in your sig mean?
    That's the secret language used by the dark side of the Squirrel Imperium. Only choosen one's can understand this language. The text in my signature means "Bunny will rule the world"
    I am not offering technical guidiance via email or IM
    Come on share your photo with us! CG members photo album!
    Use the Code Tags!

  5. #5
    Join Date
    Mar 2005
    Posts
    226

    Re: Anti-Keylogger program

    I though of that approch but I think there is any easier way but haven't tried it yet. What you do is setup a debug hook so it is called before anything else and just see what type of hook is to be called next. Problem is, you have to now what kinds of hooks are installed by legit apps. May need some kind of training mode.

    The debug hook code must be in a DLL since it is global. I tried to put a debug hook in my code, but it crashed. I was able to do global low level key board hook in my code but not a debug hook.
    Last edited by RoyK; May 19th, 2005 at 10:39 AM.

  6. #6
    Join Date
    Nov 2003
    Location
    Belgium
    Posts
    8,150

    Re: Anti-Keylogger program

    Quote Originally Posted by barrensoul
    May be a bit over head but it's the only method that can, IMHO, catch any kind of keylogger no matter how they capture keys
    Sorry to burst your bubble, but this won't detect any hardware keylogger that has been inserted between your keyboard and your PC
    Marc Gregoire - NuonSoft (http://www.nuonsoft.com)
    My Blog
    Wallpaper Cycler 3.5.0.97

    Author of Professional C++, 4th Edition by Wiley/Wrox (includes C++17 features)
    ISBN: 978-1-119-42130-6
    [ http://www.facebook.com/professionalcpp ]

  7. #7
    Join Date
    Mar 2005
    Location
    Canada Alberta
    Posts
    80

    Re: Anti-Keylogger program

    this is true, how ever it will overlfow the hardware controller and if you can't find a hardware keylogger on your comp I'd have to peg you as retarted, unless it's integrated INTO the keyboard (or not easily dicernable, all I know of so far is the USB versions, and I think there was a verion that goes between your PS2 mouse and your tower.)

    and mines only designed for software so far
    In C, you merely shoot yourself in the foot.

    In C++, you accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical care is impossible, because you can't tell which are bitwise copies and which are just pointing at others and saying, "That's me, over there."

  8. #8
    Join Date
    Jan 2005
    Posts
    18

    Re: Anti-Keylogger program

    This is a good idea; you could use a blank window and use postmessage to send hordes of useless keystrokes; the log would have the real keystrokes scattered between the useless gibberish.

  9. #9
    Join Date
    Mar 2005
    Location
    Canada Alberta
    Posts
    80

    Re: Anti-Keylogger program

    that's pretty much a side effect of my program, the true purpose is to use those hordes of crap to fish out a mysteriously increasing resource ussage which would symbolize a keylogger
    In C, you merely shoot yourself in the foot.

    In C++, you accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical care is impossible, because you can't tell which are bitwise copies and which are just pointing at others and saying, "That's me, over there."

  10. #10
    Join Date
    Jan 2005
    Posts
    18

    Re: Anti-Keylogger program

    Ah, but you forget a good keylogger would have rootkitted itself and otherwise be hidden completely from the user, which means you couldnt monitor it through normal means.

  11. #11
    Join Date
    Mar 2005
    Location
    Canada Alberta
    Posts
    80

    Re: Anti-Keylogger program

    what?? I don't care how they do it, as long as they are using a resource I can detect the presence of one, thats all it's supposed to do, not detect "where" or "what" but just if ones there or not -_-'

    if I make millions of keypresses per minute and they store to the HDD you will notice the HDD size going up up up, even the ram would be going up up up, or network usage if they broadcast is right away, either way you look at it somethings going to increase so once you know it's there you can take proper steps to finding and removing it, I'll figure out some detection methodes, including the hook detector that RoyK mentioned, mabe a display like Spy++ shows since it shows keyboard hooks threads and everything
    In C, you merely shoot yourself in the foot.

    In C++, you accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical care is impossible, because you can't tell which are bitwise copies and which are just pointing at others and saying, "That's me, over there."

  12. #12
    Join Date
    Jan 2005
    Posts
    18

    Re: Anti-Keylogger program

    That's true. You wont be able to identify what's causing it, but you WILL know it's there...

  13. #13
    Join Date
    Mar 2005
    Location
    Canada Alberta
    Posts
    80

    Re: Anti-Keylogger program

    well if one knows that there is a problem then one can fix it can't they? otherwise not klnowing about it means you can't fix it
    In C, you merely shoot yourself in the foot.

    In C++, you accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical care is impossible, because you can't tell which are bitwise copies and which are just pointing at others and saying, "That's me, over there."

  14. #14
    Join Date
    Nov 2003
    Location
    Belgium
    Posts
    8,150

    Re: Anti-Keylogger program

    Perhaps this might also be an interesting subject for a codeguru.com article.
    Marc Gregoire - NuonSoft (http://www.nuonsoft.com)
    My Blog
    Wallpaper Cycler 3.5.0.97

    Author of Professional C++, 4th Edition by Wiley/Wrox (includes C++17 features)
    ISBN: 978-1-119-42130-6
    [ http://www.facebook.com/professionalcpp ]

  15. #15
    Join Date
    Jan 2001
    Location
    Cape Town, South Africa
    Posts
    17

    Re: Anti-Keylogger program

    This has been very interesting reading. Here's the downfall of your plan. Firstly a keyboard hook is event driven - there is no timer polling for activity - so no key presses - no CPU usage. If you emulate key presses, I am sure your emulation code will use more CPU cycles than the keylogger trap code. Even if not, the two events occur virtually simultaneously, so you would not really detect whats using CPU resources. Then, a really good keylogger would compress the databuffers in realtime. It would collect data in memory (sas up to perhaps 100k - thats a lot of keystrokes - and then compress the data in an idle thread VERY quickly - it wouldn't even make your resource meter blink. This disk write is just as quick. To demonstrate, write a small app that produces 1000,000 keystroke chars, then write that to a txt file. next zip the file using Winzip. The size you are left with is an indictation of how the keylogger will play with your data. That file size (probably less than 100k) is insignificant on a 40GB drive. Your virtual swap file can grow 10x faster and larger through normal PC usage.

    Just a thought!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured