tags:

views:

441

answers:

4
+4  Q: 

Detecting Keyboard Hooks

Is there a way to detect which programs or modules are listening to a keyboard hook? By Sysinternals maybe?

A: 

Nope. You would likely have to hook into SetWindowsHookEx() itself in order to detect that.

Remy Lebeau - TeamB  2009-09-23 22:41:38
A: 

I don't think you can, there's no GetWindowsHook function that would return the hook(s). Also, I'm under the impression that the main keyboard processing routine is hooked through SetWindowsHookEx(), so even if there are no hooks, there's at least one, Windows itself.

Marc Bernier  2009-09-24 02:15:11
Thanks;I have guessed that would be at least one. But if there are no ways to do that; that might be a source of horror!
Kaveh Shahbazian  2009-09-25 10:18:16
If you're concerned about some sort of keyboard monitoring program, maybe you could try another approach - it probably is writing to a file somewhere (or transmitting over a network connection). Filemon could help you see if there's any suspicious file I/O, Wireshark could do the same with network traffic.
Marc Bernier  2009-09-25 13:21:21
I have McAfee security suite on my laptop and I keep it updated. Hope that helps for some automatic safety.
Kaveh Shahbazian  2009-09-26 11:44:00
@Kaveh Shahbazian: If the program can hook the keyboard, it could just as easily disable your security suite. IIRC, you need fairly high privileges to hook the keyboard, so if a malware app does this successfully, someone ran it as Administrator. System rooted, game over, sorry.
Piskvor  2010-06-30 08:23:55
@Piskvor: Unless Vista/7's UAC is now preventing it, SetWindowsHookEx() can be executed at any user level.
Marc Bernier  2010-07-02 19:12:23
+1  A: 

This blog post has instructions: http://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/

atomice  2009-09-28 13:25:52
A: 

It largely depends on what level of abstraction are you obtaining your key presses.
For maximum detection you could use hardware directly or go as low as possible (some hooks work at HW driver-level).

For security purposes, you could also use a virtual keyboard - hooks would have to be targeted specifically at your application to simulate key presses.

Jaroslav Jandek  2010-06-30 08:34:33

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)