Hook detector


I need to know how can I find all keyboard hooks instaled on a computer and running.
I work on an application that should scan all running processes and find which one of them (or more) has a keyboard hook installed on Windows. It should be something like a keylogger detector.
Who is Participating?
that will be a hard thing to do considering the multiple ways one can do a keyboard hook (not talking about stealth and other hiding tehniques).
maybe the best way would be to:
- find all modules used by one process (dll's, ocx, etc)
- scan the image of that module (the file) for calls to api hooks (by name and reference/address - for the latter you'll need to search either in the loaded module (in memory) or do an 'executable parser)

this will be a pretty hard task and as far as I know, the success rate will still be under 90-95%.
I'll give it a thought and get back to you if I get a better idea.
Are you looking for something like this?
bodragAuthor Commented:
No, Keylogger Hunter only make keyloggers to stop working correctly.
I need a way to detect if a keylogger is running.
This is a daunting question, as some HOOKs that wish to remain hidden can be hidden...
this site explains what i mean... http://www.rootkit.com/newsread.php?newsid=360

Other wise ciuly's suggestion seems to be the best root for keyloggers that can be identified by file/name
in the end a keylogger that wants to stay will stay until such time a proper and versitile anti-program is made.

Peace Scay7

P.S Never run a program that you are not 101% of its validity... (this is the first line of defence)
The only documented way would be to install a WH_DEBUG hook. Otherwise you'd have to enumerate internal undocumented structures that are subject to change without notice. However, this worked quite well on Windows 9x, see MSINFO.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.