Hi,
Anyone know how to find if there any keyboard filter driver installed programmatically???
Thanks in advance.
Look at CurrentControlSet\Control\Class{keyboard class GUID} for
UpperFilters and LowerFilters values other then “kbdclass”
Also look at corresponding keys in the Enum registry.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Hi,
> Anyone know how to find if there any keyboard filter driver installed
programmatically???
> Thanks in advance.
>
Yes i was there but i want to know exactly who is the driver, i want to know programmatically if there is a kernel keylogger in the system (like powered keylogger) I want to advice to the user that the pc is posible infected and so on…(i don’t care about false positivies for now)
Thanks
Yohamnes
Then you have a problem, many of the keyloggers do not load as filters, but
instead force their way into the data flow, there is no single way to
indentify these which is why much of the spyware and anti-virus stuff do it
by recognizing the code after it has been identified as harmful, rather than
identify the actions it takes.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Yes i was there but i want to know exactly who is the driver, i want to
> know programmatically if there is a kernel keylogger in the system (like
> powered keylogger) I want to advice to the user that the pc is posible
> infected and so on…(i don’t care about false positivies for now)
> Thanks
> Yohamnes
>
Yes, is very difficult, but for instance, one of the keylogger i tested can be found with the device tree utility (is attached to the device\keyboardclass0 and device\keyboardclass1), how i can achieve the same programmatically, at least will work with this one.