Jump to content

KeyLogger

Members
  • Content Count

    19
  • Joined

  • Last visited

  • Days Won

    2

KeyLogger last won the day on December 27 2017

KeyLogger had the most liked content!

Profile Information

  • Location
    Russia

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Again. They have this feature in settings. The "Install global hook " checkbox This feature is broken. It's a bug.
  2. itman, keeps learning programming. First, the function SetWindowsHooksEx is from user32.dll not kernel32, it hooks windows messages infrastructure. Second, these dlls are just wraps or proxies for system calls and interprocess communications. You can statically link all its code into your exe file and make a nonportable program completely independent from any dll. The actual system calls are done through INT and SYSCALL instructions on x86 processors. Have developers ever come to this forum? Admins, have you reported the bug?
  3. I've tested it with notepad application in the video. I've tried to add notepad.exe in files section. It didn't work. Probably because "all files" option already covers "notepad.exe" right?
  4. And the HIPS Install global hook rule is just a do nothing checkbox. Right?
  5. WAT? The video of its action was recorded on Win7. I've tested it on Win10 too. I have already written about this. The video was downloaded and watched by you. Stop spamming the thread please.
  6. itman, from your comments I come to conclusion that you either not a programmer or trying hard to divert conversation from the actual issue by spamming in the thread. Debunking user32.dll BS: HIPS is able to catch file accesses. File accesses are done through even more core dll then user32, through kernel32.dll. Eset HIPS module is able to detect it. Also the term "kernel space global root table" was just made up by you, there is no such term in system programming. Actually this is done through a very different mechanism, it is not achieved by dll function calls instrumentation, because m
  7. I've tested them on Win 10 too. Neither ESET nor Yandex were able to catch my simple keylogger. Ghostpress is working, only if it is started before the keylogger and it doesn't report it. Keylogger will still be present in the system undiscovered but Ghostpress overwrite virtual key codes reported to hooks down the chain so the keylogger is not able to log characters. I see that admins aren't interested in reporting the bug and no developers have come. Ok then. Bye.
  8. I have posted a video in wich keylogger logged keypresses made in another application. What other proofs do you want? I have already told you that it doesn't inject dll on Win7. It do install hook and log keypresses though. The advertised keylogger detection feature is broken and the rule "Install global hook" doesn't work.
  9. Stop this speculations pleas. I am the author of this program. It does call SetWindowsHookEx, the program was written by me 15 years ago. It was demanded to put hook function into dll back then. It is still required according to MSDN though it doesn't inject anything in Win7 and later. The program doesn't install any drivers. It just call SetWindowsHookEx and log keypresses. See the video. It worked. And NOD didn't stop it. It can even be run from unprivileged user and still able to log keypresses systemwide. The advertised keylogger detection feature is broken and the rule "Install global hoo
  10. It seems that it really doesn't inject this dll. It was the case for XP and is not the case for Win7. Good. This explains why the second rule didn't trigger. But why the first rule "install global hook" didn't trigger too? The hook was obviously installed. It captured keypresses and logged the phrase I typed.
  11. See the video. I am not using a kernel mode keylogger. I explain how SetWindowsHook works. The kernel is injecting the dll you provide. If it is not designed to block keylogging activity then what this global hook rule is supposed to do? And why is it marketed as such?
  12. That is how keyboard hooks are working on Windows. You must implement the hook function in dll and set it using the SetWindowsHookEx. And then the windows itself inject this dll into every other process running. There can't be any global hooks without a dll. What does this global hook rule means then? And what application should I ban from injecting dll into other processes if it is done by windows kernel? Should I ban the windows kernel itself? I've rebooted my test VM and added the rule for "Modify state of another application" as well. It doesn't work. Here is the video attached. no
  13. I've tried both block and ask. It doesn't work. No diagnostic is shown and logs are empty.
  14. I did the above. It doesn't block nor ask anything when I am running my small keylogger. I can make a screencap video of this.
×
×
  • Create New...