Use this small utility to detect any malware keyloggers found on your computer
Some trojans include keylogging functionalities, that will steal confidential information you are typing on your computer. To fight this threat, many HIPS applications, and also dedicated anti-keyloggers programs, now provide anti-keylogger features. However, there are many ways to monitor the keyboard, and just a few HIPS utilities are able to cover them all.
Anti-KeyLogger Tester is a software using 7 different methods to monitor your keyboard, and also enables you to check your defences. AKLT provides hook based, and hookless/cyclical polling tests.
The seven keylogging methods used are :
· GetKeyState : This API returns the current key state for a given key. This API must be called for every keys, constantly (e.g every 10ms) in order to not miss any key the user may press. This method is less reliable than a global hook, but is more stealthy, and does not require administrator privileges.
· GetAsyncKeyState : This API is similar to GetKeyState, except that it can receive keys that has been pressed, and not only the one pressed at the moment the function is called. As the previous method, it does not require administrator privileges.
· DirectX : This method is using APIs from DirectInput functions family (from DINPUT.DLL). It requires that DirectX 7.0 or higher is installed, which is not a problem as DirectX is bundled with Microsoft Windows Operating Systems. It is more stealth as being less known (I’ve never heard of it before). Of course video games use DirectX to monitor your keyboard, but I’m not aware of any malware using DirectX for malicious purposes. As the previous method, it does not require administrator privileges.
· GetKeyboardState : This test uses the GetKeyboardState() and AttachThreadInput() Windows APIs to monitor your keyboard. This function is polled every 10ms and returns back the pushed keystroke of the current window which has the focus. Like the first method, no hooks are created and it works under a restricted user account or a guest account (no administrator privileges required).
· LowLevel Keyboard Hook (SetWindowsHookEx) : This test uses the well known SetWindowsHookEx() API with the WH_KEYBOARD_LL parameter to create a Low Level Keyboard Hook. This hook does not require any DLL, therefore no DLL is injected into other processes. As usual, this test works under a restricted user account. This is not a “new” test in the way of “unknown until now”, instead this kind of test has been know for years, it was just added for the sake of completeness.
· JournalRecord Hook (SetWindowsHookEx) : This test uses the well known SetWindowsHookEx() API with the WH_JOURNALRECORD parameter to create a Journal Record Hook. This hook does not require any DLL, therefore no DLL is injected into other processes. As usual, this test works under a restricted user account. This is not a “new” test in the way of “unknown until now”, instead this kind of test has been know for years, it was just added for the sake of completeness
· GetRawInputData : This test uses the GetRawInputData() API to redirect raw keyboard inputs to it. This method works without polling, and is more similar to a global hook. The API used is available only since Windows XP and above (e.g. Vista), and does not require Microsoft .NET as people could suppose (as other testing tools are using .NET). “Thanks” to Windows, it works once again on a restricted user account.
What’s New in This Release: [ read full changelog ]
· ADDED new keylogging method : GetRawInputData
· ADDED OS checking at program start to warn the user if AKLT is being ran on an untested OS
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!