Hi all,
First of all id like to point out that this topic is not breaking any rules! For my thesis at university im required to develop a keylogger detector. So far my project successfully scan the computer for keyloggers and updates its keylogger list over the internet.
However the next part of my project is to do the following.
1. Detect the presence of keyloggers
2. Mislead keyloggers
3. Disable keyloggers
Im quite stumped on how to achieve any of these. Im not looking for code examples just the theory behind how to do them. I.e. fo point 1 it might be possible to check the message queues for all running processes to see if any of the WM_KEYDOWN messages are being processed before the application they are destined to. But what if the keylogger is using the GetKeyAscii method and not dll injection?
For point 2 misleading means if a keylogger is active then the keylogger detector will send it "fake" keys so the keylogger records the fake keys as well the keys the user is typing.
These are just examples of how to achieve this. I would be very gratefull if you could share your ideas or know of methods how this could be done.
Also if you could suggest other functionality that you would expect in a keylogger detector then please say.
Thankyou very much for your time.
Cloudy