Thread: Listing all hooks?

  1. #1
    Registered User kryptkat's Avatar
    Join Date
    Dec 2002
    Posts
    638

    Listing all hooks?

    I do not think that I have seen a prog that lists all hooks. aka detecting key loggers. Listing processes is one thing. Listing all hooks would be usefull. It is one thing if you make a hook and know it is there. accessing it would be simple but what about finding hooks unknown? ie listing all hooks

    CallNextHookEx?

    SetWindowsHookEx?

    The above you make but is there someting to list all hooks?

    meow in advance.

  2. #2
    Registered User Queatrix's Avatar
    Join Date
    Apr 2005
    Posts
    1,342
    It's possible to make key loggers with out a using a hook . . .

  3. #3
    Registered User
    Join Date
    Nov 2005
    Posts
    4
    One way to see what hooks are running on your system would be to write an API spy. I know there are some ways of accomplishing this that involve redirecting the Import Address Table to your function. If you did this as a service, you would be able to track the vast majority of processes that called the SetWindowsHookEx function.

    As far as providing code, I do not have any specific examples for you. The technique is rather well-documented because it is often used by user-mode root kits. The technique comes with some performance detriment because every call to a monitored function must be passed through your function handler first. However, if this is an idle curosity sort of thing, that should not be a concern.

    As was already mentioned, hooks are not the only way to write programs that log key strokes and such.

  4. #4
    Registered User kryptkat's Avatar
    Join Date
    Dec 2002
    Posts
    638
    idle curosity sort of thing no. i keep getting redirected even after i use several anti spy progs. i have several api spy progs but they only show processes.

    detecting hooks when they are called might be to late. i was hoping to list all current hooks in use. like now. when the computer is on. and not wait for a new one and only show that new one but not the others running.

    i was on the msdn site and got lost.

    It's possible to make key loggers with out a using a hook . . .
    meow! i think it is the rightclick hook i am looking for. aslo have scaned reg for certine other websites looking for hijackers. none found. got rid of spy ware need something other than antispy prog. because i am still getting rerouted.


    weird api spy shows .exe that do not exisit? this is part of the reason for hook lister.
    Last edited by kryptkat; 11-17-2005 at 02:23 PM.

  5. #5
    Registered User
    Join Date
    Nov 2005
    Posts
    4
    If you log them when they happen, you know which ones at have some point have been running and when they started. When they started gives you some indication of where they fall in the boot order. You can always query if the hooked process still exists to determine if it is still running(if it does not hide itself from process enumeration API). You could also monitor the unhooking API to know when it stops its hook so you'd know which ones are active.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Generating Window Procedure mouse WPARAM from Hooks
    By seaders in forum Windows Programming
    Replies: 0
    Last Post: 03-24-2009, 09:43 AM
  2. Windows Hooks for global mouse detection
    By JJFMJR in forum Windows Programming
    Replies: 8
    Last Post: 08-12-2008, 08:04 AM
  3. Detecting Keyboard Hooks
    By KinoCode in forum Windows Programming
    Replies: 2
    Last Post: 01-17-2003, 11:24 AM
  4. !! DOS UNIcomal Listing !!
    By Stupider Like A in forum C++ Programming
    Replies: 3
    Last Post: 10-02-2002, 12:43 PM
  5. Directory Listing
    By Angelus in forum C++ Programming
    Replies: 5
    Last Post: 09-09-2002, 09:32 AM