0

As a proof of concept, I wrote a quick keylogger in .NET. It was only 150 lines and it worked flawlessly.

It's frighteningly effective. With some relatively simple use of the WinAPI function GetAsyncKeyState, I was able to capture any and all keystrokes and save them to a data file.

My question is, is it possible for one program to detect when another program calls GetAsyncKeyState?

Furthermore, is it possible to detect when another program calls any winAPI function at all?

Thanks!

Ares513
  • 13
  • 2
  • I'm not sure if this is on-topic here... (But it's a very interesting question.) I assume you're looking for a way to write a program that detects this? That would be within scope, but I'd wonder if the people over at security.stackexchange.com might have non-programmatic answers. – David Sep 26 '14 at 17:13
  • 3
    Everything are win api calls – γηράσκω δ' αεί πολλά διδασκόμε Sep 26 '14 at 17:15
  • I'm sorry, I wasn't as clear as I should have been. I am referring to the unmanaged API functions that you can access in a managed language such as C#. – Ares513 Sep 26 '14 at 17:17
  • @DavidStratton Yes, I am looking for a way to write this programatically. If the folks down at security.stackexchange could provide a better answer, I'll head there. – Ares513 Sep 26 '14 at 17:17
  • @γηράσκωδ'αείπολλάδιδασκόμε is right - every program, including Windows, calls those API calls. Everything that runs on Windows pretty much calls those API calls. THink about it. If you move the mouse and thye program responds to a mouse click, it's using the API call If you move the mouse over the screen, and the mouse has to be displayed, that program is triggering an API call to draw the cursor on the screen. – David Sep 26 '14 at 18:16
  • Yes, of course, that's right, but surely that's logged somewhere. There are specific functions that are quite hazardous to the computer's security if used in specific ways. My goal is simply to detect when such calls are happening. – Ares513 Sep 26 '14 at 18:41

1 Answers1

0

Yes, Microsoft offers Detours library which lets you hook any API calls. The library is quite expensive though. With enough skill you can implement the same that MIcrosoft does yourself as well (and many protection solutions like antivirus and application firewalls do this).

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • Thanks. I just wanted to know if it's possible. If and when I figure it out I will update this question appropriately. – Ares513 Sep 26 '14 at 22:48