Windows Keylogger Part 2: Defense against user-land

Now, this is the interesting part. Recall from part 1, I had showed you 4 hooking methods using in Windows user-mode and today we will analyze each of them for answering one question: how to detect it? Let’s see! Windows test machine: Windows 7 x86: version 6.1.7601.17514 Service Pack 1 Build 7601) ntoskrnl.exe: 6.1.7601.17514 (win7sp1_rtm.101119-1850), … Continue reading Windows Keylogger Part 2: Defense against user-land