Creating *and HIDING* a keylogger

[CodeLeon]

Hi. I would like to create a keylogger, are there any good tutorials?
Also, more importantly, how do i hide this process from the task
manager? NO, i am not a virus writer, so PLEASE no messages asking me
my intentions or ridiculing me for wanting to do this as other
legitimate entities have been doing this for years. Than You!

 

[Lau Lei Cheong]

Just curious, what is your "legitimate purpose"?

I just cannot figure out any "fair use" for a "hidden" keylogger.

If you want to log the usage of a PC, you should tell them they're under
logging to make it fair - so they'll know they shouldn't use any password or
other personal information there.

 

[CodeLeon]

Thank you for your inquiry, and quite to the contrary this is just a
pilot application for use on my own pc, for gaining experience with
operating system functions. So, yes it is a fair and legitamate
purpose. Besides, if the process is not hidden than they can simply end
it.

Thank You.

 

[Lau Lei Cheong]

Hiding anything from system view is almost always consider evil. See? Even
antivirus companies such as Norton and McAfee no longer hide the folders
they used to hide.

Considering the mess Sony's XCP rootkit has brought to the world, I think
it's essential fpr people who pocess the "stealth" technologies to think
twice before teaching others about it.

And afterall, is there any hope for any JIT-compiled applications to hide
from system view? I really doubt it.

 

[Russell Hind]

Thank you for your inquiry, and quite to the contrary this is just a
pilot application for use on my own pc, for gaining experience with
operating system functions. So, yes it is a fair and legitamate
purpose. Besides, if the process is not hidden than they can simply end
it.

Not if you run it as a system service. You try ending other services
owned by 'System'. You don't have privileges to so no need to hide it,
just install it correctly.

Cheers

Russell

 

[Jon Skeet [C# MVP]]

Thank you for your inquiry, and quite to the contrary this is just a
pilot application for use on my own pc, for gaining experience with
operating system functions. So, yes it is a fair and legitamate
purpose. Besides, if the process is not hidden than they can simply end
it.

If this is only a pilot application for use on your own PC, why do you
care whether or not users can end the process?

Jon

 

[CodeLeon]

It may be a useful tactic for later, final releases of my security
software. See, I plan on after this creating a document rights
management software which uses cryptography to limit the number of
computers a document may be viewed on transparently, without additional
plugins required for office.

 

[Russell Hind]

It may be a useful tactic for later, final releases of my security
software. See, I plan on after this creating a document rights
management software which uses cryptography to limit the number of
computers a document may be viewed on transparently, without additional
plugins required for office.

But why do you need to hide the process? I doubt you can hide the
process from Task Manager's Process list (yes to the Application List).

You may be able to disable access to Task Manager for certain users
though so that is another possibility.

But as mentioned before, I think the best way would be to have a system
service running, that way the user won't have privileges to end it.

Russell

 

[Jon Skeet [C# MVP]]

It may be a useful tactic for later, final releases of my security
software.

In which case it *won't* just be used on your PC for a pilot, so our
concerns are legitimate. Do you get the impression that the other
newsgroup readers aren't terribly keen on the idea of helping you to
create a product which would run programs on their computers without
their knowledge or control?

Jon

 

[Jacob]

How does keylogging help document rights management? Yes, you need to
type in a password, but that would have to be fairly obvious to the
user wouldn't it?

How does a keylogger limit the number of computers a document can be
viewed on?

I may be missing something completely obvious here, but I see no use
for an invisible keylogger to obtain a password.

If you are concerned that someone ends your "security app" and then
views the document then the solution is surely to run it as a service
that the user cannot shut down.

When selling (or otherwise distributing this software) you are going to
have to inform the user that he will be installing an invisible process
(which could easily transmit sensitive information). The Sony rootkit
story should be a lesson to all.

 

[CodeLeon]

As to clear up some of your questions, the documents right management
will need to use either a service or an invisible app just like a
keylogger. There is no password that needs to be collected.

 

[Andrew]

As to clear up some of your questions, the documents right management
will need to use either a service or an invisible app just like a
keylogger. There is no password that needs to be collected.

So... What you're saying is that you want people to tell you how to do
something *exactly* like Sony tried to do.