꼭 찾으려면 없더라구요...
별건 아니고 키로그 테스트 프로그램입니다. AKLT 프로그램에서 지원하는 키로거 기능은 국내 키보드해킹방지프로그램에서 대부분 방어를 하고 있긴 한데요.
공부차원에서...이러한 기능(레이어)을 통해 키보드 값을 가져올 수 있구나.. 정도로 참고하면 좋을듯합니다. (자세한걸 공부하고 싶다면~ 구현해 보는 것이 췌고죠~ ^-^b)
다만 이툴이 다른 키로거 테스트 툴에서는 없는 기능이 있는데요.
그건 direct input 키로거 기능이 있다는 거죠.
구현을 해볼까 했는데 마침 이툴에서 지원하고 있네요
(잘못했다간 지금 열심히 짜고 있었을 지도...)
AKLT.zipgoogle keyword : anti keylogger test aklt
http://www.snapfiles.com/get/antikeyloggertester.html
Anti-Keylogger Tester (AKLT) Publisher's Description
A tool using 7 different methods to monitor your keyboard, and enables you to check your defences.
What is Anti-Keylogger Tester ?
Some trojans includes keylogging functionalities, that can steal confidential information you are typing. To fight this threat, many HIPS software, and also dedicated anti-keyloggers software, now provide anti-keylogger features. However, there is many ways to monitor the keyboard, and few HIPS cover them all.
AKLT is a tool using 7 different methods to monitor your keyboard, and enables you to check your defences. AKLT provides hook based, and hookless/cyclical polling tests.
Additionaly, AKLT provides two ways of taking screenshots, as a keylogger or a trojan could do. In case one of your security software is claiming to provide a "screenshot protection" feature, you will be able to test it thanks to AKLT.
The seven keylogging methods used are :
- GetKeyState : This API returns the current key state for a given key. This API must be called for every keys, constantly (e.g every 10ms) in order to not miss any key the user may press. This method is less reliable than a global hook, but is more stealthy, and does not require administrator privileges.
- GetAsyncKeyState : This API is similar to GetKeyState, except that it can receive keys that has been pressed, and not only the one pressed at the moment the function is called. As the previous method, it does not require administrator privileges.
- DirectX : This method is using APIs from DirectInput functions family (from DINPUT.DLL). It requires that DirectX 7.0 or higher is installed, which is not a problem as DirectX is bundled with Microsoft Windows Operating Systems. It is more stealth as being less known (I've never heard of it before). Of course video games use DirectX to monitor your keyboard, but I'm not aware of any malware using DirectX for malicious purposes. As the previous method, it does not require administrator privileges.
- GetKeyboardState : This test uses the GetKeyboardState() and AttachThreadInput() Windows APIs to monitor your keyboard. This function is polled every 10ms and returns back the pushed keystroke of the current window which has the focus. Like the first method, no hooks are created and it works under a restricted user account or a guest account (no administrator privileges required).
- LowLevel Keyboard Hook (SetWindowsHookEx) : This test uses the well known SetWindowsHookEx() API with the WH_KEYBOARD_LL parameter to create a Low Level Keyboard Hook. This hook does not require any DLL, therefore no DLL is injected into other processes. As usual, this test works under a restricted user account. This is not a "new" test in the way of "unknown until now", instead this kind of test has been know for years, it was just added for the sake of completeness.
- JournalRecord Hook (SetWindowsHookEx) : This test uses the well known SetWindowsHookEx() API with the WH_JOURNALRECORD parameter to create a Journal Record Hook. This hook does not require any DLL, therefore no DLL is injected into other processes. As usual, this test works under a restricted user account. This is not a "new" test in the way of "unknown until now", instead this kind of test has been know for years, it was just added for the sake of completeness
- (# NEW #) GetRawInputData (# NEW #) : This test uses the GetRawInputData() API to redirect raw keyboard inputs to it. This method works without polling, and is more similar to a global hook. The API used is available only since Windows XP and above (e.g. Vista), and does not require Microsoft .NET as people could suppose (as other testing tools are using .NET). "Thanks" to Windows, it works once again on a restricted user account.
AKLT does not handle keys combination such ALT-GR+8, or SHIFT+V, etc... The purpose was not to make a fully functional keylogger, but a simple test tool.
'tool & libs & OpenSource' 카테고리의 다른 글
| Craagle 3.0 (0) | 2009.08.25 |
|---|---|
| Outlook Express Recovery tools (0) | 2009.06.26 |
| DirectDraw Overlay Library (0) | 2009.06.12 |
| Advanced PDF Password Recovery 5.0 (퍼옴) (0) | 2009.06.07 |
| FileZilla FTP Client3.0.0.beta5 (0) | 2009.05.23 |