Skip navigation

Finding the keylogger hooks, part 2

Finding the keylogger hooks, part 2: Windows Performance Toolkit: Spyware Detection
Finding the keylogger hooks, part 2: Windows Performance Toolkit: Spyware Detection

In Part 1 we found the svchost process only coming in at the exact time we were performing key presses in notepad. We saw this by inspecting the Timeline by Process and Thread chart. In Part 2 we confirm our suspicion by call stack walking on the New Thread stack column in an effort to find Windows API calls to CallNextHookEx, CallHook2 and KBDLLHOOKSTRUCT. Seeing these calls in the thread stack during the time we are pressing down on the key board is a big indicator that this svchost process is doing some malicious.

  • Overview
  • Transcript
  • View Offline
Resume Transcript Auto-Scroll
Skill Level Intermediate
55m 6s
Duration
7,418
Views
Show More Show Less
Skills covered in this course
Development Tools Developer Windows

Continue Assessment

You started this assessment previously and didn't complete it. You can pick up where you left off, or start over.

Start Your Free Trial Now

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now