Skip navigation

Finding the keylogger hooks, part 3

Finding the keylogger hooks, part 3: Windows Performance Toolkit: Spyware Detection
Finding the keylogger hooks, part 3: Windows Performance Toolkit: Spyware Detection

In Part 2 we performed call stack walking on the New Thread Stack so we could see what the svchost process was doing when we performed key presses. In Part 3 we continue our investigation by finding more proof that this svchost process is malicious. We look at the CPU Usage sampled chart and perform call stack walking on the key logger process during the time it was active. We look at what calls were made after seeing UserCallbackDispatcher which results in KBDLLHOOKSTRUCT coming in.

  • Overview
  • Transcript
  • View Offline
Resume Transcript Auto-Scroll
Skill Level Intermediate
55m 6s
Duration
7,390
Views
Show More Show Less
Skills covered in this course
Development Tools Developer Windows

Continue Assessment

You started this assessment previously and didn't complete it. You can pick up where you left off, or start over.

Start Your Free Trial Now

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now