Skip navigation

Finding the keylogger hooks, part 3

Finding the keylogger hooks, part 3: Windows Performance Toolkit: Spyware Detection
Finding the keylogger hooks, part 3: Windows Performance Toolkit: Spyware Detection

In Part 2 we performed call stack walking on the New Thread Stack so we could see what the svchost process was doing when we performed key presses. In Part 3 we continue our investigation by finding more proof that this svchost process is malicious. We look at the CPU Usage sampled chart and perform call stack walking on the key logger process during the time it was active. We look at what calls were made after seeing UserCallbackDispatcher which results in KBDLLHOOKSTRUCT coming in.

Resume Transcript Auto-Scroll
Skill Level Intermediate
55m 6s
Duration
13,713
Views
Show More Show Less
Skills covered in this course
Development Tools Developer Windows

Continue Assessment

You started this assessment previously and didn't complete it. You can pick up where you left off, or start over.

Start My Free Month

Start your free month on LinkedIn Learning, which now features 100% of Lynda.com courses. Develop in-demand skills with access to thousands of expert-led courses on business, tech and creative topics.

Start My Free Month

You are now leaving Lynda.com and will be automatically redirected to LinkedIn Learning to start your free trial.