What is Anti-Keylogger Tester ?

[Shinobi]

Some trojans includes keylogging functionalities, that can steal confidential information you are typing. To fight this threat, many HIPS software, and also dedicated anti-keyloggers software, now provide anti-keylogger features. However, there is many ways to monitor the keyboard, and few HIPS cover them all.

AKLT is a tool using 4 different methods to monitor your keyboard, and enables you to check your defences. AKLT does not try to monitor your keyboard by using a global hook, nor any DLL/code injection, as these methods are widely known and covered by all security software I have tested.

Additionaly, AKLT provides two ways of taking screenshots, as a keylogger or a trojan could do. In case one of your security software is claiming to provide a "screenshot protection" feature, you will be able to test it thanks to AKLT.




The four keylogging methods used are :

- GetKeyState : This API returns the current key state for a given key. This API must be called for every keys, constantly (e.g every 10ms) in order to not miss any key the user may press. This method is less reliable than a global hook, but is more stealthy, and does not require administrator privileges.

- GetAsyncKeyState : This API is similar to GetKeyState, except that it can receive keys that has been pressed, and not only the one pressed at the moment the function is called. As the previous method, it does not require administrator privileges.

- DirectX : This method is using APIs from DirectInput functions family (from DINPUT.DLL). It requires that DirectX 7.0 or higher is installed, which is not a problem as DirectX is bundled with Microsoft Windows Operating Systems. It is more stealth as being less known (I've never heard of it before). Of course video games use DirectX to monitor your keyboard, but I'm not aware of any malware using DirectX for malicious purposes. As the previous method, it does not require administrator privileges.

- (# NEW #) GetKeyboardState (# NEW #) : This test uses the GetKeyboardState() and AttachThreadInput() Windows APIs to monitor your keyboard. This function is polled every 10ms and returns back the pushed keystroke of the current window which has the focus. Like the first method, no hooks are created and it works under a restricted user account or a guest account (no administrator privileges required).

AKLT does not handle keys combination such ALT-GR+8, or SHIFT+V, etc... The purpose was not to make a fully functional keylogger, but a simple test tool.


As with previous AKLT versions, keys are not considered "intercepted" if AKLT's window has the focus. Likewise, some HIPS won't make any alert until AKLT looses the focus. That is the intended behavior. Therefore, either select another window once the test is started, or minimize AKLT.


If you have any suggestions or ideas or have found any problems with it, please email me at gkweb@firewallleaktester.com

http://www.firewallleaktester.com/aklt.htm

main page: http://www.firewallleaktester.com

Nice tool indeed, been using this since version one and all the other tools available at the site too
Check all the tools here: http://www.firewallleaktester.com/tools_list.htm

If you cant get a hold of WGA remover then just hit me up on a pm.....