Anti-Keylogger Tester v3.0
  > CATEGORIES
  LEAK TESTING
  KILL TESTING
  ADVICES
  DOCUMENTS
  REWARDS
  > IN THE WILD
  > LINKS
  > FAQ
  > TOOLS

     SCAN YOUR COMPUTER

     TEST YOUR BROWSER
What is Anti-Keylogger Tester ?

Some trojans includes keylogging functionalities, that can steal confidential information you are typing. To fight this threat, many HIPS software, and also dedicated anti-keyloggers software, now provide anti-keylogger features. However, there is many ways to monitor the keyboard, and few HIPS cover them all.

AKLT is a tool using 7 different methods to monitor your keyboard, and enables you to check your defences. AKLT provides hook based, and hookless/cyclical polling tests.

Additionaly, AKLT provides two ways of taking screenshots, as a keylogger or a trojan could do. In case one of your security software is claiming to provide a "screenshot protection" feature, you will be able to test it thanks to AKLT.



Click to enlarge   Click to enlarge

Download

Link : AKLT.exe - (View EULA)
Size : 169 KB
MD5 : 6CA9677DBE685238BDFF4861188B8203
SHA-1 : 07A478CAAFB1079B0F8110FC6532AF78A6BAB132
Compatible : Windows 2000 / XP / 2003 server / Vista (32bits & 64bits)

Guide/Howto : AKLT Guide : how to use AKLT and what you can expect.

The seven keylogging methods used are :

- GetKeyState : This API returns the current key state for a given key. This API must be called for every keys, constantly (e.g every 10ms) in order to not miss any key the user may press. This method is less reliable than a global hook, but is more stealthy, and does not require administrator privileges.

- GetAsyncKeyState : This API is similar to GetKeyState, except that it can receive keys that has been pressed, and not only the one pressed at the moment the function is called. As the previous method, it does not require administrator privileges.

- DirectX : This method is using APIs from DirectInput functions family (from DINPUT.DLL). It requires that DirectX 7.0 or higher is installed, which is not a problem as DirectX is bundled with Microsoft Windows Operating Systems. It is more stealth as being less known (I've never heard of it before). Of course video games use DirectX to monitor your keyboard, but I'm not aware of any malware using DirectX for malicious purposes. As the previous method, it does not require administrator privileges.

- GetKeyboardState : This test uses the GetKeyboardState() and AttachThreadInput() Windows APIs to monitor your keyboard. This function is polled every 10ms and returns back the pushed keystroke of the current window which has the focus. Like the first method, no hooks are created and it works under a restricted user account or a guest account (no administrator privileges required).

- LowLevel Keyboard Hook (SetWindowsHookEx) : This test uses the well known SetWindowsHookEx() API with the WH_KEYBOARD_LL parameter to create a Low Level Keyboard Hook. This hook does not require any DLL, therefore no DLL is injected into other processes. As usual, this test works under a restricted user account. This is not a "new" test in the way of "unknown until now", instead this kind of test has been know for years, it was just added for the sake of completeness.

- JournalRecord Hook (SetWindowsHookEx) : This test uses the well known SetWindowsHookEx() API with the WH_JOURNALRECORD parameter to create a Journal Record Hook. This hook does not require any DLL, therefore no DLL is injected into other processes. As usual, this test works under a restricted user account. This is not a "new" test in the way of "unknown until now", instead this kind of test has been know for years, it was just added for the sake of completeness

- (# NEW #) GetRawInputData (# NEW #) : This test uses the GetRawInputData() API to redirect raw keyboard inputs to it. This method works without polling, and is more similar to a global hook. The API used is available only since Windows XP and above (e.g. Vista), and does not require Microsoft .NET as people could suppose (as other testing tools are using .NET). "Thanks" to Windows, it works once again on a restricted user account.

AKLT does not handle keys combination such ALT-GR+8, or SHIFT+V, etc... The purpose was not to make a fully functional keylogger, but a simple test tool.


If you have any suggestions or ideas or have found any problems with it, please email me at gkweb@firewallleaktester.com

If you whish to support the website, you can donate here


To see the CHANGELOG, click HERE

Home      News      Contact      Online form      Mailing list