I'm working on a keylogger in fact, and I want to implement a real stealth mode. I'm not really convicted by the solutions I'v foud, such as switching to kernel mode (an thus installing a driver) to make the keylogging process invisible to the task manager. Another solution is to hook the Process32Next function to make it jump over the keylogger, but I thinks that most antivirus can detect such hooks (which are definitely different from keyboard hook!!). The code below help finding these kind ogf hooks. But for regular keyboard hooks things are different. Windows manages a linked list by type of hook (one for keyboard hook, one for mouse hooks, one for windows hooks...) and dispatches events through these chains. A hook installed on a chain can intercept the event and modify it, block it...And windows has pointers to the beginning of each linked list. My goal is to find a way to these pointers. And it seems that no one knows how to get them. More news to come Bye