deadbird

I totally agree your opinion, keylogger sources should not be leaked so easily. And I won't. Keyloggers a way too dangerous. Especially in lamers' hands...

I found a very nice loophole in NTFS support that allows to completely hide files behind others using a malformed filename. I fact I don't really think it's a loophole...maybe a feature... But I know about hidden registry keys, it's a really great idea too

I'm working on a keylogger in fact, and I want to implement a real stealth mode. I'm not really convicted by the solutions I'v foud, such as switching to kernel mode (an thus installing a driver) to make the keylogging process invisible to the task manager. Another solution is to hook the Process32Next function to make it jump over the keylogger, but I thinks that most antivirus can detect such hooks (which are definitely different from keyboard hook!!). The code below help finding these kind ogf hooks. But for regular keyboard hooks things are different. Windows manages a linked list by type of hook (one for keyboard hook, one for mouse hooks, one for windows hooks...) and dispatches events through these chains. A hook installed on a chain can intercept the event and modify it, block it...And windows has pointers to the beginning of each linked list. My goal is to find a way to these pointers. And it seems that no one knows how to get them. More news to come Bye

Thanks! A very interesting tools, but what I was talking about was the other kind of hooks, such as keyboard/mouse hooks...

I'm searching for a method to get a pointer to windows' hooks linked lists. No information on MSDN, no information anywhere, no one knows how to... I really don't want to get user32 disassembled, it'd really p*** me off. Can anyone help?

Thanks a lots for helping, but my problem's still the same. I've downloaded and installed WinPE2 WAIK, but it's XP version of WinPE that I need to use in order ot build an all-round crash recovery tool. I got all the tools I need, I got a minishell I've coded by myself, all I need to complete is drvinst to install a ramdisk and unpack my tools in it. Please help me, I really want to get rid of this! Thanks in advance.

I got the WAIK, but not drvinst in it!

I'm still in troubles because of drvinst, I'm can't find it anywhere Can someone pleeeease send me the file at deadbird99{at}gmail(dot)com ? Thank you!

Wow, 690Megs... Can someone send me only drvinst, please?

Hello everyone! I need help: I can't find drvinst into my winpe release and it's annoying me! Can someone send me it? To deadbird99_at_gmail_dot_com Thanks!