Is there a way to enumerate the hooks that have been installed on the system? I'd like to be able to detect a software keyboard sniffer.

As far as I know, theres no way to enumerate system hooks from application-level code.
However, what you could do is to install a system hook of your own, of type WH_DEBUG, which would be called before any other non-debug hook procedure is notified. You can then study the supplied debug structure, and optionally, return a non zero value from your debug hook proc to prevent the hook from being called.

Regards

Carpathia

I'm backup up carps statement... afaik there's no way to check upon other ppl's hooks.. I'm also not 100% sure though.

If you look at the api ref you'll see how to set up your own WH_KEYBOARD hook and then you can choose not to pass on the hook (terminating the chain).. not that this is a direct answer to your question though

If you want to make sure that you have a hook that is in front of all other hooks; check out the vxd that defiler has on his site (defiler.cjb.net) - it's an example of a ring0 keyboard hook which works fine.

Good luck.

Predator [PC/pGC]

There has to be; Under Windows 98, at least, Start|Programs|Accessories|System Tools|System Information shows it under the Software Environment\System Hooks branch in the tree view.



Thanks; I wonder if vxd hooks show up with this app...

Mike

well, while i was browsing i found a possible solution for you..

check out elicz' site at http://www.anticracking.sk/EliCZ/

you'll see something like ShowGWH or something.. that just might be the thing you are looking for..

later,
pred.

Thanks! That's exactly what I needed.