![]() ![]()
There have been advances to lock down the process though, such as requiring "signed drivers," which reduces the likelihood of malicious drivers getting into the driver chain, and anti-viruses that can detect bad behavior by apps. The problem has nothing to do with the fact that every program gets a copy of a keyboard event, but the fact that the HAL needs to be able to transform messages from hardware to kernel messages, and global hot keys are necessary to provide features to the user without each program needing to be built to provide the same features. However, you should note that not "all" programs get a copy of a keyboard message, only drivers, global hot key handlers, and the in-focus application. However, just as this is a great feature to have, it can also be abused by a program. Without all of these global hot keys, the OS would be very annoying to use, and apps would be far more complex as a result. This allows not just Alt-Tab to work (the window manager intercepts these messages to switch apps), but also most media programs request handlers to support multi-media keys like play, rewind, and fast forward, and other user-land apps for volume control, etc. #RECEIVE KEYSTROKES FROM ANY APPLICATION SOFTWARE#Fortunately, since they are in memory, anti-malware software can detect and disable such behavior.įinally, you have an intentional "hole" in the OS, usually referred to as "global hot keys", that allows any application to request that the keyboard messages are passed to them before the in-focus application. This is the nature of the hardware abstraction layer (HAL) that the drivers are a part of. ![]() Drivers can do pretty much whatever they want, and the OS can't strictly detect that a driver is diverting messages for nefarious purposes, because they get to inspect messages before the OS does. The other common kind of logging happens in software, which can happen either before the OS has a chance to see the keyboard messages, or after. The OS literally cannot detect that such logging is going on. A hardware keyboard logger, for example, is a dongle that has a USB or PS/2 input on one end, and a USB port or PS/2 on the other, such that the keyboard passes data through this device and is intercepted. They could be from a keyboard, from a IR device, or any other source that could send a signal designed to be interpreted as a keyboard. The driver chain allows the kernel to not care about "how" the keystrokes are generated, only that they are. The basic design goes like this: hardware events are received by driver chains, which then pass messages to the kernel, that then dispatches it to a global hotkey chain, and finally to the intended application (if not cancelled by any prior step in the chain). The keyboard to application interface goes through several phases, some of which the OS has little control, and some that is provides explicit hooks into for additional functionality. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |