5

Other than for app launch shortcuts, which should only be provided by the O/S, what are the legitimate uses of things like Windows keyboard hooks? It seems to me that we only have problems with things like key loggers because operating systems provide hooks to do things that should not be permitted by anyone under any condition except the O/S kernel itself.

EDIT: OK, so given some legitimate places where they may be required, should not the O/S provide a high level ability to globally turn them off, and only allow exceptions on a program-by-program basis?

Lawrence Dol
  • 63,018
  • 25
  • 139
  • 189
  • You usually can... for example, OS X has a secure input assertion which blocks any programs registered for keyboard events until the assertion is cleared. This is activated by default in things like password boxes from IB and terminal entry when in secure mode. – Jason Coco Nov 22 '08 at 03:04

5 Answers5

3

I'm currently working on a mobile application platform / hardware abstraction layer for an enterprise client, and one requirement was that a screensaver would be brought up after a certain period of inactivity. Since mobile devices don't have mice to move, "activity" consists of key presses or screen taps. One of our devices doesn't have a touchscreen, and, to make a long story longer, the mobile hardware vendor didn't properly implement the Win32 API calls that would allow me to get the time since the last user input.

Since the hardware vendor was unwilling to implement the Win32 API properly, the next best way I knew of to ensure that my console application could trap key presses in any application on the system was to install a global keyboard hook.

That said, I agree that the average consumer scenario is very different from mine, and the OS should allow the user to whitelist activities like this.

RJ Cantrell
  • 161
  • 3
  • 20
2

Not true, there are environments where the owner of the computer may want to stop things such as Ctrl+Alt+Delete... example, a Kiosk, or... .... Best Buy?

AEM
  • 1,354
  • 8
  • 20
  • 30
Timothy Khouri
  • 31,315
  • 21
  • 88
  • 128
  • A keyboard hook can't stop Ctrl+Alt+Delete as it is part of the Secure Attention Sequence. If you want to change the logon process, you need to write a custom dll to replace msgina.dll – Roland Rabien Nov 22 '08 at 04:16
  • People still typically call that a keyboard hook. (At least we did in the old days) :) – Timothy Khouri Nov 22 '08 at 11:39
  • In fact, CTL-ALT-DEL is specifically designed not to be able to be intercepted by any program; it's how you know you are looking at a bona-fide login screen and not a fake. Besides, the O/S should provide such control of CAD, not an application intercepting it. – Lawrence Dol Nov 24 '08 at 17:58
1

For example I have installed two applications;

  • One maps Windows-V as paste unformatted text
  • Another one modifies how caps lock works

I think both of them require a hook.

wimh
  • 15,072
  • 6
  • 47
  • 98
1

I wrote an app that let me place virtual sticky notes on my monitor. I used an OS keyboard hook to bind a hotkey to it.

I had an option in settings to disable the hook.

FlySwat
  • 172,459
  • 74
  • 246
  • 311
0

There may not be a lot of legitimate uses. However, I'm of the opinion that you shouldn't intentionally limit the features of a system, simply to make it more secure.

Also, a key-logger isn't a bad thing if you know it's there and you installed it yourself.

Kibbee
  • 65,369
  • 27
  • 142
  • 182