Surveillance software internals

[Marcos]

Surveillance software internals

I heard about a surveillance software named nok-nok that monitors,
records and logs all keyboard input and screen views on Windows. It
saves all captured data in the hard drive in a region unaccessible to
Windows.
(http://download.com.com/3000-2653-10226035.html)

I friend of mine that worked at the company that developed the
software says that it runs on the CPU without any interference of
Windows, I mean, Windows is completelly agnostic about its existence.

Another interesting thing is that it works even during the windows
logon screen which IMRO implies that it is not a Windows task.

Does anyone know how could this be possible? Is it possible that it
is using the same techinique as VMWare? Does anyone know where I can
find information related to implementing such characteristics?

Thank you in advance for any information you can give

Sincerely,

Marcos

[Alexander Grigoriev]

It might be running in SM mode, but for that you'd need to reprogram BIOS.

"Marcos" <marcos.p...@wingstelecom.com.br> wrote in message
news:311e711d.04030...@posting.google.com...

[Maxim S. Shatskih]

> I friend of mine that worked at the company that developed the
> software says that it runs on the CPU without any interference of
> Windows, I mean, Windows is completelly agnostic about its existence.

Maybe this is a usual marketing stuff :-)

Supporting all video modes in such a software is a huge PITA, look at SoftICE
for instance.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
ma...@storagecraft.com
http://www.storagecraft.com

[David P]

Try running the OSR device viewer utility. I'll bet you can see their
keyboard filter driver device object in the kbd stack. User mode
message hooking can easily be defeated by ctrl-alt-del so there is a
good chance they are collecting this info via a device driver.

If they do not use any filter driver then I think this is an
interesting mystery....

David