<br />
<b>Deprecated</b>:  htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated in <b>/home2/muc/public_html/journal/plugins/generic/citationStyleLanguage/CitationStyleLanguagePlugin.php</b> on line <b>451</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home2/muc/public_html/journal/plugins/generic/citationStyleLanguage/CitationStyleLanguagePlugin.php:451) in <b>/home2/muc/public_html/journal/plugins/generic/citationStyleLanguage/CitationStyleLanguagePlugin.php</b> on line <b>654</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home2/muc/public_html/journal/plugins/generic/citationStyleLanguage/CitationStyleLanguagePlugin.php:451) in <b>/home2/muc/public_html/journal/plugins/generic/citationStyleLanguage/CitationStyleLanguagePlugin.php</b> on line <b>655</b><br />
TY  - JOUR
TI  - Detecting keylogger virus by monitoring keyboard driver stack
PY  - %2022/%12/%21
Y2  - %2025/%12/%22
JF  - مجلة المنصور
JA  - مجلة المنصور
VL  - 16
IS  - 1
LA  - en
UR  - https://journal.muc.edu.iq/journal/article/view/310
SP  - 75-90
AB  - This work is devoted to design and implement a software to monitor keyboard driver stack for any illegalembedding of malicious filter driver. Filter drivers is the effective tool used by keylogger software to record userkeystrokes. Recording keystrokes is a very hostile action and it is mostly done by viruses.Enumerating the size of the drivers stack dedicated for the keyboard device and the location of upper mostfilter driver. A filter driver is designed along this paper using Microsoft Driver Development Kit (DDK) 2003, thisfilter driver is going to be attached to the keyboard driver stack to be the upper most keyboard filter driver. Anotheruser level program is designed to interact with the filter driver. When Windows I/O manager will send Input/OutputRequest Packet (IRP) the filter driver will intercept that packet and send back to the user level program speciallydesigned along this paper. The stack depth and stack location will be retrieved from IRP sent by the filter driver
ER  -