[iriche]

One less to have to write if you want to do evil. HP -oh nice, just have to enable their builtin keylogger.

[userbinator]

If you have admin access, you could install whatever keylogger you want, so IMHO this is a moot point.

[citrin_ru]

External keylogger will likely be detected by antivirus sowtware and HP drivers are probably whitelisted.

[gruez]

But you can write a key logger that works without admin rights and on every windows computer in less than 100 lines.

[WhitneyLand]

what api gives a global hook across apps without rights escalation?

[Someone1234]

https://msdn.microsoft.com/en-us/library/windows/desktop/ms6...

[WhitneyLand]

I don’t think that works without rights scalation / admin privileges. I believed it stopped working in Windows Vista, at which time MS locked this and UAC and such things further than in Windows 7.

This answer explains and also has a link to ms with more detail on how it’s blocked: https://stackoverflow.com/questions/3169675/how-to-use-setwi...

Malicious keyloggers are used all the time of course, but I believe they all require some sort of exploit or way to effectively gain admin privileges.

[Someone1234]

It works without administrator, you misread the stackoverflow answer.

The answer was about intercepting messages sent to an already escalated process (i.e. monitoring administrator processes from a user's context, even if they're technically an administrative user).

It works for one user context process monitoring another user context process. It doesn't work for IE or Edge due to LowPriv context isolation.