Log This! can disable keyloggers by stopping them from picking up your keystrokes, and it can also confuse and overwhelm a keylogger by injecting a number of fake, random keystrokes into the keyboard buffer for every real key you press - these fake keys are picked up by the keylogger on your system, but not by the application. It should work with just about any Windows application, for example you can run Log This! when you use your web browser to stop anyone capturing your password, or even when typing a letter into Word or Notepad.
See the screenshot below - this is where I tested it by typing "Revealer is easily defeated" into Notepad and using the Revealer keylogger - as you can see, Notepad receives my actual keystrokes but Revealer is tricked into logging a load of garbage.
How to use it
Download the program here (includes Delphi source code) and extract the files. Run the program "logthis.exe", you will see an empty window appear. There are a number of options on the left, and if you just leave these as the default options it should block many keyloggers and prevent them from picking up your keystrokes. If you want to use the fake key generation (as shown in the screenshot above), select "Generate Fake Keystrokes" (these will start to appear in the right panel). The other options are described in the Technical Details section further down this page. Then click the "Start Antikeylogging" button. You can click the button again to stop the antikeylogging at any time. If you want to test it, download one of the free keylogger utilities and try it against that, and feel free to let me know if you get any problems.
Note that you may experience the occasional missed or additional key if you are a fast typist - the program will work best if you don't type too fast.
Important disclaimer 1 - no guarantees
I cannot guarantee that this application will defeat every possible keylogger. It will only be able to defeat "hook-based" keyloggers - there are other types of keyloggers such as interrupt or driver-based keyloggers, although these are probably a lot more rare as they require very specialised technical skill to write - anyway, this program comes with no guarantees. Obviously it can only defeat software keyloggers, i.e. if somebody has installed a device inside your keyboard that captures the actual physical keys pressed this component will not be able to get around this. Also, a keylogger may work by continually checking the status of each key using the GetAsyncKeyState function, although I suspect this would consume a lot of resources and would slow your PC down - many online discussions I have read regarding keyloggers regard this as a very inefficient technique and it seems that the majority of professional keyloggers are hook-based, which is the technique that Log This! can disable.
Important disclaimer 2 - effect on Windows stability
Another important disclaimer - this program may cause unexpected behaviour on your PC, including possibly causing other programs to crash. This is because the program interferes with some of the Windows messaging infrastructure in order to try and prevent your keystrokes from being captured. However, it doesn't change any permanent settings so it shouldn't cause any problems that a reboot won't fix. I recommend that you only use it when really necessary (such as when entering passwords) - I do not recommend leaving the antikeylogging activated all the time. And make sure you save your work regularly if using some kind of editor in case your system becomes unstable.
Testing
I have tested the program on three different keylogger programs, Revealer, KGB Keylogger and "Home Keylogger" and all three of these keyloggers can be beaten by Log This!. The KGB keylogger was the hardest to defeat and requires that most of the hooks are disabled, whereas Revealer and the Home Keylogger can easily be tricked into capturing the fake keystrokes by enabling just this option. If you are unsure whether a keylogger is installed on your PC, the safest option is to block all of the hooks.
Can I trust it? How do I know this isn't just another piece of spyware?
Use the source, Luke! I've included all the Delphi source code for the program and associated DLL, so anybody is free to inspect the inner workings of the program. If you are really paranoid feel free to rebuild it yourself from the source. Note that the program does have an option to create a log file for debugging purposes (this option is disabled by default) - if enabled, this log file will contain your keystrokes, but the file isn't secretly sent anywhere, honest!
Technical details:
Log This! uses a technique that many keyloggers use, which is to register with the Windows keyboard hooks (and a number of other system hooks), and when it receives a keystroke message from Windows, instead of secretly recording it, it simply fails to pass the keystroke to the next keyboard hook (which hooks are generally supposed to do). Microsoft's documentation says that by failing to do this, applications that have installed (e.g.) WH_KEYBOARD_LL hooks will not receive hook notifications and may behave incorrectly as a result - yes, that's *exactly* what we want, if that application is trying to record your typing! Note that keyboard hooks are called in the reverse order that they were registered with Windows - in other words run this program after everything else has started up and Windows will pass it the keystrokes ahead of anything else which is what we want.
Note that the Windows documentation also says that If code is less than zero, the hook procedure must pass the message to the CallNextHookEx function without further processing and should return the value returned by CallNextHookEx. - I'm not sure what to do when the hooks pick up a message with a code of less than zero - in theory we should pass this message on, but what if the next hook is a keylogger? I've left this as a configurable option "Forward hooks on non zero code" so you can decide whether these messages should be passed on or not. Leaving this option unchecked will provide the most protection, but it could cause some strange effects and possibly crash other applications.
A really devious keylogger might keep re-registering itself as a keyboard hook in order to make sure it is at the front of the hooks queue, so Log This! will periodically re-register itself as the first hook - you can configure this using the option "Re-register hooks periodically". This defaults to 30 seconds - in theory this could mean that a keylogger that re-registers itself could capture 30 seconds worth of your keystrokes - feel free to change this option if you like but if you make it very low it will affect system performance.
Other notes - the program creates a small file in your Windows directory called "logthis.ini" (just a few lines long) - I don't like doing this but for some reason I cannot find a way to share a variable between the DLL entry point (called by logthis.exe) and the callback procedures in the DLL, which meant that I couldn't find a way of configuring the DLL properly using the options chosen by the user. The file has to be in the Windows directory, because the DLL can't even find out which directory it is in when the callbacks occur. Feel free to delete this file at any time. If I can find a way to do this in a better way I will remove this functionality because it is a bit ugly.
Beating the keyloggers if you have Vista
If you have Windows Vista it appears that you can beat the KGB keylogger (and possibly others) by simply running a program as Administrator - I found that running a program (e.g. Notepad) as Administrator prevents the keylogger capturing your keystrokes even without any other specific measures - I'm not sure whether this is something Microsoft have added deliberately or whether is just accidental, but it's a useful precaution you can take if you have Vista. Note that running an application as administrator is potentially risky though as the application will have full access to your system.
If you have any questions or want to report a bug please drop me a line