Suspicious keyboard hook

Discussion in 'privacy technology' started by sTickfigure, Dec 1, 2006.

Thread Status:
Not open for further replies.
  1. sTickfigure

    sTickfigure Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    12
    hi everyone! i've been searching through quite a few of the posts on the forum but i can't find a similar thread. i've been a user of snoopfree for a while now and it has never given me any problems until now. i have a game called baldur's gate 2: shadows of amn (throne of bhaal expansion is installed as well). i installed the game from original store bought cds and have not installed or downloaded any other patches.

    when i try to run the game, it starts just fine but once i get to a certain screen, it locks up and i get a prompt from snoopfree asking whether i want to allow a keyboard hook. if i allow this hook, the game runs just fine. but if i deny it permission, then none of the buttons i click in the game window afterwards will work. i can fix this problem only by removing the rule set within snoopfree and then reinstalling the game. tests on another computer without snoopfree show that the game also plays and runs fine without snoopfree installed. another test with a trial of zonealarm pro shows that the firewall doesn't detect the hook (even though it detects hooks from other programs). i have since then uninstalled the firewall. what i've done in the past with snoopfree is deny hooks, and most of the programs still worked. this is an exception

    even though the cds are legitimate, i'm afraid there's something fishy going on in the game. though i've never played the game before, i've heard that it's a good rpg and i would definitely like to try it but i'm at a loss as to what to do here. i tried returning it to the store, but i exceeded their 30 day return period by almost 2 months (i bought the game about 3 months ago), so it looks like my only options are to either get it working or watch my money go down the drain. so i'd greatly appreciate any help, suggestions or comments that would help me in resolving this!
     
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia

    Highly likely there is nothing wrong here. Many applications (legitimate) use hooks.

    If you have installed of storebought CDs with no cracks or anything like that I would be quite confident that all is well.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,703
    Hello,
    Nothing fishy about that.
    I've played several games that implement keyboard shortcuts in a curious way, and go through SnoopFree filter. For example, Dragon Throne: Battle of the Red Cliffs. Even VMware requires keyboard hooks so you can switch between host and guest. If you bought the game, nothing to worry about.
    Mrk
     
  4. sTickfigure

    sTickfigure Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    12
    that is quite interesting. is there only one type of keyboard hook or are there multiple types? i ask this because in one of my tests a trial version of zonealarm pro (which is supposed to be fully functional) failed to detect this particular hook. i assumed that if snoopfree detected it, zonealarm pro also would, but this was not the case. i figured that either one of the them must hook first and assumed at first that if snoopfree hooked first, then by allowing it through snoopfree, zonealarm would catch it. and if zonealarm caught it first, then snoopfree wouldn't alert me at all. it turns out i was wrong in both cases. when i did allow it through snoopfree, zonealarm didn't so much as pop up a window. and of course, since zonealarm was incapable of detecting it, it can't be the first one to catch the hook...
     
  5. internetexplorer

    internetexplorer Registered Member

    Joined:
    Mar 10, 2007
    Posts:
    2
    Maybe they've updated zonealarm recently. I just installed snoopfree which led not only to it catching a hook from ZA but ZA catching one from snoopfree! Obviously I want both of them to work if possible, so I was forced to allow both of them to do whatever they want in order to help catch the real problems.
     
Thread Status:
Not open for further replies.