This paper is devoted to design and implement an Anti spyware software package.
The targeted type is the kernel level spyware which is the most dangerous threat due to
the capabilities granted to the spyware code injected in this level. Kernel level is the
most trusted level and the code executed at this level will have accessibility to all
system resources. This paper will introduce a methodology to lock device stack for any
attaching of malicious filter driver, spyware is using filter driver as the main weapon to
intercept data exchanged by system devices (physical, logical or virtual) and the I/O
The paper interduces also, a locking methodology for the device stack is presented
and all kernel level APIs are explained. The ‘keyboard’ is the target stack to be locked
against famous attack of keyboard logger.