AntarYami Core Infrastructure Logo

AntarYami keylogger

Native C# Operating System Internals & Telemetry Broker by AntarYami

Research Statement

As a Computer Science & Engineering (CSE) student deeply fascinated by operating system internals and security research, I wanted to understand exactly how low-level Windows APIs interface with high-level network applications. Instead of relying on pre-built third-party administrative utilities, I challenged myself to build a robust endpoint management platform from scratch. This project allowed me to explore multi-threading models, registry-based execution contexts, and cryptographic machine identifier generation in a real-world software architecture scenario.

CRITICAL ADVISORY FOR ALL WINDOWS USERS

This technical demonstration exposes a fundamental reality regarding standard desktop environments: Traditional operating system user account boundaries are not self-sufficient shields against automated data discovery. If an untrusted application is executed under an active user context, it inherits the capability to interface with native system APIs directly.

To safely mitigate local interception risks, users should immediately enforce strict security protocols: avoid saving credentials directly within basic web-browser storage utilities, utilize dedicated credential managers running standalone cryptographic runtimes, and enforce Multi-Factor Authentication (MFA/2FA) on all administrative network identities.

C# Compiled Core Architecture

Native Hook Integration

Processes raw inputs directly at the kernel tier using the Win32 API WH_KEYBOARD_LL callback configuration, running completely independent of local frame rendering models.

Full Unicode Translation

Features an automated ToUnicode layout extraction mapping engine, ensuring fluent capturing of variable cases, shifts, symbols, and specialized regional character strings.

Asynchronous Buffered Output

Leverages multi-threaded Task.Run wrappers alongside isolated tokenization loops to compile alphanumeric inputs into complete word packets before running secure HTTP operations.

AntarYami Real-Time Inbound Stream