Abstract: Keylogger is the most basic computer monitoring technology and is widely used by malicious code, it has important signiifcance in the ifeld of computer security testing. This paper describes the keyboard information processing mechanism on Windows systems, analyzes and summarizes the four kinds of typical keylogger technology:messages HOOK, kernel function HOOK based on function intercept and keyboard scanning, active polling based on keyboard state detection. The experimental results show that the recall of the four kinds of mainstream keylogger technology can reach 100%. But these four keylogger technology lack of imperceptibility, cannot avoided searching and killing of mainstream security software. While in addition to polling the keyboard, the rest kinds of keylogger technology can’t resist the interference of mainstream anti-theft mechanisms.