By system messages I mean the communication between hardware and the OS, (such as scancodes from the keyboard.) And you're right, taking on that task would be enormous.

Rootkits seem likely but they do run within the OS environment. Maybe I should spend more time looking into them. Basically here's what I've been researching: I'm looking for as many ways theoretically possible, (a proof of concept,) to capture the "ctrl+alt+del" login sequence for Windows. I don't need to capture keystrokes in a web browser, that's been done to death. Something that runs stealthly would be a nice feature but is not manditory on all concepts.

If I remember correctly, the loging seqence is locked down by Windows so most keyloggers, (the ones I looked into and studied,) don't work. So, would you have any other possible methods/sugestions/theories of how this capture could be acheived?

Thanks again for your time and Good article about Sony's rootkit too. I remember reading about it back in early Nov.