I've analyzed some keyloggers in the past and many of them are very simple, using GetKeyState function. This function (along with GetAsyncKeyState and others) is one of the most checked by a good antivirus that, most likely will detect a suspicious behaviour.
Some sophisticated keyloggers create a hook to the int21 of the keyboard, and they use a reliable method of sending the keystrokes using a "send" GET/POST type to a backend in PHP for example, or they work at a low level by hooking directly to the interrupt.
Some keyloggers of this type are essentially based on WH_KEYBOARD_LL Windows hook. This hook allows to intercept low-level keyboard event generated by the user. By specifying an appropriate callback (in some case RawInputKeyboard), it is possible to hijack all the keystroke to this function, recording them in memory. The keystrokes are recorded in a dynamic buffer that increases, based on the amount of received data. Usually these keyloggers “empty” the buffer by sending data to a specific and configurable URL. The submission (a simple HTTP POST call) is made over the library libCurl. A secondary hook (WH_MOUSE_LL), allows to receive mouse events (position, left click, right click, double click, etc..).
However, if you want a good anti keylogger, I suggest you a simple test using Hooker Lite and seeing which of them works fine for you.