Just interested in this: monitoring and logging local keystrokes

[Michaetito]

Take look at meterpreter scripts. Specialy that for keystroke sniffing.

[Gitsnik]

first, because it looks great.

And the second reason is, to get familiar with system-monitoring

Perhaps I will write a system-monitor by myself, some time later.

Who konws.

The sources of lkl seem to be available, it would be very interesting to take a look at them.

There is no sane reason to be logging your keystrokes in this format. Not only will you get a bunch of BS output, "dumping the opcodes" will be sporadic and stupid.

A far niftier trick is to execute something like the scripts linked (which I still find hilarious), or do what I do, and run "hexdump -C /dev/random" in an embedded console window. It will look a lot "l33t"er, and (if you're like me) you start to see patterns in a so-called random system.

On the topic of system monitoring, spend some time getting to know how... *ahem*... "hackers" are monitored by those who are in the know, who actively spend time rolling around in honey pots (as it were). They even have a proper tool for that sort of thing.

In short, find a decent reason to be logging keystrokes, and use a proper tool for it after doing a decent amount of research on the topic.

[me-$-on]

There is no sane reason to be logging your keystrokes in this format. Not only will you get a bunch of BS output, "dumping the opcodes" will be sporadic and stupid.

A far niftier trick is to execute something like the scripts linked (which I still find hilarious), or do what I do, and run "hexdump -C /dev/random" in an embedded console window. It will look a lot "l33t"er, and (if you're like me) you start to see patterns in a so-called random system.

On the topic of system monitoring, spend some time getting to know how... *ahem*... "hackers" are monitored by those who are in the know, who actively spend time rolling around in honey pots (as it were). They even have a proper tool for that sort of thing.

In short, find a decent reason to be logging keystrokes, and use a proper tool for it after doing a decent amount of research on the topic.

The dev urandom thing is ugly, my frîend.

I do not want useless things to be presented on the screen.

But, You are seeing patterns in random output. Sounds funny.

And, i am programming, too.

So obviously you do understand my passion to do this by myself.

[Snayler]

nevermind...

[lupin]

I do not want useless things to be presented on the screen.

Displaying keystrokes from your own system seems kind of useless to me. So does displaying opcodes unless you are actively trying to reverse engineer or find vulnerabilities in a particular program. The traditional definition of system monitoring doesn't include either activity - it usually focuses on system information that is relevant to a systems performance or security, depending on what your monitoring focus is.

For performance you might look at levels of network activity, CPU utilisation, memory capacity, hard disk usage, etc. For security monitoring you might look at process lists, audit events, active network connections, etc.

Is there some specific goal you think can be achieved by looking at opcodes and keystrokes?

[me-$-on]

It just interests me, what opcodes are working in the background.

I would try to code this by myself, so that I would see tha active thread of the actual process by name and number and the occuring opcodes.

As I started reading the "Art of Assembly", I must admit, that this is a very interesting topic to me.

And, audit events?

Would be perfect.

I read about that in a WinApi-Snippet, it was about UI-hooks.

Will this be the same with X???

[KMDave]

nevermind...

Well I do mind posts like that.

@topic

Well it will slow your system down really bad. You would have to real-time monitor every process on your system.

You might want to dig into gdb.

[me-$-on]

because of Your avatar.


So, I thought about performance-issues regarding the disassembly of each active thread.

And it seems, I was right.

What about this: Getting the active thread, dumping the memory-contents to a file and using this as a buffer to read from and display this?
Would this be a useful workaround?




And what about catching occurring events?
Is It done the same way, like in Windows? By using GUI-hooks?