diff options
| -rw-r--r-- | README.md | 36 |
1 files changed, 19 insertions, 17 deletions
@@ -1,3 +1,5 @@ +# Evspy + Evspy is a general purpose kernel-mode keylogger in (early) development stage. The file from where you can read the registered keystrokes is /proc/driver/evspy @@ -6,49 +8,49 @@ by default. Only root can read it. Beware users: evspy can troll you. Don't be evil. -** COMPILE ** - $ make +## COMPILE + `$ make` -** LOAD ** - # insmod evspy.ko +## LOAD + `# insmod evspy.ko` -** UNLOAD ** - # rmmod evspy +## UNLOAD + `# rmmod evspy` -** IS IT ALREADY LOADED? ** - $ modinfo evspy +## IS IT ALREADY LOADED? + `$ modinfo evspy` -** PERSISTENCE ** +## PERSISTENCE * With dkms: - # make [install, uninstall] + `# make [install, uninstall]` * Manually: Copy it into your kernel module dir: - # cp evspy.ko /lib/modules/$(uname -r)/kernel/drivers/input/evspy.ko + `# cp evspy.ko /lib/modules/$(uname -r)/kernel/drivers/input/evspy.ko` and update module database: - # depmod -a + `# depmod -a` (in some distros you could also need to add it to some rc/config file) Once it has been installed, you can load it when you want with - # modprobe evspy + `# modprobe evspy` -** OTHER ** +## OTHER A patch is supplied (evspy.patch) to be able to compile a kernel with evspy included. If KERN is the directory where your kernel is located, just copy the patch there (KERN/) and copy all the evspy files (*.c, *.h, maps, kmap) to KERN/drivers/input/. Then, cd to KERN and apply the patch: - $ patch -p1 < evspy.patch + `$ patch -p1 < evspy.patch` Then you should be able to configure the kernel to include evspy just like any other module: - $ make menuconfig + `$ make menuconfig` Device Drivers --> Input device support --> Event based keylogger - $ ... + `$ ...` |