1 files changed, 54 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6211448
--- /dev/null
+++ b/README.md
@@ -0,0 +1,54 @@
+Evspy is a general purpose kernel-mode keylogger in (early) development stage.
+
+The file from where you can read the registered keystrokes is /proc/driver/evspy
+by default. Only root can read it. Beware users: evspy can troll you.
+
+Don't be evil.
+
+
+** COMPILE **
+    $ make
+
+
+** LOAD **
+    # insmod evspy.ko
+
+
+** UNLOAD **
+    # rmmod evspy
+
+
+** IS IT ALREADY LOADED? **
+    $ modinfo evspy
+
+
+** PERSISTENCE **
+
+* With dkms:
+     # make [install, uninstall]
+
+* Manually:
+    Copy it into your kernel module dir:
+        # cp evspy.ko /lib/modules/$(uname -r)/kernel/drivers/input/evspy.ko
+
+    and update module database:
+        # depmod -a
+    (in some distros you could also need to add it to some rc/config file)
+
+    Once it has been installed, you can load it when you want with
+        # modprobe evspy
+
+
+** OTHER **
+
+A patch is supplied (evspy.patch) to be able to compile a kernel with evspy
+included. If KERN is the directory where your kernel is located, just copy the
+patch there (KERN/) and copy all the evspy files (*.c, *.h, maps, kmap) to
+KERN/drivers/input/. Then, cd to KERN and apply the patch:
+    $ patch -p1 < evspy.patch
+
+Then you should be able to configure the kernel to include evspy just like
+any other module:
+    $ make menuconfig
+        Device Drivers --> Input device support --> Event based keylogger
+    $ ...