Skip to content

gramosg/evspy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
kmap
kmap
 
 
maps
maps
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
TODO
TODO
 
 
dkms.conf
dkms.conf
 
 
evspy-core.c
evspy-core.c
 
 
evspy.h
evspy.h
 
 
evspy.patch
evspy.patch
 
 

Repository files navigation

Evspy

Evspy is a general purpose kernel-mode keylogger in (early) development stage.

The file from where you can read the registered keystrokes is /proc/driver/evspy by default. Only root can read it. Beware users: evspy can troll you.

Don't be evil.

Compile

$ make

Load

# insmod evspy.ko

Unload

# rmmod evspy

Is it already loaded?

$ modinfo evspy

Persistence

  • With dkms:

      # make [install, uninstall]

  • Manually: Copy it into your kernel module dir:

      # cp evspy.ko /lib/modules/$(uname -r)/kernel/drivers/input/evspy.ko

    and update module database:

      # depmod -a

    (in some distros you could also need to add it to some rc/config file)

    Once it has been installed, you can load it when you want with

      # modprobe evspy

OTHER

A patch is supplied (evspy.patch) to be able to compile a kernel with evspy included. If KERN is the directory where your kernel is located, just copy the patch there (KERN/) and copy all the evspy files (*.c, *.h, maps, kmap) to KERN/drivers/input/. Then, cd to KERN and apply the patch:

$ patch -p1 < evspy.patch

Then you should be able to configure the kernel to include evspy just like any other module:

$ make menuconfig
    Device Drivers --> Input device support --> Event based keylogger
$ ...

About

Linux module - event based keylogger

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages