给出:
sudo cat /dev/input/by-id/usb-Logitech_USB_Keyboard-event-kbd > test_keylogger_azerty
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/types.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <xcb/xcb.h>
#include <xcb/xcb_keysyms.h>
#include <X11/Xlib.h>
#include <linux/input.h>
int main(int ac, char **av)
{
int fd, col;
xcb_connection_t *connection;
xcb_key_symbols_t *symbols;
struct input_event ev;
if (ac != 3) {
printf("Usage: %s <dump file> <symbol table index>\n", av[0]);
exit(EXIT_FAILURE);
}
connection = xcb_connect(NULL, NULL);
symbols = xcb_key_symbols_alloc(connection);
col = atoi(av[2]);
fd = open(av[1], O_RDONLY);
while (read(fd, (void *) &ev, sizeof(ev))) {
if (ev.type == EV_KEY && ev.value == 1)
printf("type: %x code: %x value: %2x => %s\n",
ev.type, ev.code, ev.value,
XKeysymToString(xcb_key_symbols_get_keysym(symbols, ev.code, col)));
}
printf("\n");
close(fd);
return(EXIT_SUCCESS);
}
使用xev进行的测试告诉我:a == 24,b == 25 [...] y == 29。
但是,当我运行程序时,获得的代码不匹配(因此,猜测的对应符号也不匹配):
$ ./reverse_kl test_keylogger_azerty 0
type: 1 code: 10 value: 1 => egrave
type: 1 code: 11 value: 1 => underscore
type: 1 code: 12 value: 1 => ccedilla
type: 1 code: 13 value: 1 => agrave
type: 1 code: 14 value: 1 => parenright
type: 1 code: 15 value: 1 => equal
type: 1 code: 1c value: 1 => t
type: 1 code: 1d value: 1 => y
type: 1 code: 2e value: 1 => l
如果我以这种方式修改我的代码:
$ diff reverse_kl.c{.ref,}
33c33
< XKeysymToString(xcb_key_symbols_get_keysym(symbols, ev.code , col)));
---
> XKeysymToString(xcb_key_symbols_get_keysym(symbols, ev.code + 8 , col)));
效果更好:
$ ./reverse_kl test_keylogger_azerty 0
type: 1 code: 10 value: 1 => a
type: 1 code: 11 value: 1 => z
type: 1 code: 12 value: 1 => e
type: 1 code: 13 value: 1 => r
type: 1 code: 14 value: 1 => t
type: 1 code: 15 value: 1 => y
type: 1 code: 1c value: 1 => Return
type: 1 code: 1d value: 1 => Control_L
type: 1 code: 2e value: 1 => c
另外,请注意,对于键“ a”,我有代码10并添加了8仍然没有给我24,但它确实有效...
如果有人可以帮助我理解这种奇怪的行为……
编辑: 根据要求添加了跟踪的十六进制转储:
0000000 66 35 4d 5d 00 00 00 00 2b 7c 04 00 00 00 00 00
0000020 04 00 04 00 28 00 07 00 66 35 4d 5d 00 00 00 00
0000040 2b 7c 04 00 00 00 00 00 01 00 1c 00 00 00 00 00
0000060 66 35 4d 5d 00 00 00 00 2b 7c 04 00 00 00 00 00
0000100 00 00 00 00 00 00 00 00 66 35 4d 5d 00 00 00 00
0000120 a7 01 0e 00 00 00 00 00 04 00 04 00 14 00 07 00
0000140 66 35 4d 5d 00 00 00 00 a7 01 0e 00 00 00 00 00
0000160 01 00 10 00 01 00 00 00 66 35 4d 5d 00 00 00 00
0000200 a7 01 0e 00 00 00 00 00 00 00 00 00 00 00 00 00
0000220 67 35 4d 5d 00 00 00 00 22 11 01 00 00 00 00 00
0000240 04 00 04 00 14 00 07 00 67 35 4d 5d 00 00 00 00
0000260 22 11 01 00 00 00 00 00 01 00 10 00 00 00 00 00
0000300 67 35 4d 5d 00 00 00 00 22 11 01 00 00 00 00 00
0000320 00 00 00 00 00 00 00 00 67 35 4d 5d 00 00 00 00
0000340 fc fe 03 00 00 00 00 00 04 00 04 00 1a 00 07 00
0000360 67 35 4d 5d 00 00 00 00 fc fe 03 00 00 00 00 00
0000400 01 00 11 00 01 00 00 00 67 35 4d 5d 00 00 00 00
0000420 fc fe 03 00 00 00 00 00 00 00 00 00 00 00 00 00
0000440 67 35 4d 5d 00 00 00 00 ab 31 06 00 00 00 00 00
0000460 04 00 04 00 1a 00 07 00 67 35 4d 5d 00 00 00 00
0000500 ab 31 06 00 00 00 00 00 01 00 11 00 00 00 00 00
0000520 67 35 4d 5d 00 00 00 00 ab 31 06 00 00 00 00 00
0000540 00 00 00 00 00 00 00 00 67 35 4d 5d 00 00 00 00
0000560 1d e7 07 00 00 00 00 00 04 00 04 00 08 00 07 00
0000600 67 35 4d 5d 00 00 00 00 1d e7 07 00 00 00 00 00
0000620 01 00 12 00 01 00 00 00 67 35 4d 5d 00 00 00 00
0000640 1d e7 07 00 00 00 00 00 00 00 00 00 00 00 00 00
0000660 67 35 4d 5d 00 00 00 00 23 58 0a 00 00 00 00 00
0000700 04 00 04 00 08 00 07 00 67 35 4d 5d 00 00 00 00
0000720 23 58 0a 00 00 00 00 00 01 00 12 00 00 00 00 00
0000740 67 35 4d 5d 00 00 00 00 23 58 0a 00 00 00 00 00
0000760 00 00 00 00 00 00 00 00 67 35 4d 5d 00 00 00 00
提醒一下,以下是input_event结构的格式:
struct input_event {
struct timeval time;
__u16 type;
__u16 code;
__s32 value;
};
另外,请注意,键盘击键应遵循以下规则:
type == EV_KEY == 0x01 value可能是事件“释放键”的0,1是“已按下键的事件”,2是“自动重复”事件。