On Sun, Dec 6, 2009 at 5:57 AM, Herlin R. Matos Lastres <hmatos@xxxxxxxxxx> wrote: > Hi, > I need manage the keyboard, for example read the data comming from keyboard. > > Yes, as Greg has mentioned, keyboard input is large topic, many kind of "keyboard" input are possible: USB, PS2, or multiple SSH connection into the system - resulting in many concurrent "keyboard" input.....so your purpose of doing keyboard interception is important. Anyway, specifically for Linux kernel, if you compile your kernel with CONFIG_INPUT_EVBUG=m, (don't put "y", otherwise you cannot even rmmod it when u don't need it - it does generate lots of messages in dmesg output buffer), then u can do a modprobe evbug and in dmesg you can see: [4298922.635000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 0 [4298922.635000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0 [4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 4, Code: 4, Value: 200 [4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 1 for each key pressed. For details see: http://www.linuxquestions.org/questions/linux-software-2/linux-keylogger-454869/ If you don't have the above kernel parameter compiled into the kernel, u can also use ftrace: Assuming your debugfs is mounted at /debug then u do this: echo 0 >/debug/tracing/tracing_enabled echo "atkbd*" > /debug/tracing/set_ftrace_filter echo function >/debug/tracing/current_tracer echo 1 >/debug/tracing/tracing_enabled sleep 3 echo 0 >/debug/tracing/tracing_enabled cat /debug/tracing/trace During the "sleep 3", if there is no keyboard input: sleep-19465 [001] 10654.927843: atkbd_interrupt <-serio_interrupt sleep-19465 [001] 10654.927854: atkbd_event <-input_handle_event But if there is keyboard input: <idle>-0 [001] 10676.932289: atkbd_interrupt <-serio_interrupt <idle>-0 [001] 10676.932301: atkbd_event <-input_handle_event firefox-8153 [001] 10677.091721: atkbd_interrupt <-serio_interrupt firefox-8153 [001] 10677.091733: atkbd_event <-input_handle_event <idle>-0 [001] 10677.133041: atkbd_interrupt <-serio_interrupt <idle>-0 [001] 10677.133051: atkbd_event <-input_handle_event firefox-8153 [001] 10677.247428: atkbd_interrupt <-serio_interrupt firefox-8153 [001] 10677.247439: atkbd_event <-input_handle_event <idle>-0 [001] 10677.266147: atkbd_interrupt <-serio_interrupt <idle>-0 [001] 10677.266155: atkbd_event <-input_handle_event firefox-8153 [001] 10677.270534: atkbd_interrupt <-serio_interrupt firefox-8153 [001] 10677.270543: atkbd_event <-input_handle_event <idle>-0 [001] 10677.343501: atkbd_interrupt <-serio_interrupt <idle>-0 [001] 10677.343510: atkbd_event <-input_handle_event So you can see that keyboard input is happening in the context of different processes, even the real source is at the current active local terminal. Instead of atkbd_* you can also replace it with input_*, which is what are the various possible exported API defined in drivers/input/*.c. and the output are: <idle>-0 [001] 10572.066205: input_handle_event <-input_event <idle>-0 [001] 10572.066205: input_pass_event <-input_handle_event Xorg-7627 [000] 10572.066213: input_event_to_user <-evdev_read Xorg-7627 [000] 10572.066220: input_event_to_user <-evdev_read hald-addon-inpu-7290 [001] 10572.066230: input_event_to_user <-evdev_read hald-addon-inpu-7290 [001] 10572.066231: input_event_to_user <-evdev_read hald-addon-inpu-7290 [001] 10572.066232: input_event_to_user <-evdev_read Xorg-7627 [000] 10572.066233: input_event_to_user <-evdev_read <idle>-0 [001] 10572.144881: input_event <-atkbd_interrupt Alternatively, if you do: cat /dev/input/by-path/platform-i8042-serio-0-event-kbd u can capture all the keyboard entries as well - so long as any of the terminal are locally connected, but if ssh then it is not. -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
