On Tue, Jan 8, 2013 at 9:28 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote:
This article gave a very indepth coverage of the keyboard processing in linux:http://www.phrack.com/issues.html?issue=59&id=14&mode=txt
http://www.gadgetweb.de/programming/39-how-to-building-your-own-kernel-space-keylogger.htmlNot sure about your architecture, but for my Lenovo laptop, when I do a "cat /dev/input/by-path/platform-i8042-serio-0-event-kbd" and redirect to a file, every single key input I entered is captured into the the file.Therefore, looking into the kernel source, we can infer the files drivers/input/serio/i8042.c are responsible for the keyboard processing. Of course, this file is compiled into the kernel, not as a kernel module. So if u want to make any changes, instead of recompile the kernel and rebooting, one way to do dynamically is called "inline hooking" - look elsewhere for this method. It is explained in the following article:but note the difference between the Phrack's interception and intercepting the API inside the i8042.c: when you do a "cat /dev/input/by-path/platform-i8042-serio-0-event-kbd" the keyboard entry is always captured - irregardless of whichever windows/terminal you are in. But the Phrack's method is cleaner - it is intercepting at the tty (eg drivers/tty/n_tty.c:receive_buf() inside the kernel source) level - so if you switch over to another window, the input got switch away - it is thus targetted to only that TTY.And btw, USB keyboard's processing path is altogether different again....anotherand perhaps u can read here many good writeups:On Fri1, Dec 14, 2012 at 3:46 PM, manty kuma <mantykuma@xxxxxxxxx> wrote:Hi,11
I have written a small module that toggles the capslock LED. To demonstrate it i want to replace the Existing keyboard module with mine. I tried lsmod|grep "key" without any success. also checked /proc/modules. I couldnot find any clue regarding the name of the module i need to uninstall. So, How can i remove the existing keyboard module and insert mine?
Regards,
Manty
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
--
Regards,
Peter Teoh
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Hi Manty
You can share the interrupt from keyboard , in the code above you just need to change the number 10 for the number of your keyboard interrupt. You can find that number in cat /proc/interrupts
CPU0
0: 178 XT-PIC-XT timer
1: 1301 XT-PIC-XT i8042 >>>> this is the old keyboard interrupt
2: 0 XT-PIC-XT cascade
5: 16528 XT-PIC-XT ahci, Intel 82801AA-ICH
8: 0 XT-PIC-XT rtc0
9: 2191 XT-PIC-XT acpi, vboxguest
10: 488 XT-PIC-XT eth0
11: 25 XT-PIC-XT ohci_hcd:usb1
12: 697 XT-PIC-XT i8042
14: 3186 XT-PIC-XT ata_piix
15: 0 XT-PIC-XT ata_piix
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/interrupt.h>
#include <linux/init.h>
struct tasklet_struct task;
unsigned long counter;
irq_handler_t irq_handler (int irq, void *dev_id, struct pt_regs *regs)
{
counter++;
printk ("Top Half ISR is being hit counter = %d !! \n",(int)counter);
task.data = "">
tasklet_schedule(&task);
return (irq_handler_t) IRQ_HANDLED;
}
void bottom_half(unsigned long data)
{
printk("Executing bottom half.. data = "">
}
static int init_intkey ()
{
printk("Hi there !!!!\n");
tasklet_init(&task,&bottom_half,(unsigned long)&counter);
request_irq (10,(irq_handler_t)irq_handler, IRQF_SHARED, "MyIrqHangingOfAtaDev", (void*)(irq_handler));
return 0;
}
static void exit_intkey(void) {
free_irq(10,(void*)(irq_handler));
tasklet_kill(&task);
printk("Sayonara\n");
}
module_init(init_intkey);
module_exit(exit_intkey);
MODULE_LICENSE("GPL");
Hope it helps
Regards
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
- References:
- Locating the keyboard driver (and replacing it)
- From: manty kuma
- Re: Locating the keyboard driver (and replacing it)
- From: Peter Teoh
- Locating the keyboard driver (and replacing it)
- Prev by Date: Re: Locating the keyboard driver (and replacing it)
- Next by Date: netlink execution context
- Previous by thread: Re: Locating the keyboard driver (and replacing it)
- Next by thread: Re: Asking another process sleep from another process or interrupt context
- Index(es):
 |