Skip to content

Agnoctopus/Histogram-LKM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

Doxyfile

Doxyfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

histogram.c

histogram.c

 
 

Repository files navigation

Histogram LKM

Histogram is a Linux Kernel Module which provides a histogram of all words written since the loading of the module.

Histogram works by a registering a keyboard notifier to keep track of keys pressed. Only ascii characters work during this period.

The histogram is available through a file in debugfs, it contains all words typed since the loading of the Histogram LKM: /sys/kernel/debugfs/histogram/histogram (Could be accessed in privileged mode).

Usage

To load the module:

$ sudo make load

To unload the module:

$ sudo make unload

To install the module (run as root):

# make install

If you want to sign the module: https://wiki.gentoo.org/wiki/Signed_kernel_module_support

To view the histogram:

$ sudo cat /sys/kernel/debugfs/histogram/histogram
not: 1
to: 2
or: 1
be: 2

To get the module info:

$ modinfo histogram
filename:       /lib/modules/5.6.2-arch1-2/extra/histogram.ko.xz
version:        0.1
description:    Histogram of written words.
author:         Cesar Belley <cesar.belley@lse.epita.fr>
license:        GPL v2
srcversion:     2412D2C2AA86A5ADFCCA15E
depends:
retpoline:      Y
name:           histogram
vermagic:       5.6.2-arch1-2 SMP preempt mod_unload

Building

Build the binary:

$ make

Generate doc:

$ make doc

License

This project is licensed under GPL-2.0.

Author

César MattGorko Belley cesar.belley@lse.epita.fr

About

Histogram-LKM

Topics

kernel keylogger lkm debugfs

Resources

Readme

License

GPL-2.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages