<div dir="ltr"><div style><font face="arial, sans-serif"><div><br></div></font></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jan 8, 2013 at 9:28 AM, Peter Teoh <span dir="ltr"><<a href="mailto:htmldeveloper@gmail.com" target="_blank">htmldeveloper@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>This article gave a very indepth coverage of the keyboard processing in linux:</div>
<div><br></div><a href="http://www.phrack.com/issues.html?issue=59&id=14&mode=txt" target="_blank">http://www.phrack.com/issues.html?issue=59&id=14&mode=txt</a><div>
<br><a href="http://www.gadgetweb.de/programming/39-how-to-building-your-own-kernel-space-keylogger.html" target="_blank">http://www.gadgetweb.de/programming/39-how-to-building-your-own-kernel-space-keylogger.html</a><div>
<br></div><div>
Not sure about your architecture, but for my Lenovo laptop, when I do a "cat /dev/input/by-path/platform-i8042-serio-0-event-kbd" and redirect to a file, every single key input I entered is captured into the the file.</div>
<div><br></div><div>Therefore, looking into the kernel source, we can infer the files drivers/input/serio/i8042.c are responsible for the keyboard processing. Of course, this file is compiled into the kernel, not as a kernel module. So if u want to make any changes, instead of recompile the kernel and rebooting, one way to do dynamically is called "inline hooking" - look elsewhere for this method. It is explained in the following article:</div>
<div><br></div><div><a href="http://www.phrack.com/issues.html?issue=59&id=14&mode=txt" target="_blank">http://www.phrack.com/issues.html?issue=59&id=14&mode=txt</a></div><div><br></div><div>but note the difference between the Phrack's interception and intercepting the API inside the i8042.c: when you do a "cat /dev/input/by-path/platform-i8042-serio-0-event-kbd" the keyboard entry is always captured - irregardless of whichever windows/terminal you are in. But the Phrack's method is cleaner - it is intercepting at the tty (eg drivers/tty/n_tty.c:receive_buf() inside the kernel source) level - so if you switch over to another window, the input got switch away - it is thus targetted to only that TTY.</div>
<div><br></div><div>And btw, USB keyboard's processing path is altogether different again....another </div><div><br></div><div><a href="http://www.lrr.in.tum.de/Par/arch/usb/download/usbdoc/usbdoc-1.32.pdf" target="_blank">http://www.lrr.in.tum.de/Par/arch/usb/download/usbdoc/usbdoc-1.32.pdf</a></div>
<div><br></div><div>and perhaps u can read here many good writeups:</div><div><br></div><div><a href="http://stackoverflow.com/search?q=usb+keyboard+kernel" target="_blank">http://stackoverflow.com/search?q=usb+keyboard+kernel</a></div>
<div>
<br></div><div><br><div class="gmail_quote">On Fri1, Dec 14, 2012 at 3:46 PM, manty kuma <span dir="ltr"><<a href="mailto:mantykuma@gmail.com" target="_blank">mantykuma@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Hi,11<div class="im"><br><br>I have written a small module that toggles the capslock LED. To demonstrate it i want to replace the Existing keyboard module with mine. I tried lsmod|grep "key" without any success. also checked /proc/modules. I couldnot find any clue regarding the name of the module i need to uninstall. So, How can i remove the existing keyboard module and insert mine?<br>
<br>Regards,<br>Manty<br><br><br>
<br></div><div class="im">_______________________________________________<br>
Kernelnewbies mailing list<br>
<a href="mailto:Kernelnewbies@kernelnewbies.org" target="_blank">Kernelnewbies@kernelnewbies.org</a><br>
<a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br>
<br></div></blockquote></div><span class=""><font color="#888888"><br><br clear="all"><div><br></div>-- <br>Regards,<br>Peter Teoh
</font></span></div></div>
<br>_______________________________________________<br>
Kernelnewbies mailing list<br>
<a href="mailto:Kernelnewbies@kernelnewbies.org">Kernelnewbies@kernelnewbies.org</a><br>
<a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br>
<br></blockquote></div><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Hi <span style="font-family:arial,sans-serif;font-size:13px">Manty</span><div><br></div><div><font face="arial, sans-serif">You can share the interrupt from keyboard , in the code above you just need to change the number 10 for the number of your keyboard interrupt. You can find that number in cat /proc/interrupts </font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif"><div> CPU0 </div><div> 0: 178 XT-PIC-XT timer</div><div> 1: 1301 XT-PIC-XT i8042 >>>> this is the old keyboard interrupt </div>
<div> 2: 0 XT-PIC-XT cascade</div><div> 5: 16528 XT-PIC-XT ahci, Intel 82801AA-ICH</div><div> 8: 0 XT-PIC-XT rtc0</div><div> 9: 2191 XT-PIC-XT acpi, vboxguest</div>
<div> 10: 488 XT-PIC-XT eth0</div><div> 11: 25 XT-PIC-XT ohci_hcd:usb1</div><div> 12: 697 XT-PIC-XT i8042</div><div> 14: 3186 XT-PIC-XT ata_piix</div><div>
15: 0 XT-PIC-XT ata_piix</div><div><br></div></font></div><div><font face="arial, sans-serif"><br></font></div><div><span style="font-family:arial,sans-serif">#include <linux/kernel.h></span><br>
</div><div><font face="arial, sans-serif"><div>#include <linux/module.h></div><div>#include <linux/interrupt.h></div><div>#include <linux/init.h></div><div><br></div><div>struct tasklet_struct task;</div>
<div>unsigned long counter;</div><div><br></div><div>irq_handler_t irq_handler (int irq, void *dev_id, struct pt_regs *regs)</div><div>{</div><div> counter++;</div><div> </div><div> printk ("Top Half ISR is being hit counter = %d !! \n",(int)counter);</div>
<div> task.data = counter;</div><div> tasklet_schedule(&task);</div><div> return (irq_handler_t) IRQ_HANDLED;</div><div>}</div><div><br></div><div>void bottom_half(unsigned long data)</div><div>{</div><div> printk("Executing bottom half.. data = %d\n",(int)data+10);</div>
<div><br></div><div>}</div><div><br></div><div>static int init_intkey ()</div><div>{</div><div> printk("Hi there !!!!\n");</div><div> tasklet_init(&task,&bottom_half,(unsigned long)&counter);</div>
<div> request_irq (10,(irq_handler_t)irq_handler, IRQF_SHARED, "MyIrqHangingOfAtaDev", (void*)(irq_handler));</div><div> return 0;</div><div>}</div><div><br></div><div>static void exit_intkey(void) {</div><div>
free_irq(10,(void*)(irq_handler));</div><div> tasklet_kill(&task);</div><div> printk("Sayonara\n");</div><div>}</div><div><br></div><div>module_init(init_intkey);</div><div>module_exit(exit_intkey);</div>
<div><br></div><div>MODULE_LICENSE("GPL");</div><div><br></div><div><br></div><div style>Hope it helps </div><div style><br></div><div style>Regards</div><div style><br></div><div style><br></div></font></div></div>
</div>