Open GoogleCodeExporter opened 8 years ago
I would like to add my vote for this option, as well. Both of the suggestions
would
be extremely helpful, and the addition would help match the functionality of
most of
the other commercial keyloggers on the market.
Original comment by gpower...@gmail.com
on 10 Aug 2008 at 5:58
I'm also trying to add timestamps (although I disagree that this issue is a
"Defect" - it is a feature request). In
my case, I'm doing gameplay research, so the paradigm is individual keystrokes.
Rather than a keylog:
foo<ret>bar
I'm trying to create a keylog with timestamps in any format, but something like:
00:00:01:00 f
00:00:01:12 o
00:00:01:20 o
00:00:03:00 <ret>
00:00:03:05 b
00:00:05:11 a
00:00:07:23 r
I've downloaded the logKext source code, and I think I've identified the place
to add timedate stamps to the
log -- unfortunately I'm not sure how to do it.
1. logKext.cpp contains the function
void logAction(OSObject *,unsigned,unsigned,unsigned,unsigned,
unsigned,unsigned,unsigned,unsigned,bool,AbsoluteTime);
...so we have the time of each keystroke internally. The function contains this:
if ((eventType==NX_KEYDOWN)&&logService)
logService->logStroke(key, flags, charCode);
It looks like the logStroke call could could be extended to
logStroke (key, flags, charCode, ts)
to pass the time through, and the function definition rewritten to accept an
AbsoluteTime. At this point, logStroke writes the key into a buffer with the
command
memcpy(fMemBuf+buffsize,&keyData,sizeof(keyData));
and I'm really not clear on what is happening, or how this gets written to the
actual log File. I'm assuming
there is a way to prepend the time to the &keyData before this call and that it
will end up in the log, but I'm
not sure how to do this safely. Any help or advice greatly appreciated.
Original comment by jeremydouglass@gmail.com
on 19 Oct 2008 at 2:38
Original comment by drspring...@gmail.com
on 19 Oct 2008 at 3:33
I managed to hack together a small C program that creates this kind of log. The
basic
approach I used was a "timer" which records seconds.milliseconds since the
program
was launched.
//global
struct timeval tim;
double t1;
double t2;
// in main
gettimeofday(&tim, NULL);
t1=tim.tv_sec+(tim.tv_usec/1000000.0);
// in logging of individual key loop
gettimeofday(&tim, NULL);
double t2=tim.tv_sec+(tim.tv_usec/1000000.0);
fprintf(recording_file, "%.6lf, ", t2-t1); \
3.690216, f
3.790347, o
3.830208, o
I also experimented with seconds, which wasn't high enough resolution for me but
might be useful to someone else:
// global
time_t mstart;
// main
mstart = time (NULL);
// key log loop
time_t mseconds;
mseconds = time (NULL);
fprintf(recording_file, "%ld, ", (mseconds-mstart));
10, b
10, a
11, r
After squinting a bit at the logKext source code and figuring how this might be
included if it seems useful, my thought was:
1. Add a timer setting (clock=none, clock=time, clock=seconds,
clock=milliseconds)
2. Have a global variable for time, and store the absolute time when logKext
starts
3. Have nested if loops before the memcpy to buffer command.
if clocksetting <> none
get current time
if clocksetting==milliseconds
subtract current from start time and add to keyData for write
else if clocksetting==seconds
subtract, round, and add to keyData for write
else
add current time to keyData for write
That's my thinking -- but I'm not quite sure how to safely change the memcopy
behavior to make the amount of memory written dynamic. Feedback appreciated.
Original comment by jeremydouglass@gmail.com
on 21 Oct 2008 at 3:22
Original issue reported on code.google.com by
chan...@gmail.com
on 3 Aug 2008 at 9:58