-4

I am trying to make a simple keylogger in C-language.So I decided to use a far pointer to access the keyboard buffer.(32 bytes, address- 0x41E).I just assigned that address to a far pointer and tried to access the buffer.But the code I typed is showing only these 3 characters- a smiley,@ and lots of spaces.This is my code-

#include<stdio.h>
#include<conio.h>
int main()
{
char far *s,*p,*m;
char arr[32];
s=(char far*)0x0041E;
m=(char far*)0x0041E;
p=(char far*)0x0043D;
while(!kbhit())
    {
     m=s;
         while(m<=p)
         {
         printf(" %c",*m);
         m++;
         }
    }
  return 0;
}

Links for address of keyboard buffer-(A little recent reference :-)) http://wiki.osdev.org/Memory_Map_(x86) http://computer.forensikblog.de/en/2009/04/reading-passwords-from-the-keyboard-buffer.html

Katie Stone
  • 1
  • 3
  • 3
    "far pointer"? ``? What operating system is this? – melpomene Jul 25 '15 at 15:59
  • Any reason to use far pointers ? – ameyCU Jul 25 '15 at 16:00
  • @melpomene:I am using Windows-7 currently,but the address of the keybuffer is not OS dependent.We need to include for using kbhit().Its not there in gcc though! – Katie Stone Jul 25 '15 at 16:04
  • What's a "keybuffer"? Also, what's a far pointer? – melpomene Jul 25 '15 at 16:04
  • 5
    You should read about modern OS design, drivers, virtual memory and memory protection, as well as _undefined behaviour_. Not to mention hardware architecture, USB, DOS, BIOS, UEFI, etc. – too honest for this site Jul 25 '15 at 16:06
  • @KatieStone Why not using `GetAsyncKeyState ()` then you don't have to use `conio.h` also ? – ameyCU Jul 25 '15 at 16:10
  • @ameyCU Yes,firstly because that was the first approach that came to mind and secondly other solutions available on net are far too complicated by fuctions like getAsynchKeyState().Like this one-[link]http://www.ccodechamp.com/2012/09/c-program-of-keylogger-or-keystroke-logger-c-codechamp.html – Katie Stone Jul 25 '15 at 16:10
  • @Olaf Yeah I agree,but this approach should've worked!Where is it wrong? – Katie Stone Jul 25 '15 at 16:13
  • If you really understood what I wrote, you would not ask further. **Read** the [first paragraph](http://philipstorr.id.au/pcbook/index.htm) of your cited book (hit: there is a date given). – too honest for this site Jul 25 '15 at 16:13
  • @Olaf Oh...I am really embarrassed.It dates back to 1998.Thanks. – Katie Stone Jul 25 '15 at 16:24
  • "the address of the keybuffer is not OS dependent" no, you may not access hardware directly in modern OSes. And in other architectures the address may also be different, or no address for keyboard controller at all. There's no "far pointer" in 32 and 64-bit x86, too – phuclv Jul 25 '15 at 16:29
  • Sounds like Turbo-C, (C is for Cretaceous). – Martin James Jul 25 '15 at 16:55
  • @Martin C is for OS Designing,Compiler and driver Designing,Modern Language designing (Java).C is for "Competent coders" not "Callow ones"! I agree Turbo is quite old but here the logic matters not the compiler! – Katie Stone Jul 25 '15 at 17:16
  • @KatieStone I suspect the "C is for Cretaceous" was a reference to the "C" in "Turbo-C", not that "[The] C [language] is for Cretaceous". "the logic matters not the compiler!" in an abstract sense you're right, but if the compiler doesn't run well in the OS you're using, then "the logic" is moot. Moreover, if the compiler is so old it doesn't comply to a current standard, well, you are not actually writing C. Turbo-C is so old I cannot remember if there was ever a version that complied fully with C89/C90, let alone C99. – LorenzoDonati4Ukraine-OnStrike Jul 26 '15 at 01:21
  • @LorenzoDonati Turbo C was released before C89 and wasn't C89 compliant – phuclv Jul 26 '15 at 01:47

1 Answers1

3

The first of the two sites you are referring to here is about 20 years out of date. It does not accurately represent how computers work today.

(The second site you're referring to is seriously incorrect on many details; it reads as though the author made up half the article based on guesswork and hearsay.)

The keyboard buffer that you're trying to access here is only used when running an older operating system, such as DOS, which depends on the PC BIOS for input and output. It is not used under any graphical operating system; those store keyboard input in entirely different locations which are generally not directly accessible to applications.

If you are trying to write a key logger for Windows 7, you will need to use methods specific to that operating system, such as the getAsyncKeyState() method you referred to in a comment. Yes, it will be more complicated. However, unlike the obsolete methods you're trying to use here, it will actually work.

  • I am trying to make a more universal keylogger!Anyway thanks answering! – Katie Stone Jul 25 '15 at 16:31
  • @KatieStone there's nothing like a "universal keylogger". You can't run a program on any computers/OSes. First, modern OSes do not allow you to access physical memory directly, only virtual memory. Each of them also has a different set of APIs for accesing keyboard features. DOS is not a "real" operating system, as it lacks most of an OS's services. Even if you program in the cmd.exe in Windows, it's **not** DOS. And for other architectures (since you didn't tag x86) those things won't apply, as they have different memory map and different methods to get keyboard buffer – phuclv Jul 26 '15 at 01:56