Interpreting Key Codes


As with the x86 instruction disassembly covered in Chapter 4, key code processing may not seem to be within the scope of this book, but just as trampoline-based process injection requires x86 instruction disassembly, keyboard logging requires key code processing. Fortunately, key code processing is much easier than x86 instruction disassembly-especially when you completely ignore Caps Lock, Num Lock, and nonprintable keys, such as arrows. Key processing is shown in Figure 8-3.

image from book
Figure 8-3

Key code mapping is performed with keyMap and shiftKeyMap arrays. Key processing is performed by the GetKey function, which is called from the logging thread whenever key data is available. Together, these components transform key data into text.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net