« March 2012 | Main | December 2011 »

Saturday, January 14, 2012

Key and mouse logger program (KMH)

I don't think there's a single person who's used a computer who hasn't had the experience of entering a large amount of text into a word processing program or a web browser data field and had the program crash losing the work forever. Eliminating that experience was just one of the reasons that I wrote a keylogger program. The primary reason to have a keylogger is to determine how much time I spend in front of a computer and what I'm doing during that time. The other ability I added to the program was logging of mouse movements; this can be either the insane mode where every single mouse movement is logged or the more reasonable mode where just mouse clicks are logged along with the title of the window in which the mouse was clicked.

Keyloggers seem to have a bad reputation and the first programming site where I attempted to post this code got the discussion thread shut down with a curt "we don't approve of keyloggers". Yes, keyloggers can be used to acquire peoples passwords and spy on people but we don't ban automobiles because they can be used to commit murder, facilitate driveby shootings and make escaping from a bank robbery much easier than on foot. Keyloggers are just a tool and the user of a tool is responsible for any actions they do while using the tool. The program I've written makes absolutely no effort to hide itself and has a window that shows how many keystrokes have been logged as well as the number of mouse interrupts.

This program will be of interest to people who want a means of text backup beyond what is provided by most modern word processors periodic document save abilities, people who engage in life-logging and people who are curious about how much time they spend in front of a computer. I have this program running on all of my home and work machines and am hoping that someone will make the necessary modifications to make this program even more useful.

The program is written in VB6 and has been tested on WinXP and W7. Users of W7 should be warned that W7 has a very bad habit of unhooking keyboard and mouse without any warning to the user. This is a very annoying W7 bug and there are workarounds for this but the only way to ensure that keyboard and mouse are hooked is to periodically look at the KeyMouseHook (KMH) program window and see if the # of mouse interrupts is updated as one moves the mouse around the screen. The output of this program is incredibly inefficient as I basically wrote a test program and decided that it was good enough for what I wanted and stopped development. All output is in the form of text strings to a log file and, be warned, the logfiles can quickly get large. This means that every week or less (depending on how much typing one does), the program has to be stopped and restarted to create a new log file. It's a relatively trivial operation to make KHM log to a binary file but I don't have the time for it right now and can live with the limitations of KMH. I'm hoping there's someone out there who finds these limitations intolerable and will take the program to the next level of usability.

To analyze the logfiles, program KMH_logfile_list3 is provided. This program has a hard coded input filesize of 25 Mb (which can be readily changed by anyone who still programs in VB6) and it outputs data in 3 forms:

(a) Keyboard events and mouseclicks vs time

This feature allows one to track when user activity on a computer occurs and the data is output in csv format so that it can be readily read by DPlot.

(b) Mouseclick data

Here every mouseclick and the window title in which the mouse was clicked is output. The primary use I make of this data is in keeping up my CME hours which are now a requirement of the BC College of Physicians and Surgeons. It lets me know whenever I'm on the BC College full text journal site and which paper titles I've reviewed. I never remember to keep track of my online CME and KMH allows me to do so. Employers can use this printout as a means of finding how much time their employees are spending on Facebook or porn sites (someone using an office computer as an employee has no expectation of privacy while they do so).

(c) Text string data

The final mode of KMH_logfile_list3 provides a listing of every keystroke entered by the program as a textfile and, for someone that makes a lot of mistakes while typing, it can be a rather messy output file. For someone who's spent 2 hours entering a document only to see the word processor window disappear with all their data, this file can be immensely helpful.

After some frustrating sessions retrieving some files that were lost in program crashes I finally had enough and added another option: DecodeBackspace.

What that option does is to use {BS} character to delete the character that preceded it. There are some bugs which are explained in detail in the Readme file which is part of the .zip distribution file.

Of course every password that one has entered will be available as a text string in this form of logfile output and users have to get into the habit of stopping text logging before they enter any sensitive passwords. Another useful feature some motivated person can add would be a key command, say {cntrl}{alt}P which would disable logging of text until the same key combination was entered again. It might be better to just disable keystroke logging for say 1 minute as people will likely forget to re-enable logging.

These two programs are available for download at this link. They are provided with full source code and no support as the source code should be self-explanatory. They are licensed under the GPL. I won't be responding to any emails of the form "how do I <some aspect of program>". There are instructions given on how to run the programs in the zip file which contains the binary windows .exe files and VB6 source code. If something is unclear, I would like to hear about it but the target audience for these programs is software developers who aren't afraid to delve into the source and start hacking it. These are quite trivial programs which just hook keyboard and mouse at a low level. There is a M$ warning that such hooking can slow the system down as all keyboard and mouse input now goes through the KMH program. In order to prevent any system slowdowns, absolutely minimalist coding was used to grab the mouse and keyboard messages before passing the message to the next hook in the chain. All messages are stuffed into a FIFO with a depth of 256 messages.

This program comes with the obvious warnings of not installing it on a computer which one doesn't own or which is shared by a number of people without first telling everyone who is using that computers that every keystroke and mouseclick is being monitored.

KMH is distributed under the GPL. Specifically, KMH is released under GPLv3 or any subsequent version of the GPL. For reasons to do this, the reader is directed to Richard Stallman's discussion of why GPLv3 will better protect this rights of programmers Releasing my software under the GPL means people are free to do what they want with the source code but I'd appreciate being informed of changes people have made and my email address is given in pseudo-code form in the source code. The only restriction on use of my email address is that people are prohibited from posting the decrypted version of my email address anywhere on the internet.

Posted by Boris Gimbarzevsky at 1:37 AM
Edited on: Saturday, January 21, 2012 9:53 PM
Categories: Pure software