How can I capture all of the system event?

Discussion in 'Mac Programming' started by Gary Gao, Feb 28, 2010.

  1. Gary Gao macrumors newbie

    Joined:
    Feb 28, 2010
    #1
    Hi,

    I want to capture all of the system event, like key press and mouse click that happened on all of the running Applications.

    does it possible? And how?

    Thanks.
     
  2. Detrius macrumors 68000

    Joined:
    Sep 10, 2008
    Location:
    Asheville, NC
    #2
    I'm not certain, but I imagine this has been made rather difficult, as this would be a security breach. This is how key loggers work which is how someone would surreptitiously acquire passwords.

    I'm shooting in the dark here, but I imagine you'd need to write a kernel extension to do something like this.
     
  3. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #3
    Nah, it's not that bad!

    You can use Quartz Event Taps to capture everything.

    There is also a 10.6 only API that I'm trying to find the references for that enables this at a somewhat higher level...

    Edit to add: 10.6 added the Cocoa level API to NSEvent. Take a look at addGlobalMonitorForEventsMatchingMask:handler:
     
  4. Detrius macrumors 68000

    Joined:
    Sep 10, 2008
    Location:
    Asheville, NC
    #4
    From the documentation, only processes running as root can access events prior to their entering the window server. Therefore, you have to have root access to listen to another user's keystrokes.

    It still seems like a bit of a security hole, though, to allow any application to listen to any other application's keystrokes.


    EDIT:

    from the documentation:

    Event taps receive key up and key down events if one of the following conditions is true:

    •The current process is running as the root user.
    •Access for assistive devices is enabled. In Mac OS X v10.4, you can enable this feature using System Preferences, Universal Access panel, Keyboard view.



    Therefore, a user has to explicitly enable the ability to log keystrokes either by allowing the process to run as root or by enabling "Access for assistive devices," which is disabled by default. I guess that's how they mitigate the security hole.
     

Share This Page