Posted: Sat Oct 25, 2008 7:48 pm Post subject: Messenger Keystrokes mouse logging
Hi everyone, I have a slightly unusual question here.
I have just done a reinstallation of windows and installed zonealarm latest most expensive edition with full support.
I keep getting a pop up message warning and it says
"Windows messenger is attempting to monitor user activities on this computer. If allowed it may try to track or log keystrokes (User Input), mouse movements/clicks, web sites visited, and other behaviours"
The file involved is msmgs.exe so it is windows messenger.
What i want to do is to let it do some of this logging and monitoring and recording and find out where it is keeping it on my computer then watch for any access from external networks then track where it has gone or goes to.
Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
Posted: Sat Oct 25, 2008 9:45 pm Post subject:
MSN hooks the keystroke and mouse messages that Windows sends to other programs. Like Zonealarm warned you, this allows it to see every key you press on other programs, and every mouse movement or click.
Yahoo Messenger, at least in previous versions a few years ago, did this (don't know about current versions, I presume it's still doing the same). I haven't analyzed what MSN does with the keystroke and mouse information, but I did analyze what Yahoo Messenger did. Yahoo Messenger hooked the keystroke and mouse messages by registering a DLL called idle.dll as a message listener for all processes (injecting the DLL into other processes). It used this information to keep track of how long you go without pressing a key or moving the mouse. Presumably, this was to implement the "automatically change my status to Idle/Away if I'm inactive for X minutes" feature. In particular, Yahoo Messenger did not record the actual keys you pressed, or where you were clicking. Only how long you went without pressing a key or moving the mouse.
I cannot speak for current versions of Yahoo Messenger, or for any version of MSN.
It is indeed possible to trace what MSN is doing, through several different ways. One rather verbose possibility is to debug the program while it runs with a debugger (e.g. a Windows port of GDB, or the Visual Studio debugger, etc). Another possibility is to trace filesystem activity while the program runs, so you see which files are being written to (using something like FileMon, by SysInternals). You may also want to monitor the process's activities, using something like Process Monitor, again by SysInternals.
If you identify the DLL which is being used to monitor the keystroke and mouse messages (in case they're using a DLL in the first place, which is likely) then you could disassemble the DLL (if that is legal in your country, I am not a lawyer).
You could also try to find a Windows equivalent of strace (there seems to be a Cygwin port of the utility).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum