Keyboard buffer in memory
My teacher was telling our class how it is possible to find the memory address of a keyboard buffer and view all the keys typed on that keyboard for the last 100 key strokes or so. I think it would be interesting to make an attempt at this just for fun. But My question is how would you even know where to start looking for the address in memory? I would use gdb on a linux platform for doing the actual probing, should this be adequate for an attempt like this?
And I was thinking about it and thought, wouldn't the keys you typed to find the correct block of memory fill the buffer and overwrite the keys you were originally looking for?? I guess it depends on how big the said buffer is.. He also mention something about the basic input output system, BIOS, for attempting this. If it would be easier to first attempt this in windows thats fine I just want to know where to start with this type of task.
Any help pushing me in the right direction is definitely appreciated.
I may be completely wrong at this, but this would be my guess.
It would have to be an operating system function, and nothing to do with RAM / BIOS / Hardware. RAM is volitile which means, when the computer is turned off, it can last a few seconds before the information is erased.
If you can recover the last typed keys on a reboot, then it wont be any of the above.
I assume it is what the Ctrl+Z function uses. Undo's the last key sequence.
I would possily google about windows clipboard and ctrl+z and recovering lost data. See what info gets thrown up and perhaps further clues may be given.
As i said above, this is just an educated guess, I may be completely wrong.
on a slightly related subject. You can buy hardware keyloggers that you plug into the back of a PC and walk away.