DISCLAIMER: This program takes advantage of an oversight in X windows. I haven't had much opertunity to make sure it works on any system but my own, so no promises! It does work on my Ultrix DECstation, with X11R6 from MIT (I think), and with Digital's version of the X11R5 server. The program, specifically spying on what other people are typing, may violate some contract you signed for your account or the law. Use at your own risk, on your own responsibility. ABOUT: xspy, appropriately named as it is, is mostly useful for spying on people; it was written on a challenge, to see if I could trick Xwindows into giving up passwords from the xdm login window or xterm secure-mode. Because it can, the price I ask for distributing it is that you don't use any information gained, in an illegal or malicous manner. Pranks are good, and if you think of some good ones let me know! It works by polling the keyboard, by default every hundredth of a second. This polling is not affected by any secure modes, which grab the keyboard. This is an oversight by the designers of X, and will probably be fixed sooner or later. COMPILE: To compile: xmkmf; make. If you really want this, you have to figure out how to compile it! Th tiny Imakefile might work, but you probably will have to edit code to make it work for your system. I did include a usleep function, in case your computer doesn't have it. PROTECTION: To protect your display from xspy, simply use the command "xhost". If it reports that any host can connect, use "xhost -" to disable that. Use "xhost" again to see if any hosts are specifically mentioned. For any host it lists, use "xhost -" to disable access from that host. This should make it impossible for somebody to spy on your session, unless they already are. For more information, refer the the X man page (may be Xws) or consult the Xwindows Security FAQ. Programmers: The only way a program can securely read input is to call XGrabServer() and XGrabKeyboard() --most only grab the keyboard, since grabbing the server is discouraged. RELATED PROGRAMS: xevact (X EVent ACTions) is a program that I wrote that takes a different approach: mark all windows to send xevact copies of keystrokes and (any) other events. It performs user-defined actions; I have it set up the execute commands from the function keys (F17 is xlock, etc) and to play an "orchestra hit" when I type ctrl-c! xghostwriter takes a message you give it, and repeatedly remaps the X keymap so that all keys are the next character in the message. It now sends just about any character (upper and lower case, and symbols). Also it only works with things that support the KeymapNotify events (like anything written with Xt or Motif, including xterm). These and other programs of mine can be FTPed, during the school year, from nostradamus.async.vt.edu. If it is during the school year and after many tries you cannot get through (including trying at night) you can send mail to jmaxwell@acm.vt.edu to find out where I have moved the archive to. Otherwise just wait until school starts! --JAM (jmaxwell@acm.vt.edu) From 1.0b to 1.0c: Imakefile Now XKeyCodeToStr() uses static char buf[] so it doesn't crash or return garbage anymore! (Thanks for Claude Lecommandeur for pointing this out).