|
|
|
Spodek currently works on Windows 2000. Users reported it hangs Windows XP (this bug should be removed very soon). If you want to help in development consider using one of VMWare Workstation, QEMU, VirtualPC or Bochs.
1. Grab (from cvs) and compile the source or grab the binary release (from sf.net)
2. Copy Spodek.sys to C:\windows\system32\drivers
3. Add spodek.reg to registry (try clicking on it)
4. Edit spodek.log and copy it to c:\spodek.log - it tells Spodek what to hide
5. Restart Windows
6. Run cmd.exe and enter: net start spodek
Spodek.exe
Spodek.exe is a client application that communicates with Spodek.sys and lets you:
- see currently used configuration
- reload configuration from c:\spodek.log
Keysrv.exe
Keysrv.exe is a client application that pulls pressed keyboard keys and appends them to file c:\spodek.out. The pulling is repeated in interval of 5 seconds.
Note
If you want to make Spodek not easily detectable then:
- you must change name and/or position of spodek.log and spodek.out
- do this by editing binary Spodek.sys (override string c:\spodek.log with something else) and keysrv.exe (override string c:/spodek.out)
- you should also change internal password "RADIANT STAR" by doing the same as mentioned
- or grab the source, change mentioned paths and passwords in it, and recompile
Also add proper file: and process: lines to spodek.log so that all processes (like keysrv.exe) and files (like spodek.log) will be invisible.
However this is still insufficient: registry key must be changed, Spodek.sys should have different name and internal windows name... This additional protections are being developed.
|
|
|
