Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ Win32 hooking
How can a parental control monitor both sides of chats? That should be done not by using keyboard hooks (which will monitor only one side of the conversation), but instead, by identifying the window and the control (listbox, editbox, etc.) used for communication, and capturing it textually. Is there a generic way for doing so?
Posted 9-Oct-12 8:20am
Edited 20-Feb-13 6:20am
v2
Comments
enhzflep at 9-Oct-12 15:18pm
   
What about hooking send and recv? They seem to me to be the only things that will be constant across different chat programs. Of course, the format of the data will be different. But if it's captured it can be processed later. WireShark does it with the help of the WinPcap library.
You can find it here: WinPcap
 
I realize you ask about capturing data from the controls themselves, but if they're custom controls then this can(will?) fall flat sooner or later. If it gets into the pc via a network connection, WinPcap should be able to intercept it, hence my suggestion of it.
S.
pasztorpisti at 9-Oct-12 16:11pm
   
The window might consist of totally custom controls, the net channel might be encrypted on application layer. When hijacking input you want to capture input events and their target. For a simpler solution I would go with hooking into the message loop of the main/gui thread of the application, maybe into all threads of the application. This is a per-process approach. You can then capture any keyboard/mouse messages inside the process, gui focus changes and so on. Even if the program has only a main window with exclusively custom controls you can still get all input messages and reconstruct the text messages. For a more serious solution I would do this hooking on system level, this ways you could capture outgoing input globally and for each input event you should find out the target process/thread/gui control. This way you can log the whole interaction between the user and the machine.
enhzflep at 9-Oct-12 16:17pm
   
"the net channel might be encrypted on application layer." :face-palm:
Of course! How did I manage to overlook that simple counter-measure.
 
As is the norm from you pasztorpisti, a comprehensive post, full of valuable insights. :thumbs-up:
pasztorpisti at 9-Oct-12 16:30pm
   
Thank you! The WinPcap solution is also a nice one if there is no encryption. Lot of chat programs are silly enough not to use good encryption. :-) My solution doesn't cover the capturing of the other party, WinPcap can handle that too (however that also requires net protocol reverse engineering that is often not too difficult).
pasztorpisti at 9-Oct-12 16:48pm
   
Anyway, WinPcap is not only a nice solution, its probably the easiest and first way to consider if there is no strong encryption! :thumbsup:
Michael Haephrati at 9-Oct-12 16:19pm
   
How will I capture the other party?
pasztorpisti at 9-Oct-12 16:32pm
   
Capturing the other side requires application specific handling. If the net channel isn't encrypted then you can use the WinPcap solution of enhzflep with well known or reverse engineered protocols. The message queue hooking can also be usable in some cases when the message log control is known and filled up with content using window messages.
Michael Haephrati at 9-Oct-12 16:33pm
   
Take Skype for example
pasztorpisti at 9-Oct-12 16:39pm
   
If you target a specific application then you can do a lot of things by hooking.
eugene.shikhov at 10-Oct-12 4:40am
   
As far as I know, Skype implements quite strong encryption. So, WinPcap-based solution is useless here.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Skype for example encrypts it. Also, I am interested in discussing the question: is it possible to identify the UI element used by common chat application and capture the text inside it.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Why dont you try packet sniffing. Protocol used by most of the chat clients are known, you can decode it to get the message. There are readymade softwares are available, e.g. ArcMentor (I was working on this at my previous organization Wink | ;) )
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

Hi,
 
I would recomend using a sniffer. If you want to use existing application you can use Ethercap or Wireshark or TCPDUMP.
 
If you, though, want to implement your own sniffer, you shall study LIBPCAP libreary.
 
Best Regards
J. K.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 321
1 Sergey Alexandrovich Kryukov 286
2 RyanDev 75
3 PhilLenoir 70
4 nv3 60
0 Sergey Alexandrovich Kryukov 6,691
1 OriginalGriff 6,119
2 CPallini 2,473
3 Richard MacCutchan 1,697
4 Abhinav S 1,560


Advertise | Privacy | Mobile
Web03 | 2.8.140821.2 | Last Updated 21 Feb 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100