i need to block any screen capture software on the computer from taking screen shots. Since all of them are work on standard API-functions, i think i could monitor and block them.
I need to use C#.
All i have found is how to monitor and block them in a certain program (screen capture program). They are looking for a function in the program, then they change it address on mine function address.
But how can i do it, if i haven't any certain programs? I need to block anyone which tries to take a screenshot.
If your final goal is possible or not I don't know, but for the hooking the API portion I can help you out.
I have used the library EasyHook many times in the past, this will let you hook and intercept system function calls from C# code fairly easily. Just read through the PDF tutorial for setup instructions.
For actually finding the API's I recommend Rohitab's API Monitor, it's still in Alpha stages but it works really well and is free. You just hook it on to a processes and it tells you every external DLL call it makes (with the parameters it passed if you have the xml definition file for the DLL, the program comes with almost all of the windows API dll's pre-defined).
The combination of EasyHook and API Monitor is a great 1-2 punch for mucking with other program's calls.
It is not possible to prevent screenshots from being taken. The battle is already lost because of the DWM (Desktop Window Manager). It's lower level than Win32 and device contexts.
If you want to protect the text in your program, there are a lot easier ways to extract it than doing screenshots and OCR. TextOut and/or Direct2D hooking and accessibility APIs.
If there's a lot of IP in your program. Then don't make it all available onscreen. Make sure it's tedious to crawl the GUI for text, and hard to automate it. And don't load whole texts in memory of the program.
Possible solutions:
1. To prevent copying of text. Draw the text as an image.
2. To prevent accessibility technologies, like screen readers - override WndProc in your control, handle and ignore the window message WM_GETOBJECT.
3. To make it harder if they try to use OCR. Draw graphics behind the text. Human readable, but much harder for a machine to interpret it.
Neither of these methods are invasive for the user.
** A very invasive suggestion **:
If you are really serious about preventing anyone from "stealing" your content.
Implement mouse and keyboard hooks. Filter out typical copy shortcuts. Prevent the mouse from leaving the boundaries of your application.
Allow your application to only run when the OS runs well-known processes and services.
If any process starts which you don't recognize, black out the application and notify the user about it, and request the user to close it. And ofc make sure someone is not just spoofing a well-known process.
Monitor the clipboard as you suggested yourself.
You can ofc soften some of these suggestions based on the context of your application.
As Scott just posted it likely can be prevented with API hooks to see that paint events only go to desktop bound handles and not others, and refuse to paint otherwise. However, you need to consider the following scenarios and see if they're relevant threat to your approach or not:
Your software may be running in a virtual machine like VMWare. Such software has capapbilities to capture screen that does so at "virtual hardware" level, and your API hooks will not be able to discern it - and this would be the easiest way approach if I wanted to bypass your protections.
As a post suggests here, nothing also prevents someone to take monitor cable and plug it into another computer's capture card, and take screenshot that way. Again, your hooks will be helpless here.
Bottom line, you can make it somewhat harder to do, but bypassing such protection may be pretty trivial thing to do.
My 2c.
Related
I am looking into writing something similar to that of Steady Mouse. My grandpa has tremors pretty badly and it prevents him from doing too much on the computer. Unfortunately it doesn't appear to work on Windows 10 and it seems the developer has discontinued working on the project. Seeing as I am looking for project to add to my portfolio, I figured I would see if I could maybe hack something together, only problem being I've never done anything this low level before so I am unsure of where to begin.
It seems the Kalman Filter is my best bet as an filtering algorithm, but I am unsure of how to provide the input. I've never used the Windows API, is this something it provides? Or, do I instead hook directly into the mouse device itself, and how is this possible? Am I even on the right track here?
I am assuming this would best be a background running process booted on startup, that filters the device input before the OS draws the cursor on the screen. Obviously, this would need to access all events and mouse movements regardless of which program is being used.
Investigate Windows Message Hook functions, it is possible to intercept/change Windows messages such as WM_MOUSEMOVE.
I'm working on a small tool for a DirectX game and I want to prevent the user from pressing a certain key (F12 in this case) for a certain period.
I could find many options for simulating keypresses but what are the options when it comes to nulling out a keystroke before the game reads it?
The language doesn't really matter, although I would prefer a C# or C++ solution, or just a nudge in the right direction :)
Thanks in advance!
The good news is, I've done this before so I can say that it is possible and it does work.
The bad news is that it's not simple. It requires a lot of complicated code, and will likely take a long time to implement, but I'll explain how you can do it.
Applications like DirectX games usually register for raw input.
Since you want to stop a keyboard event from reaching the application, you need a way to insert your code between the raw input and the game so you can check the raw input and decide whether to allow it to be passed to the game:
So you want to change the flow from:
Raw Input --> Game
to
Raw Input --> Your Code --> Game
Without having access to the source code of the game, you have to find a way to insert your code.
When there is keyboard input available, the game will call the WinAPI function GetRawInputData, which will tell it about the keyboard event. Ideally, what we want is when the game calls this function, it actually calls our code instead of the WinAPI function. Then we can decide what to tell the game about the keyboard event, we could tell it anything we want (e.g. ignore F12). Sounds great right? Here's where it gets interesting...
We can take advantage of how windows loads executables into memory. Typically, a program uses (or 'imports') calls to functions in other DLLs (such as GetRawInputData, in User32.dll). When the program gets loaded into memory, Windows will fill in a table (the Import Address Table (IAT)) with pointers to the executable code in the appropriate DLLs. This means that when the program calls the function, it gets directed to the executable code in User32.dll in memory to run it.
Wouldn't it be great if we could write/patch the address of one of our functions into that table, so that when the game calls GetRawInputData, it actually gets directed to our function for us to process? Well we can! It's called Import Address Table Patching.
There's a pretty good article on it here with some working code in C++. You should first read it to understand in more detail how it works, then you can modify it to support your needs. It will work, but I know it's probably more work (much more work) than you would have been hoping for, but essentially you're hacking the application which is never easy to do.
It's worth doing, even just to gain a better understanding of Windows behind the scenes.
Good luck!
EDIT
As Simon said, Windows Hooks is a much simpler way to do it if the game isn't using raw input. DirectX Games tend to be a special case that don't really work too well with standard Hooks as they use special methods to get the input from the user. By all means give it a go though, it will be a lot easier if it works.
I need to capture the visual output (like a screenshot) of a DirectX window.
Currently, I use this approach.
But, when the window is in background, it captures whatever is in front of it.
I see that DirectX windows render even when minimized or in background, so this should be possible.
But, how? (It also needs to be fast, and it needs to work on Windows XP too, unfortunately...)
Edit: I am very busy these days... Don't worry, I'll put the bounty back if it expires.
To capture Direct3D windows that are in the background (or moved off screen), I believe you have the following options:
Inject and hook Direct3D within the target application via the link you have already posted or this more up-to-date example (EasyHook can be difficult to get setup but it does work really well) - you can always ask for help about getting it working. I have used that technique for capturing in a number of games without issues (most recently for an ambilight-clone project). The problem with this approach is your concern about game protection causing bans, however FRAPs also uses hooking to achieve this, so perhaps your concerns are exaggerated? I guess gamers being banned for a screen shot is an expensive way of finding out.
For windowed applications on Vista/Win 7 - you could inject and hook the DWM and make your capture requests through its shared surface. I have had this working on Vista, but have not finished getting it working on Windows 7, here is an example of it working for Windows 7 http://www.youtube.com/watch?v=G75WKeXqXkc. The main problem with this approach is the use of undocumented API's which could mean your application breaks without any warning upon a windows patch release - also you would have to redo the technique for each new major Windows flavour. This also does not address your need to capture in Windows XP.
Also within the DWM, there is a thumbnail API. This has limitations depending on what your trying to do. There is some information on this API along with other DWM API's here http://blogs.msdn.com/b/greg_schechter/archive/2006/09/14/753605.aspx
There are other techniques for intercepting the Direct3D calls without using EasyHook, such as substituting the various DLL's with wrappers. You will find various other game hooking/interception techniques here: http://www.gamedeception.net/
Simply bring the Direct3D application to the foreground (which I guess is undesirable in your situation) - this wouldn't work for off-screen windows unless you also move the window.
Unfortunately the only solution for Windows XP that I can think of is intercepting the Direct3D API in some form.
Just a clarification on Direct3D rendering while minimised. During my fairly limited testing on this matter I have found this to be application dependant; it is generally not recommended that rendering take place while the application is minimized (also this reference), it does continue to render while in the background however.
UPDATED: provided additional link to more up-to-date injection example for point 1.
A quick google and i found this Code Project which relates to Windows XP. I dont know if you can apply this knowledge to Windows Vista and 7??
http://www.codeproject.com/Articles/5051/Various-methods-for-capturing-the-screen
EDIT:
I found this article as well:
http://www.codeproject.com/Articles/20651/Capturing-Minimized-Window-A-Kid-s-Trick
This links off from Justins blog post here from the comments. It seems he was working on this with someone (i see thats your link about).
http://spazzarama.com/2009/02/07/screencapture-with-direct3d/
The code that you linked to (from spazzarama), which you said you were using in your project, captures the front buffer of your DirectX device. Have you tried capturing the back buffer instead? Going from the code on your linked site, you would change line 90 from
device.GetFrontBufferData(0, surface);
to
Surface backbuffer = device.GetBackBuffer(0, 0, BackBufferType.Mono);
SurfaceLoader.Save("Screenshot.bmp", ImageFileFormat.Bmp, backbuffer);
This would also involve removing lines 96-98 in your linked example. The backbuffer might be generated without the obstructing window.
EDIT
Nevermind all of that. I just realized that your linked sample code is using the window handle to define a region of the screen, and not actually doing anything with the DirectX window. Your sample code won't work around the obstruction because your region is already drawn with the other window in front of it by the time you access it.
Your best bet to salvage the application is probably to bring the DirectX window to the top of the screen before running the code to capture the image. You can use the Wind32API BringWindowToTop function to do that (http://msdn.microsoft.com/en-us/library/ms632673%28VS.85%29.aspx).
I would like to know if it is possible to mute only a specific window. For example I have got Firefox open and two more windows. I want to mute everything related to Firefox but not the whole sound of my computer.
Is this possible? If so, how can it be done?
look, basically, there isn't any relation between the window handle and the sound which something in its code is playing.. the audio card can't tell who wants it to play.
theoretically, there is an option to do what you want on web browsers, but it's not easy, and not 100%. it goes like this:
most of the audio that is playing from browsers are from known objects like wmp/quick time/vlc/flash/etc..
when the user will choose to mute all audio from firefox, your application will search those known objects in the firefox tabs, and mute/unmute them using their api.
in order to do that, you will need to write an extension to firefox, so you could have an access to the tabs memory from your application.
btw, what os?
and check this out: http://www.indev.no/?p=projects#flashmute (flashmute) i believe it does what is said - only for flash.
On Vista/Windows 7:
I expect there to be some API which can change the volume on a per process basis which the audiomanager uses. Should be relatively straight forward to use.
On XP
I don't think there is any built in functionality for what you want to do. I recommend just not offering that feature on XP. But if you really want to, there are some hackish solutions:
Usermode API hooking. Intercept the calls to audioapis with your own functions. These change the volume or manipulate the audiosignal so you get what you want. You need to do this differently for any of the several available audio-apis. I guess DirectSound and DirectShow are particularly annoying. And this requires injection of a dll into any process you want to manipulate. And this dll better not require the .net runtime. Search for IAT(import address table) or EAT(export address table) hooking.
Kernel mode audio hooking. Write a driver which intercepts the audio in the kernel and changes it on a per process basis. No clue how to do that.
But as you can see both solutions aren't good.
Several years back, I innocently tried to write a little app to save my tactically placed desktop icons because I was sick of dragging them back to their locations when some event reset them. I gave up after buring WAY too much time having failed to find a way to query, much less save and reset, my icons' desktop position.
Anyone know where Windows persists this info and if there's an API to set them?
Thanks,
Richard
If I'm not mistaken the desktop is just a ListView, and you'll have to send the LVM_SETITEMPOSITION message to the handle of the desktop.
I googled a bit for some c# code and couldn't find a example, but I did found the following article. Torry: ...get/set the positions of desktop icons?. It's delphi code, but I find it very readable and with some P/Invokes you'll be able to translate it to c#.
The desktop is just a ListView control and you can get its handle and send messages to it to move icons around using LVM_SETITEMPOSITION.
Getting icon positions using LVMGETITEMPOS is a bit more complicated, though. You have to pass a pointer to a POINT structure as your LPARAM. If you try to do that, you will likely crash Explorer. The problem is you passed it a pointer in your address space, which the control interpreted as a pointer in Explorer's address space. Ouch!
The solution I've used is to inject a DLL into the Explorer process and send the message from there. Then you just have to have a way to get the position info back to your process.
I am still looking into this and will post the result once I finally get something working. I'm posting this because, thanks indirectly to Davy's post, I also found a classic VB implementation:
Shuffle Desktop Icons Using Interprocess Memory Communication
and that will probably be the basis for my code.
I have no idea about the API, but I know Ultramon (http://www.realtimesoft.com/ultramon/) has a feature included for preserving icon placement (although I've never used it for preserving icon location, it is indispensable for multiple monitor usage). The latest beta release works flawlessly with Vista (except for sometimes having a minor glitch or two when initially logging into my machine via RDP), and of course, haven't had any issues with XP. I've used it for over four years now.
And did I mention that it's the best utility for multiple monitor usage?
may be you want this one?I find it in 《WindowsCoreProgramming 5th》 https://github.com/wang1902568721/WindowsCoreProgramming