C# Screenshot winlogon as well as User Desktop

I am working with screen sharing project.But i was got into trouble to capture secure desktop. I have already ask related question here and got Answer too

Pls go through above link

as suggested by dymanoid. I am using PsExec exe to capture secured desktop/winlogon desktop as below

The /x and /s switches run the process under the SYSTEM account and on the Winlogon desktop.

PsExec /i /h /x /d /s "path_\screencapture.exe"

Now screencapture exe is running as SYSTEM account on winlogon desktop, i able to see screencapture exe on user login screen but not on user desktop screen.

Now the things reverse i able to capture user login screen but not user desktop.

User desktop gives me Empty/black screen.

If i remove /x from command as below then i able to get userdesktop not secured desktop

PsExec /i /h /d /s "path_\screencapture.exe"

My question is if there any way to do this

I am unable to test my theory since I'm at work. + I do not have the rights to comment yet... So please bear with me, if this does not work.

Running as system could be related that it does not have a "desktop" directory. So please create a these directories:

32-bit: %windir%\System32\config\systemprofile\desktop
64-bit: %windir%\SYSWOW64\config\systemprofile\desktop

Try again with the SYSTEM account:

PsExec -i -h -x -d -s "path_\screencapture.exe"

Sometimes the working directory is "read only" so by specifying that you could get it to work

PsExec -i -h -x -d -s -w c:\temp "path_\screencapture.exe"

If that does not work, try to attach it to a session, query the user-sessions available to see if a secure desktop are running its own sessioname, i command-prompt enter this:

query sessions

 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
>console           xxxx                      2  Active
 rdp-tcp                                 65536  Listen

My only session available here is services = 0 and mylogin = 2.

I would suggest to try

PsExec -i 0 -h -x -d -s -w c:\temp "path_\screencapture.exe"

PsExec -i 2 -h -x -d -s -w c:\temp "path_\screencapture.exe"

And see if there are any difference in the captures.

I have never worked with the secure desktop before, so it could be an extra layer. In a user situation the -i has always worked fine for me.

Good luck :)

Edit:
I have tested this out with luck, this is what I did:

Downloaded a capture tool with gui, I tried 7capture.com
Then I started 7capture.exe like this:

PsExec -i -s -x c:\7capture.exe

Now I showed the secure desktop with "run as admin" on something. When the popup comes, I pushed ALT+TAB and there was 7capture :)
Press the "Refresh" button to see a list of items. The "desktop" is called something like "$$$Secure UAP Background window" on my computer.
Voila, capture taken and visible

Now for the code on Screenshot secure desktop

I would change the desktop HWND call:

Win32Stuff.GetDesktopWindow();

To a Enum function and take a picture of every HWND you find in the secure desktop.

Untested, but I belive you can use this:

[DllImport("user32.dll")]
private static extern bool EnumWindows(EnumWindowsProc enumProc, IntPtr lParam);

// Delegate to filter which windows to include 
public delegate bool EnumWindowsProc(IntPtr hWnd, IntPtr lParam);

Give that a try and see if you can make it work for all scenarios.

Edit2:
Since these are 2 different user scopes, you need to run two copies of Screencapture.exe. One for secure desktop and one for the interactive session: UAC: