How to intercept each trying to use API function i

2019-02-07 11:12发布

i need to block any screen capture software on the computer from taking screen shots. Since all of them are work on standard API-functions, i think i could monitor and block them. I need to use C#. All i have found is how to monitor and block them in a certain program (screen capture program). They are looking for a function in the program, then they change it address on mine function address. But how can i do it, if i haven't any certain programs? I need to block anyone which tries to take a screenshot.

3条回答
相关推荐>>
2楼-- · 2019-02-07 11:44

As Scott just posted it likely can be prevented with API hooks to see that paint events only go to desktop bound handles and not others, and refuse to paint otherwise. However, you need to consider the following scenarios and see if they're relevant threat to your approach or not:

Your software may be running in a virtual machine like VMWare. Such software has capapbilities to capture screen that does so at "virtual hardware" level, and your API hooks will not be able to discern it - and this would be the easiest way approach if I wanted to bypass your protections.

As a post suggests here, nothing also prevents someone to take monitor cable and plug it into another computer's capture card, and take screenshot that way. Again, your hooks will be helpless here.

Bottom line, you can make it somewhat harder to do, but bypassing such protection may be pretty trivial thing to do.

  • My 2c.
查看更多
祖国的老花朵
3楼-- · 2019-02-07 11:51

It is not possible to prevent screenshots from being taken. The battle is already lost because of the DWM (Desktop Window Manager). It's lower level than Win32 and device contexts.

If you want to protect the text in your program, there are a lot easier ways to extract it than doing screenshots and OCR. TextOut and/or Direct2D hooking and accessibility APIs.

If there's a lot of IP in your program. Then don't make it all available onscreen. Make sure it's tedious to crawl the GUI for text, and hard to automate it. And don't load whole texts in memory of the program.

Possible solutions: 1. To prevent copying of text. Draw the text as an image. 2. To prevent accessibility technologies, like screen readers - override WndProc in your control, handle and ignore the window message WM_GETOBJECT. 3. To make it harder if they try to use OCR. Draw graphics behind the text. Human readable, but much harder for a machine to interpret it.

Neither of these methods are invasive for the user.

** A very invasive suggestion **: If you are really serious about preventing anyone from "stealing" your content.

  1. Implement mouse and keyboard hooks. Filter out typical copy shortcuts. Prevent the mouse from leaving the boundaries of your application.
  2. Allow your application to only run when the OS runs well-known processes and services. If any process starts which you don't recognize, black out the application and notify the user about it, and request the user to close it. And ofc make sure someone is not just spoofing a well-known process.
  3. Monitor the clipboard as you suggested yourself.

You can ofc soften some of these suggestions based on the context of your application.

查看更多
forever°为你锁心
4楼-- · 2019-02-07 12:00

If your final goal is possible or not I don't know, but for the hooking the API portion I can help you out.

I have used the library EasyHook many times in the past, this will let you hook and intercept system function calls from C# code fairly easily. Just read through the PDF tutorial for setup instructions.

For actually finding the API's I recommend Rohitab's API Monitor, it's still in Alpha stages but it works really well and is free. You just hook it on to a processes and it tells you every external DLL call it makes (with the parameters it passed if you have the xml definition file for the DLL, the program comes with almost all of the windows API dll's pre-defined).

enter image description here

The combination of EasyHook and API Monitor is a great 1-2 punch for mucking with other program's calls.

查看更多
登录 后发表回答