As others have said there isn’t any decent approach that could be considered
secure on any level.
Now, if you want to protect against the classic Granny attack, I do recall
there being a WM_ message sent when
clipboard data is modified (which is where Print Screen images are sent, I
think). So with a global message hook,
you should be able to detect a Print Screen operation. There is also an api
that
will clear or empty the clipboard, however I don’t know what it’s scope is.
Just search for the ‘clipboard’ api.
While an approach like this is rather lame, I think it’s the only way to
achieve anything remotely
similar to the functionality your seeking, that is, if the clipboard api
work the way I think they do along
with the Print Screen functionality.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Tuesday, March 10, 2009 12:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Preventing user from saving/printing screen
The assumption that you’ll be able to stop a clever user from getting your
app up in a VM is a pretty far-fetched one.
I would say that the hard truth is that this is a losing battle. You can
pour a lot of time and effort to devise complicated solutions for which an
attacker will almost certainly be able to circumvent with a slim fraction of
the effort that you spent devising the system.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jonathon
Sent: Tuesday, March 10, 2009 10:07 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Preventing user from saving/printing screen
Thanks guys for your replies. Actually, assuming that the user is running
on the bare metal (non-virtualized environment) and is prohibited from using
any external devices… what would be the recommended approach?
On Tue, Mar 10, 2009 at 9:11 AM, Hagen Patzke wrote:
On 3/10/2009 4:43 PM, Jake Oshins wrote:
Any solution you come up with can be circumvented quite easily. Just run it
in a VM. Then take the screen shot from the application that shows you the
VM console.
And don’t forget that digital cameras have become cheap and ubiquitous.
Most mobile phones can do “screenshots” that are quite legible.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.8/1985 - Release Date: 03/09/09
07:14:00