I am working on a real time video processing application, as a result I am doing some processing of sensitive information in my driver, and then displaying that information on the screen. However, due to security reasons, I would like to prevent this information from being accessed directly from the host PC and thus looking to create some sort of privacy filter. For example, anytime a screenshot is happening (Print Screen, BitBlt, etc) then my driver will need to detect this and then either turn off the information OR add a black screen overlay etc. In terms of the drawing and functions, I know how to do this but I am not too familiar with how I would create the actual hook or sensing mechanism to detect WHEN a screenshot or specific function is happening from kernel. I presume this must be done with some sort of kernel hook?
Is this any example online or tutorial online that I can follow through to do this properly?
How will you stop cell phone cameras? What you’re talking about is fake security. A Direct3D app can get a pointer to the frame buffer and read whatever they want.
@Tim_Roberts said:
How will you stop cell phone cameras? What you’re talking about is fake security. A Direct3D app can get a pointer to the frame buffer and read whatever they want.
Preventing all forms of unauthorized screen capture is truly challenging, but it’s not accurate to label this security measure as ‘fake.’ In specific scenarios, such as proctored exams where auditors are present, external screen capture can be effectively monitored and mitigated. There are various other instances where similar precautions can be taken. In any case, I’m interested in exploring ways to enhance monitoring capabilities as in my example above, as there are useful applications in certain environments. That’s why I’m seeking advice here. If you have insights on this matter, please do share
Giving people a false sense of full security is both wrong and illegal (?).
But “fake security” has been sold and actually prevented a lot. It’s enough
that it makes a difference.
I am against killing people’s ideas that early in this particular field (of
“fake” security), originally (early 2000s) I agreed, but since then I have
become quite against it.
Some added securiry is better than none. Same as with the law - it does not
detter all against doing something, but even if a few are detterred, it is
worth it.
Any suggestions or tips here how to proceed? After some research it seems I would need to do some sort of detour hook, but is there some example code or tutorial I can follow as this topic is more specialized and I am unfamiliar with it
Is your super sensitive information displayed to the use by an application that you control? If not, and it is displayed using GDI or GDI+, your task is impossible without making the program harder to use because the security boundary in Windows for GDI objects allows arbitrary communication between applications in the same desktop. The notes on MSDN for SendMessage / PostMessage are very clear on this. Also look at WindowStation and Desktop objects.
You can also look at UM message hooking. But remember that any admin can disable or bypass your solution, and any user can disable / bypass your solution in the same desktop as the application. Software that reduces / inhibits the normal function of the OS does not help anyone.
@MBond2 can you elaborate? The info I’ll be displaying involves a blend of text and windows GDI graphics, with most of the control coming from the driver that I developed. I’m interested in knowing if there’s a method to identify the time when specific functions are invoked (such as Print Screen or alternative methods of capturing a screenshot using Windows API functions). If such a detection method exists, then I can try to hook that function so that I could would grant my driver the capability to activate a privacy filter until the screenshot is captured.
There is no “Print Screen” function. It’s done by doing a BitBlt from the desktop window, or a BitBlt from your application’s window. However, it can also be done by using DirectDraw or Direct3D to grab a pointer to the main frame buffer, or by using the fancy Alt-Tab processing, which displays a smaller version of the window, plus probably a half-dozen other methods. And if the user has a shadow display, like VNC, then there’s another driver involved that you don’t own.
I’m telling you, what you’re attempting is hopeless. If this is in a corporate environment, then you TELL your users “don’t PrintScreen this or you will be fired.”
Hi Tim, I appreciate your input, but I’m struggling to grasp why you consider this method hopeless. In fact, there are many examples where I feel this could add value. For example, don’t most reputable antivirus companies already employ measures to thwart screen capture attempts? This could be accomplished by intercepting API calls or functions associated with screen capture, as you pointed out, thereby deterring such efforts. Additionally, I can think of some more scenarios where implementing this could be beneficial in safeguarding or managing the environment… (anti-virus programs, anti-cheating applications, safeguarding proprietary information, preventing piracy, copyrighting, and more…)
Anyways, assuming I want to just limit just a specific function (e.g. BitBlt), as opposed to ALL of them, I feel this should be possible. Any guidance or direction on this matter would be appreciated.
I appreciate your input, but I’m struggling to grasp why you feel this endeavor is hopeless. In fact, I feel there are many applications where this would be useful. For example, don’t most reputable antivirus companies already employ measures to thwart screen capture attempts? This could be accomplished by intercepting API calls associated with screen capture, as you pointed out, thereby deterring such efforts. Additionally, I can think of numerous other scenarios where implementing this could be beneficial in safeguarding or managing the environment (anti-virus programs, anti-cheating applications, anti-piracy efforts, copyrighting and trademarking, safeguarding proprietary information, and more…).
Anyways, with all that being said, it should be feasible and possible to be able to detect when a certain screen capture api or sys call is happening (such as BitBlt). I was hoping to receive some direction on this matter.
don’t most reputable antivirus companies already employ measures to thwart screen capture attempts?
No. Why would they? Antivirus products are about keeping bad things out, not preventing access to data I already have.
Anti-cheating is an interesting subplot, but games are Direct3D applications that own and strictly control the frame buffer, so normal things (like BitBlt) don’t work anyway.
don’t most reputable antivirus companies already employ measures to thwart screen capture attempts?
No. Why would they? Antivirus products are about keeping bad things out, not preventing access to data I already have.
Anti-cheating is an interesting subplot, but games are Direct3D applications that own and strictly control the frame buffer, so normal things (like BitBlt) don’t work anyway.
Some antivirus products do indeed incorporate measures to thwart screenshots. In the event of a malicious installation, such as a trojan or rootkit, unauthorized screenshots of the entire desktop (including sensitive information like banking details) can be taken. Intercepting this action from an antivirus perspective could effectively prevent the transmission of such data.
As for BitBlt, we can capture the entire Desktop screen, not necessarily the window handle of the game application. Of course, I agree that there are many alternative methods for someone to access this sensitive information, but ultimately, blocking these screenshots could prove to be a valuable defensive measure under many circumstances…
Anti-cheating tools are generally drivers that protect game executables from unwanted program access by filtering file open access requests. That approach does not work at all for screen shots of graphics displayed on the desktop. Every user has access to stuff visible on the desktop, it is more or less essential to a gui based system.
So out of curiosity I looked to see what hideous shite was available. LockLizard (https://www.locklizard.com/stop-screenshots-grabbers/) works by tracking when the mouse leaves your protected application window(s) and slapping a mask image on top of the normal window. My guess is that this is easily defeated by using, for example, snippy’s timer based snapshot, or any other mechanism that can be invoked while the mouse is ‘inside’ the protected window.
It should be noted that many ‘useful’ things are impossible. For example, I would love to plan a money tree in my garden, but somehow it never quite works.
Just FYI, if you install Kaspersky and go to your banking website, click on the username field, it will use HV and hook bitblt in the kernel. This will result in every screenshot appearing as black.
I am looking for guidance on how to implement this similar kernel hook to bitblt.
Lots of anti-virus and ‘security’ software including Kaspersky implement lots of ‘features’ that are useless at best and more commonly plain malware. Many of these are worse than useless because they provide an illusion of security that does not exist. And they interfere with normal operations, and often have bugs that causes crashes or data corruption.
In this example, I expect they use GDI hooks. But it is basically useless since the contents of that box can be captured via ReadProcessMemory, a memory dump created from task manager, and many other ways
Okay got it, let me ask another question then: Is there a more effective way to protect sensitive information displayed by my application from being accessed by other drivers or applications?
Also, I suggest that you read up on how UAC works. You need some kind of security boundary between your special process and you can’t just invent one. You have to work within the security model of the OS
Also, I suggest that you read up on how UAC works. You need some kind of security boundary between your special process and you can’t just invent one. You have to work within the security model of the OS