Use Desktop Duplication API to capture Logon & Lock Screens - windows

Since Windows 10 doesn't support Mirror drivers, how do I use Desktop Duplication API to capture console at all times i.e. start with logon window, then user's desktop (after the user logs in) and also the lock screen?

Detect desktop Switch event then SetThreadDesktop on the thread that is capturing and make sure you're running as SYSTEM user.

Related

Launch my application before the Windows logon screen

In a personal project, I want to display my application before (or above) the Windows Logon, ie just before entering the Windows password.
The application must "hide" the password entry screen. I used to launch an application at Windows startup but this after viewing the Windows desktop.
Is it possible to do this please? Should I create a Windows service that will launch my application?
Thanks for your help
If this is just a personal project on your own machine you could set Windows to autologon and then just run your application like a normal startup shortcut.
A NT service is the only documented way to run code before a user logs on. However, spawning a new process in another session and interacting with the Winlogon desktop and putting yourself on top of LogonUI.exe is going to be a hack.

Windows Containers - Is it possible to interact with desktop apps running in a container using the Desktop Sharing API?

I understand that desktop/GUI apps are not supported in Windows containers. They do run but there's no built-in way to interact with them. I had the following idea - maybe I could use the Desktop Sharing API (https://learn.microsoft.com/en-us/windows/win32/api/_rdp/) for this purpose, the idea is to run a desktop app, then run a sharing program that uses the Desktop Sharing API, and connect to it using a Desktop Sharing API viewing program from the host.
I had to do some recap about window stations and desktops, and I noticed that when starting the container with cmd in interactive mode, I'm logged with ContainerAdministrator as a service (logon type 5). I tried running some WinAPI functions that deal with desktops and winstation and got some access denied results, so I switched to running cmd as system.
The window station of the cmd process (and other child processes) is not the interactive WinSta0, but instead some other service window station, which makes sense since I'm logged on as a service, and I figured that I can't use this window station, so I used a little program I wrote to run notepad in Winsta0 in the Default desktop. Afterwards I ran another program that enumerates the windows on WinSta0\Default, and the notepad window does get enumerated and I also get it's title, so it's running somewhere.
So now I tried running the desktop sharing API program (also on WinSta0\Default). It runs and I can connect from the host, but I only get a black screen without anything on it. I also tried running a program that takes a screenshot of the windows but I get an empty bitmap.
So I thought maybe the Default desktop is not the active desktop, and by using the OpenInputDesktop function I could confirm it - the current desktop was the Winlogon desktop, so I used the SwitchDesktop function to switch to the Default desktop (I used OpenInputDesktop again to verify that it actually worked).
Unfortunately, this didn't change anything, I still get an empty screen and empty bitmaps.
I know that containers are built for micro services and are not supposed to run GUI apps and so, but still - is there a way to make this work? Or any ideas of what else I can check? Alternatively, if you know that it can't work - I would also be happy to hear a good technical explanation of why it doesn't work.

Freeze keyboard and mouse on Windows

I want to create a program for a computer lab. The computers in lab are running Windows 7 and are connected via LAN. The program should freeze keyboard and mouse when PC gets disconnected from LAN and also show a fullscreen message.
Currently I have created the first version of this program that works almost fine. It runs with startup. But the problem is that the users can kill it from Task Manager. I've tried running it as a windows service and it runs but cannot interact with desktop, so it cannot freeze the keyboard and mouse.
Any suggestions is appreciated. Thanks in advance.
So I finally solved it.
The reason my program could not interact with desktop is that it runs in Session 0.
This is because the Windows services run in session 0 and cannot directly interact with desktop. Here by interaction I mean receiving keyboard, mouse events and creating or accessing windows in user's desktop.
So I created a service that runs with SYSTEM account. It will create the "freezer process" in user's session. Also this process will run with SYSTEM account, so the normal user will not have privileges to kill.

How to use SetWindowsHookEx in Vista and hook Admin apps with UAC?

I'm trying to figure out if there's a way to use SetWindowsHookEx and be able to affect apps that are run with Admin rights on Vista, with UAC enabled. This is an app that will need to add a small button to the caption bar of other windows to enable some multi-monitor-aware handling. I would have thought this couldn't be done, but I've seen one app that appears to do this. As far as I can tell, this other apps is not being run with Admin rights, and yet it can affect all apps in the system, including those with Admin privilege.
It would seem that there's a way to do this, then, but I'm at a loss on how. My app only needs to be able to draw on window title bars and be able to affect their movement and size. I don't need to do anything else.
You can't, as administrative processes are isolated from non-administrative processes running on the same user desktop. You can't even drag and drop between admin and non-admin processes.
This is an in-dept analysis: http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx
About the application you are referencing, it probably uses some administrative code running in background (usually as a service) so it can interact with administrative processes.

Screen capture and event with Vista UAC

I'ved developed a c# application that captures screens using bitblt and sends keyboard and mouse events using calls to keybd_event and mouse_event.
According to Microsoft I needed to modify the app.manifest with:
requestedExecutionLevel level="highestAvailable" uiAccess="true"
Sign the application and place it in a trusted location (program files).
I have done all of these to get the application to run under elevated priviledges under Vista but when UAC dialogs appear it does not capture those screens and the keyboard and mouse events do not reach the UAC dialog.
I am guess that UAC runs in a different desktop?? if so, how would i capture that? and how can i detect when the desktop switches to a UAC dialog in c#? or have i just missed a step?
UAC runs on the secure desktop, only trusted processes running on the system account are allowed to run in that context.
This is to prevent exactly what you are trying to achieve - processes spoofing or capturing user input.
You cannot. The UAC desktop is secure because it doesn't allow anyone to access it.
To detect the desktop switch event, I would try to use SENS or WTSRegisterSessionNotification. But it doesn't look very promising.

Resources