从远程检测打印屏幕/屏幕抓取?

发布于 2024-10-29 22:25:20 字数 639 浏览 4 评论 0原文

几个月来我一直在试图找出如何检测这一点,但没有任何实际进展。无论我尝试用哪条路来测试 C++/C# 代码,结果都是死胡同。

问题: 我有两台计算机,Comp1 和 Comp2。第一个由 Comp2 远程管理(通过本地网络)。 现在,在 Comp1 上,我希望能够检测 Comp2 是否正在运行屏幕抓取(特定的 c#/c++ 函数)或通过该计算机上的远程管理窗口对该计算机进行屏幕截图的代码。

这是不可能的吗?(如果不可能用某种木马或病毒感染 Comp2 - 这绝对是!)

我可以相对轻松地获得有关远程管理本身状态的详细信息(如果此时正在管理或未管理)以及其他内容(例如 IP 管理),但无法准确检测到我想要的内容。

我的下一步是查看 .dll 文件(远程软件正在使用的)可以告诉我什么。然而,我在这里的知识有些有限。 通过挂接已安装并由远程管理软件使用的“视频驱动程序”,我可以获得哪些信息?这是另一个死胡同吗?

另一件让我印象深刻的事情是监视特定端口上的实际数据流量(与当前的远程软件相关),但这也应该会失败,因为只有发送到 Comp2 的数据,或者从 Comp2 发送的鼠标/键盘模拟数据。同样,可以获得(?)

我很感激所有想法、建议或对库条目(即MSDN)的看法。

提前致谢

I've been trying to figure out how to detect this for months without any real progress. Whatever road I'll try out testing C++/C# code, all turns out to be dead ends.

The problem:
I have two computers, Comp1 and Comp2. The first is remotely administered by Comp2 (via local network).
Now, on Comp1 i want to be able to detect if Comp2 are running code that are screen scraping (specific c#/c++ functions), or taking screen shots of, this computer, via the remote administration window on that machine.

Is this impossible? (if infecting Comp2 with some sort of trojan or virus is out of the question - which it definitely is!)

I can relatively easy get detailed information about the state of the remote administration itself (if being administered or not at this time) as well as other stuff (like IP administering) but not detect exactly what I want.

My next step is to see what the .dll files (the remote software are using) can tell me. My knowledge here is somewhat limited however.
What information could I get by hooking the "video driver" that was installed and is being used by the remote administration software? Is that another dead end?

Another thing that struck me would be to monitor the actual data traffic on specific ports (relevant to the current remote software), but that should fail as well because only data of what's being sent to Comp2, or mouse/keyboard emulation being sent from the same, can be obtained (?)

I'd appreciate all ideas, suggestions or points to library entries (i.e MSDN).

Thanks in advance

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

回心转意 2024-11-05 22:25:20

我不完全确定我理解你的问题 - 但无论如何我都会尝试回答它:

首先让我按照我理解的方式重新表述这个问题:

是否有某种方式远程会话的主机可以检测客户端完成的快照/屏幕抓取软件运行?

简短的回答是“否”。

一个简单的类比是考虑将摄像机指向客户端计算机。该摄像机直接记录客户端计算机上的监视器 - 您无法知道正在发生这种情况(除非摄像机选择通过某些自定义界面向您报告)。

屏幕抓取软件也是如此。
屏幕抓取软件记录给定机器中发生的所有情况。
抓取软件正在查看其他机器的事实不会传输到主机(除非您设计的抓取软件正是为了执行此操作)。

返回主机的唯一信息是客户端选择传输的信息。
通常,这只是显示主机的窗口处于活动状态时的键盘/鼠标操作。

I am not entirely sure i understand your question - but i will try to answer it anyway:

First let me rephrase the question the way i understand it:

Is there some way Host for a remote session can detect snapshots/screen scaraping done by the Client software running?

The short answer is "No".

A simple analog would be to consider a camera pointed at the client machine. this camera directly records the monitor on the client machine - there is no way (unless the camera chooses to report to you by some custom interface) that you can know this is happening.

The same holds for the screen scraping software.
Screen scraping software records whatever goes on in a given machine.
The fact that some other machine is being viewed by the scraping software is not transmitted to the Host (Unless you designed the scraping software to do exactly that).

The only information that goes back to the host is what the client chooses to transmit.
Typically this is just the keyboard/mouse operations when the window showing the host is active.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文