capturing a screen from a non-interactive service

Posted on 2008-11-05
Last Modified: 2013-12-04
hello all.

I'm trying to write an exe that will capture a screen on windows and save it into a bitmap file.
I'm using GDI, and I've managed to do it now using the GetDC function. in a nutshell, it is something like that:
HDC desktopDC   = GetDC(NULL);
HDC memDC       = CreateCompatibleDC (desktopDC);
HBITMAP ScreenBitmap = CreateCompatibleBitmap(desktopDC,DesktopWidth,DesktopHeight);

of course, this kind of code is good only if I run my program in interactive mode, and it capture the desktop that I can see. however, I need to run this program as a service, which means it will be in the context of the LOCAL SYSTEM user, and won't have a desktop. what I want it to do, is to find the desktop of a specified user session (which I know that it is connected), and capture it.

is that possible? (programmtically, not from the security point of view)
does anyone know how it can be done? how can I get a DC of a different session that myself?

Question by:Cyber-EE
    LVL 6

    Expert Comment


    Author Comment

    thanks for the answer, ChristianWimmer.

    are you sure this approach will also fail in case the other session is connected using RDP?
    I read a bit about using WTSRegisterSessionNotification & WTSGetActiveConsoleSessionId and such. If the user is connected to the terminal service, isn't it somehow possible to get its session from a service, and then use things like SetProcessWindowStation & SetThreadDesktop in order to get the desktop of the interactive user?

    I didn't understand these function pefectly yet, but does the security problems you mentioned in your answer still problematic with this approach?
    LVL 6

    Accepted Solution

    There is no difference with RDP. You can't get a handle with OpenDesktop for a desktop in another session because there is an if case for this situation (If (Process.Session != Desktop.Session) return 5)
    The only way is a second process that is spawned into the target session.

    You can run a new system process in any session you like. However you should not use this system process to show any windows to the user. A shatter attack could use your GUI to infiltrate the system.
    These steps are necessary to create a system process in any session
    * OpenProcessToken in a service
    * DuplicateToken
    * SetTokenInformation with TokenSessionId to set the target session ID for the new process. Needs TCB privilege!
    * CreateProcessAsUser with the duplicated token. Set also parameter bInheritHandles to FALSE !

    Author Closing Comment

    Thanks for the help

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do email signature updates give you a headache?

    Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

    Suggested Solutions

    Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
    The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
    This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now