Solved

How to detect if a running Windows application is being accessed remotely?

Posted on 2013-11-06
6
1,045 Views
Last Modified: 2013-11-15
Hi Experts,

I am looking for a way to detect if my running vb.net Windows Forms application is being accessed remotely via software such as Remote Desktop, VNC, Teamviewer etc.

Regards,
Leigh
0
Comment
Question by:LeighWardle
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:chaau
ID: 39629238
There is a Win32 API that is designed for this:
GetSystemMetrics(SM_REMOTESESSION);

Open in new window

When the program running in a remote desktop session the API will return not zero value.
Please check this web-site how to call this API via PInvoke:
Public Declare Auto Function GetSystemMetrics Lib "user32.dll" (ByVal smIndex As Integer) As Integer

Open in new window

0
 
LVL 11

Accepted Solution

by:
SAMIR BHOGAYTA earned 250 total points
ID: 39638009
hi... Try this

using System.Runtime.InteropServices;


 public class RemoteSessionChecker
  {
    /// <summary>
    /// Checks whether the current user is is logged in through a remote session
    /// </summary>
    /// <returns></returns>
    public static bool Check()
    {
      bool IsRemoteSession = false;
      //Constant used to check for remote sessions
      const int SM_REMOTESESSION = 0x2001;
      //This function will return 0 if the session is local
      int Value = GetSystemMetrics(SM_REMOTESESSION);

      IsRemoteSession = (Value != 0);

      return IsRemoteSession;
    }

    [DllImport("user32.dll", EntryPoint = ("GetSystemMetrics"))]
    private static extern int GetSystemMetrics(int nIndex);
  }
0
 
LVL 1

Author Comment

by:LeighWardle
ID: 39640517
Hi samirbhogayta,  thanks for your suggestion.

I am not a c## developer, so I converted your code to vb.net:

Imports System.Runtime.InteropServices

Public Class RemoteSessionChecker
	''' <summary>
	''' Checks whether the current user is is logged in through a remote session
	''' </summary>
	''' <returns></returns>
	Public Shared Function Check() As Boolean
		Dim IsRemoteSession As Boolean = False
		'Constant used to check for remote sessions
		Const  SM_REMOTESESSION As Integer = &H2001
		'This function will return 0 if the session is local
		Dim Value As Integer = GetSystemMetrics(SM_REMOTESESSION)

		IsRemoteSession = (Value <> 0)

		Return IsRemoteSession
	End Function

	<DllImport("user32.dll", EntryPoint := ("GetSystemMetrics"))> _
	Private Shared Function GetSystemMetrics(nIndex As Integer) As Integer
	End Function
End Class

'=======================================================
'Service provided by Telerik (www.telerik.com)
'Conversion powered by NRefactory.
'Twitter: @telerik
'Facebook: facebook.com/telerik
'=======================================================

Open in new window


But the function always returns False - even when I am connected by RDP.

Regards,
Leigh
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 24

Assisted Solution

by:chaau
chaau earned 250 total points
ID: 39640547
SM_REMOTESESSION value is 0x1000, or converting to VB it is &H1000
0
 
LVL 1

Author Comment

by:LeighWardle
ID: 39640593
Thanks, chaau.

Changing SM_REMOTESESSION value (for VB) to &H1000 now makes the code detect if it is connected by RDP.
That's the good news.

The bad news is that it does not detect if it is connected via TeamViewer.  (I haven't tried VNC or anything else).
0
 
LVL 24

Expert Comment

by:chaau
ID: 39640648
Teamviewer, Logmein and such technically do not work via RDP, but connect to the user session. They cannot be detected via SM_REMOTESESSION. You will need to test if processes associated with these services are running using CreateToolhelp32Snapshot() API.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Object to array 7 28
Protecting vb6 & .Net code Obfuscation 18 55
ASP.NET Web API or ASP.NET Core MVC? 3 31
Close word object 13 21
For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now