Solved

How to detect if my running Windows application is being driven by a remote application?

Posted on 2013-11-18
2
893 Views
Last Modified: 2013-11-24
Hi Experts,

I am looking for a way to detect if my running vb.net Windows Forms application is being driven by software such as Remote Desktop, VNC, Teamviewer etc.

I want to know if any of these applications are controlling my application -

I have code like the following that will let me check if applications such as Teamviewer are running:

Sub Main()
    For Each p As Process In Process.GetProcesses()
      Try
        'Console.WriteLine("{0} {1}", p.Id, Path.GetFileName(p.MainModule.FileName))
        MsgBox(p.Id & " " & Path.GetFileName(p.MainModule.FileName))
      Catch
      End Try

    Next
  End Sub

Open in new window

 
But what I need to know is how to detect if any of these applications are firing keystrokes and mouse movements etc. at my application.

Regards,
Leigh
0
Comment
Question by:LeighWardle
2 Comments
 
LVL 31

Accepted Solution

by:
Frosty555 earned 500 total points
Comment Utility
I can't think of any reliable supported way to do this. The whole point of remote-control software is to simulate mouse and keyboard events exactly as if it was a physical mouse and keyboard performing the actions in a way that is transparent to the operating system and/or software running on the system (since that's how you achieve maximum compatibility). It is difficult to detect by design.

The closest I think you can get is to look for evidence that these sort of programs are running through other means - such as what you have done to look for the presence of the TeamViewer process. You can also look for obvious signs that VNC is running, for example checking if ports 5800-5900 are open. Of course that can be easily circumvented by the user by simply configuring their VNC server to listen on another port.

But even if  you do find reliable ways to detect TeamViewer, VNC and RDP, what about all the other remote control applications out there today, or in the future? Applications like LogMeIn, Ammyy, Radmin, GotoAssist, and a dozen other smaller companies make similar products.

What about BMC/IPMI or IP KVMs which simulate keystrokes at the hardware level for the purposes of remote control? What about a virtual machine running on Hyper-V or in VMWare and being controlled remotely via a management console? Or application virtualization products like Citrix XenApp, Microsoft RemoteApp which run an application on a server and then present it to user at a remote location? These products are virtually undetectable.

Do you draw the line at remote-control applications? What about automation tools like AutoHotkey which simulates keystrokes to automate software?  Gamepads with macro record/playback functionality, programs like Joy2Keys, or things like barcode readers, card swipers or keyboard wedges?

There's an endless number of different programs which simulate keystrokes with various levels of transparency to the operating system for the purposes of remote access, or automation. It would be almost impossible to block them all.

I would argue that whatever the reason is you feel your program needs to know if remote control apps are being used... you're probably mistaken. Preventing the use of remote-control software in conjunction with your application is better enforced by specifying it in the terms-of-service for your application, refusing to provide support for scenarios where the application is being used in an improper manner, or by enforcing it through company policy - the solution is social, not technical.
0
 
LVL 1

Author Closing Comment

by:LeighWardle
Comment Utility
Many thanks, Frosty555, for your detailed exposition on the topic.
Regards,
Leigh
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now