• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 998
  • Last Modified:

How to detect if my running Windows application is being driven by a remote application?

Hi Experts,

I am looking for a way to detect if my running vb.net Windows Forms application is being driven by software such as Remote Desktop, VNC, Teamviewer etc.

I want to know if any of these applications are controlling my application -

I have code like the following that will let me check if applications such as Teamviewer are running:

Sub Main()
    For Each p As Process In Process.GetProcesses()
      Try
        'Console.WriteLine("{0} {1}", p.Id, Path.GetFileName(p.MainModule.FileName))
        MsgBox(p.Id & " " & Path.GetFileName(p.MainModule.FileName))
      Catch
      End Try

    Next
  End Sub

Open in new window

 
But what I need to know is how to detect if any of these applications are firing keystrokes and mouse movements etc. at my application.

Regards,
Leigh
0
LeighWardle
Asked:
LeighWardle
1 Solution
 
Frosty555Commented:
I can't think of any reliable supported way to do this. The whole point of remote-control software is to simulate mouse and keyboard events exactly as if it was a physical mouse and keyboard performing the actions in a way that is transparent to the operating system and/or software running on the system (since that's how you achieve maximum compatibility). It is difficult to detect by design.

The closest I think you can get is to look for evidence that these sort of programs are running through other means - such as what you have done to look for the presence of the TeamViewer process. You can also look for obvious signs that VNC is running, for example checking if ports 5800-5900 are open. Of course that can be easily circumvented by the user by simply configuring their VNC server to listen on another port.

But even if  you do find reliable ways to detect TeamViewer, VNC and RDP, what about all the other remote control applications out there today, or in the future? Applications like LogMeIn, Ammyy, Radmin, GotoAssist, and a dozen other smaller companies make similar products.

What about BMC/IPMI or IP KVMs which simulate keystrokes at the hardware level for the purposes of remote control? What about a virtual machine running on Hyper-V or in VMWare and being controlled remotely via a management console? Or application virtualization products like Citrix XenApp, Microsoft RemoteApp which run an application on a server and then present it to user at a remote location? These products are virtually undetectable.

Do you draw the line at remote-control applications? What about automation tools like AutoHotkey which simulates keystrokes to automate software?  Gamepads with macro record/playback functionality, programs like Joy2Keys, or things like barcode readers, card swipers or keyboard wedges?

There's an endless number of different programs which simulate keystrokes with various levels of transparency to the operating system for the purposes of remote access, or automation. It would be almost impossible to block them all.

I would argue that whatever the reason is you feel your program needs to know if remote control apps are being used... you're probably mistaken. Preventing the use of remote-control software in conjunction with your application is better enforced by specifying it in the terms-of-service for your application, refusing to provide support for scenarios where the application is being used in an improper manner, or by enforcing it through company policy - the solution is social, not technical.
0
 
LeighWardleAuthor Commented:
Many thanks, Frosty555, for your detailed exposition on the topic.
Regards,
Leigh
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now