C# - Transparent Window to defeat Keyloggers

Asked 10/4, 2013 at 19:54 Answered 25/5, 2013 at 4:37

How can I create a window which is fully apparent to the user but is not visible in screenshots. I know that this is possible since Neo SafeKeys (an onscreen keyboard to defeat keyloggers) does not appear in the screenshots taken by keylogging software I installed.

To give you an idea, the window is fully visible to the user, however when a screenshot is taken, the Neo SafeKeys window does not appear at all (as if it does not even exist).

Neo SafeKeys states that it uses an invisible protection layer above the window to protect against screenshots. I have searched all over the internet to see how can I reproduce this, to no avail. Does anybody know how this can be performed (windows which is visible to user but invisible in screenshots)?

Ingaingaberg answered 10/4, 2013 at 19:54 Comment(6)

I'ts just a guess but maybe you have to catch screenshot event and vanish window right before it? – Lila 10/4, 2013 at 19:57

Can this be done using C#? Or does it require low-level programming like C? – Ingaingaberg 10/4, 2013 at 19:58

You can use C# indirectly trough interop. – Lila 10/4, 2013 at 19:59

@DenysDenysenko How can you vanish the window before the catch screenshot event if it has not occured yet? – Ingaingaberg 10/4, 2013 at 20:0

As I sad it's just a guess. You can handle same events as you would do with WinAPI and if there is some then you can use it. – Lila 10/4, 2013 at 20:4

I don't know if this was possible but an overlay image using gamma such as this question? superuser.com/questions/579216/…, this wouldnt stop all though if it was possible – Neptune 10/4, 2013 at 20:9

What you can do is you can prevent the PrtScn key from doing anything when pressed. Take a look at this article while shows you how to do this.

What this article is doing is clearing out the clipboard. What you can do instead is capture the screen image and digitally remove your application, then put the revised image on the clipboard, thus giving the "Effect" of making your window transparent.

Also, you might want to look at this SO question which gives an alternative way to make your window just appear "blue", though its not easy to do.

Doubletime answered 10/4, 2013 at 20:0 Comment(7)

Thank you for your response. However, what happens if a keylogger uses some other screen capture software instead of the usual printscreen? – Ingaingaberg 10/4, 2013 at 20:2

@Ingaingaberg - There simply isn't a way to 100% protect against this. Even if you found a solution, someone could always take a picture of their monitor with a digital camera – Doubletime 10/4, 2013 at 20:3

Thanks for your answer. I am fully aware of the digital camera problem. However, I am solely focusing on keyloggers taking screenshots on one's computer. – Ingaingaberg 10/4, 2013 at 20:5

Thank you for the link by the way :) – Ingaingaberg 10/4, 2013 at 20:6

@Ingaingaberg - Another solution, though not elegant and not recommended could be to setup a timer that clears the clipboard every 500ms or something. – Doubletime 10/4, 2013 at 20:6

Thanks. That seems a viable option against screenshot software which makes use of the clipboard. – Ingaingaberg 10/4, 2013 at 20:8

Follow the "blue" suggestion - most screenshot software isn't able to capture hardware overlays. – Tartar 10/4, 2013 at 20:17

Does anybody know how this can be performed (windows which is visible to user but invisible in screenshots)?

Use DirectX to render directly to the device.

Mister answered 10/4, 2013 at 20:23 Comment(5)

Do you know of any useful guide which might come in handy? – Ingaingaberg 10/4, 2013 at 20:28

What kind of app are you trying to build? Drawing an onscreen keyboard is relatively simple in DirectX, but if you are trying to build something that looks like a normal windows app with WinForms controls (edit boxes, dropdowns, etc) it might be convoluted to get what you want. – Mister 10/4, 2013 at 21:2

I want to create an onscreen keyboard to be displayed in a website. It should obviously be composed of a series of buttons. I don't think that I will add drop-down boxes and the like. The most important thing however is that it is transparent to screenshots. – Ingaingaberg 11/4, 2013 at 9:9

You see, this application is intended to defeat screenshot keyloggers. So it would be desireable if the application is visible to the user but completely invisible in screenshots. I know this is possible since Neo SafeKeys does it. – Ingaingaberg 11/4, 2013 at 9:12

I would definitely stick with DirectX then. 2D drawing of a keyboard and buttons is simple. Note that keyloggers don't need to use PrtScrn keypresses or the clipboard to scrape the screen. Even video memory isn't off limits, but it's just another hurdle. A side consideration is that if you are doing this in a website, you'll need to make a plugin to deploy any of these on a remote machine. There are plenty of plugins like Unity3d that you could render your keyboard in. – Mister 11/4, 2013 at 16:26

In your C# application you can set up a global hook to monitor keyboard events. Then your application becomes the global handler for print screens. Now if another application managed screen prints natively, can't stop that, but anything running through windows, you can get at.

The WM_KEYBOARD_LL hook is one of the few global hooks that can be used in managed code because it doesn't require a DLL to be injected into every target.

For some code you can visit here:

Adam's Blog

Keep in mind that these are global hooks so you want to make sure nothing else (other applications) are effected. I've used these in the past as we hosted showing a power point in an application we worked on. Basically we didn't want the user to invoke any powerpoint menus or keyboard short cuts so we used a global hook. We always checked to see whether the users was in a certain area (screen) and in our application, otherwise we would effect other applications functionality (including our own!)

Microsoft Information:

Hooks Overview

Dysthymia answered 10/4, 2013 at 20:21 Comment(0)

There's this..... visual cryptography

live example here

But this could be easily coded against by taking multiple screenshots and laying them overeachother and such...

Sarto answered 10/4, 2013 at 20:29 Comment(0)

If you are using Windows, and you can avoid that screenlogging happens, you can implement a nice solution like a virtual desktop to embed your process into it. When a process is running inside a virtual desktop it is possible to bypass an screenlogger tool that runs over win32 Api.

Check out this article so you can sneak a peek how to implement a nice solution to scape from screen and keyboard monitoring.

http://www.codeproject.com/Articles/7392/Lock-Windows-Desktop?fid=62485&select=3139662&fr=101#xx0xx

J answered 25/5, 2013 at 4:37 Comment(2)

You should probably summarise more of the link in this answer. – Lilia 25/5, 2013 at 4:56

Yes, you right, this sample is based on the concept of Virtual Desktops, this simple technique has the magic of give an isolated environment where whatever keylogger or screenlogger that works over WIN32 Api will be blocked and won't work as expected. WHen a process runs into a virtual desktop you can achieve some kind of security against typical malware, but what happens if that malware works inside the kernel for example Elite Keylogger? Ok the solution won't work and you need to build for example a Driver to encrypt keystrokes message before a keylogger can catch any clean message. – J 26/5, 2013 at 3:30

Recommended topics

Hot tags