Is it possible to write a service program that would catch an event of someone trying to take a screen capture? Not that of pressing a printscreen button or any other key combination, though, but of the event itself, even if it is done by some external tool?
Asked
Active
Viewed 94 times
2
-
To make sure that people on client computers do not copy sensitive information via clipboard. – Max Oct 17 '11 at 10:46
-
Is this to be a windows forms app? Only if it's a web app then unless you get the client to install your special sniffing program on their machine, you won't be able to do it. – Tom Chantler Oct 17 '11 at 10:57
-
1It can't really be done. See this question for more: http://stackoverflow.com/questions/774925/detect-when-users-take-screenshots-of-my-program – Tom Chantler Oct 17 '11 at 10:58
2 Answers
2
You can't realistically, because anyone could write a simple application that can take a screenshot.
The command being, GetDC(NULL) (msdn GetDC).
Hooking this function also wouldn't work since apps can make use of this for legitimate reasons so you'd have to try and filter out false positives.
Also, you've only prevented one class of problem, what if the user emails the file to someone? What if the user copies the text rather than uses a screen shot? What if the user takes a photo using their mobile phone?
If you have sensitive information that must be protected the only real option is to educate users and/or restrict their access. E.g. machines with sensitive information are not connected to a public network, USB drives are disabled and user's are not allowed to bring anything with a camera or data storage near the machines.
If it's just to avoid silly mistakes, then you could hook the keyboard and look for the print screen key. This however will not detect applications (such as Snipping Tool).
Chris Chilvers
- 6,429
- 3
- 32
- 53
-
OK, this is pretty much what I was trying to communicate to my boss, thanks. – Max Oct 17 '11 at 11:05
1
This could be done via a clentscript and using AJAX to send a message back to your servers, however you cannot guarantee the user wont have javascript turned off, or the user gets around this by running through a proxy or vm environment.
In short you could do this but there is no way to 100% guarantee its effectiveness.
Sheff
- 3,474
- 3
- 33
- 35