Hi Guys, please help me out on this,
I've captured the screenshot of the active screen on the machine. Now am stuck with getting it copied to a file :sad:
I'm not sure how to proceed with it. Please help me out.
Thanks,
C K
I've captured the screenshot of the active screen on the machine. Now am stuck with getting it copied to a file :sad:
I'm not sure how to proceed with it. Please help me out.
invoke keybd_event, VK_SNAPSHOT, 0, 0, 0
invoke OpenClipboard,0
invoke GetClipboardData, CF_BITMAP
mov hClipboard,eax
Thanks,
C K
That returns a HBITMAP.
The following pseudocode is naiive, but should work.
Just provide a suitable pathname for the file eg "TESTFILE.BMP"
Note that you should make sure that OpenClipboard succeeded before proceeding!
I'm pretty sure you are writing a trojan / rat based on the sum total of your posts since you joined this forum, which is against The Rules of this forum, however I will overlook your intent until you clearly cross the line.
Just be aware that we will not tolerate malcode, or malcoders here.
There are more suitable forums for those kinds of topics.
The following pseudocode is naiive, but should work.
;Get pointer to raw data, and its size
invoke GlobalLock, hClipboard
mov pData,eax
invoke GlobalSize,pData
mov dLen,eax
;Open a new/existing file for writing
invoke CreateFile,pstrName,GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
mov hFile,eax
;Write all the data
.while dLen>0
mov dWrote,0
invoke WriteFile,hFile,pData,dLen,addr dWrote,NULL
mov eax,dWrote
sub dLen,eax
add pData,eax
.endw
;Dont forget to unlock the data
invoke GlobalUnlock,hClipboard
Just provide a suitable pathname for the file eg "TESTFILE.BMP"
Note that you should make sure that OpenClipboard succeeded before proceeding!
I'm pretty sure you are writing a trojan / rat based on the sum total of your posts since you joined this forum, which is against The Rules of this forum, however I will overlook your intent until you clearly cross the line.
Just be aware that we will not tolerate malcode, or malcoders here.
There are more suitable forums for those kinds of topics.
Thanks Homer,
My intentions are not bad, actually am in the starting stage of reversing malicious codes. I thought that learning MASM would give me a fair idea when I do my reversing. So learning the ways of coding that I could make use when I reverse malicious codes :)
My intentions are not bad, actually am in the starting stage of reversing malicious codes. I thought that learning MASM would give me a fair idea when I do my reversing. So learning the ways of coding that I could make use when I reverse malicious codes :)
That returns a HBITMAP.
The following pseudocode is naiive, but should work.
;Get pointer to raw data, and its size
invoke GlobalLock, hClipboard
mov pData,eax
invoke GlobalSize,pData
mov dLen,eax
;Open a new/existing file for writing
invoke CreateFile,pstrName,GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
mov hFile,eax
;Write all the data
.while dLen>0
mov dWrote,0
invoke WriteFile,hFile,pData,dLen,addr dWrote,NULL
mov eax,dWrote
sub dLen,eax
add pData,eax
.endw
;Dont forget to unlock the data
invoke GlobalUnlock,hClipboard
Just provide a suitable pathname for the file eg "TESTFILE.BMP"
Note that you should make sure that OpenClipboard succeeded before proceeding!
I'm pretty sure you are writing a trojan / rat based on the sum total of your posts since you joined this forum, which is against The Rules of this forum, however I will overlook your intent until you clearly cross the line.
Just be aware that we will not tolerate malcode, or malcoders here.
There are more suitable forums for those kinds of topics.
Ok I tried this, but GlobalLock wouldn't write the first block of the memory. Rather it fails returning NULL. Pls can you tell me what's the problem is?
Thanks,
C K
If GlobalLock returns NULL, make a call to GetLastError for more information.
But I would be checking first whether the Clipboard functions are succeeding.
In fact, its good practice to ALWAYS check the return values of Windows API functions, unless you are VERY confident that you know what the result will be, or you don't actually care for the result.
Thanks Homer,
The last error was ERROR_INVALID_HANDLE, All the ClipBoard Functions returned true. GetClipBoardData returns the handle to the clipboard object.
It's with GlobalLock not returning the first memory block. Please can you help me out
Thanks,
C K
The last error was ERROR_INVALID_HANDLE, All the ClipBoard Functions returned true. GetClipBoardData returns the handle to the clipboard object.
It's with GlobalLock not returning the first memory block. Please can you help me out
Thanks,
C K
If you are getting invalid handle you may have to globalcreate a portion of memory and copy the bitmap image there. Just an idea. I find this thread particularly useful as I am interested in creating a web based VNC-like application.
Humm, I never tried this on the desktop window (NULL) before.
Try calling GetDesktopWindow and pass that handle instead of NULL (HWND_DESKTOP).
Maybe it will help?
Try calling GetDesktopWindow and pass that handle instead of NULL (HWND_DESKTOP).
Maybe it will help?
Humm, I never tried this on the desktop window (NULL) before.
Try calling GetDesktopWindow and pass that handle instead of NULL (HWND_DESKTOP).
Maybe it will help?
I've tried that, but that doesn't work too :(
When GetClipBoardData is used with CF_TEXT it works fine, but doesn't work well on CF_BITMAP. Please suggest.
Thanks,
C K
Try this:
invoke keybd_event, VK_SNAPSHOT, 0, 0, 0
invoke keybd_event, VK_SNAPSHOT, 0, KEYEVENTF_KEYUP, 0
Here we are not only simulating the KEYDOWN, but also simulating KEYUP.
Maybe it will help.
Its also worth knowing that I saw something about Active window in regards to input params for this call.
And if that does not help, you will need to use a different method to screencapture - this is not the only way.
invoke keybd_event, VK_SNAPSHOT, 0, 0, 0
invoke keybd_event, VK_SNAPSHOT, 0, KEYEVENTF_KEYUP, 0
Here we are not only simulating the KEYDOWN, but also simulating KEYUP.
Maybe it will help.
Its also worth knowing that I saw something about Active window in regards to input params for this call.
And if that does not help, you will need to use a different method to screencapture - this is not the only way.
Nope, doesn't work... GlobalLock still returns NULL.
I can tell one thing that this works
invoke keybd_event, VK_SNAPSHOT, 0, 0, 0
Coz when I exit the program and try pasting the contents of clipboard to mspaint it pastes the contents of the screen printed with the keybd_event function.... It's now only the matter of getting the source and size of the data in the ClipBoard.
I can tell one thing that this works
invoke keybd_event, VK_SNAPSHOT, 0, 0, 0
Coz when I exit the program and try pasting the contents of clipboard to mspaint it pastes the contents of the screen printed with the keybd_event function.... It's now only the matter of getting the source and size of the data in the ClipBoard.
IIRC then
invoke GetClipboardData, CF_BITMAP
mov hClipboard,eax
does not return the handle of the clipboard _but_ the handle of the bitmap and you don't even need to call GlobalLock at all.
Try saving it using Donkey's proc here: http://www.asmcommunity.net/board/index.php?topic=17752.msg137060#msg137060
Hope that works.
invoke GetClipboardData, CF_BITMAP
mov hClipboard,eax
does not return the handle of the clipboard _but_ the handle of the bitmap and you don't even need to call GlobalLock at all.
Try saving it using Donkey's proc here: http://www.asmcommunity.net/board/index.php?topic=17752.msg137060#msg137060
Hope that works.
Thanks JimmyClif
That works perfectly.... But I still have some problems here, everytime I ran the executable and it doesn't create the bitmap file correctly. Many times it fails to write the data into the file (it writes the header information). And strangely sometimes it correctly creates the screenshot in the specified bitmap image.
Attaching the code, I believe I'm missing out something...
I slipped through the EXE in OLLY and found it works perfectly always, not sure why there are issues when running it standalone.
That works perfectly.... But I still have some problems here, everytime I ran the executable and it doesn't create the bitmap file correctly. Many times it fails to write the data into the file (it writes the header information). And strangely sometimes it correctly creates the screenshot in the specified bitmap image.
Attaching the code, I believe I'm missing out something...
I slipped through the EXE in OLLY and found it works perfectly always, not sure why there are issues when running it standalone.
check your OpenClipBoard call returned TRUE, under some circumstances it can fail (if its open in another process for example)
if it returns FALSE you can't do anything
if it returns FALSE you can't do anything
yeah I did check that.... Am not sure how come it works perfectly when run through Olly and fails most of the time when run standalone.
I've stepped through Olly and OpenClipboard always returns true, even all other functions returns appropriate results... not sure what's happening when the exe is run normally.
Attaching the EXE for reference.
I've stepped through Olly and OpenClipboard always returns true, even all other functions returns appropriate results... not sure what's happening when the exe is run normally.
Attaching the EXE for reference.
You never closehandle(hFile) anywhere in the program. try doing that after the writefile call
oops, but that also didn't work.... If that the case it should've not work'd when I run the EXE in Olly right ;) Each time I run the EXE in Olly I get 100% result, still nothing happens most of the time when running the EXE normally :(
invoke CloseHandle, hFile
I found that if I run the app from windows Folder Explorer shell, it doesnt work, but if I run it from QEditor (ShellExecute) then it works.
I believe the cause is , as mentioned, that OpenClipboard will fail if another process (such as the Folder shell) is already using it... you'll need to repeatedly try it in a loop until it succeeds, with a small Sleep in there, or something.
I believe the cause is , as mentioned, that OpenClipboard will fail if another process (such as the Folder shell) is already using it... you'll need to repeatedly try it in a loop until it succeeds, with a small Sleep in there, or something.
If I get that right, OpenClipboard works perfectly, it's only GetClipboardData that's troubling me :mad:
Called the EXE from a separate code, that did the trick. Each time it works perfectly, still no answer as to why GetClipboardData is not fetching that data despite OpenClipboard and keybd_event returning appropriate results, any idea ?
Thanks All :)
invoke keybd_event, VK_SNAPSHOT, 0, 0, 0
invoke ShellExecute, NULL, ADDR lpOperation, ADDR lpFile, NULL, NULL, SW_HIDE
Thanks All :)