Hi. I've seen a Java Applet that clears it's window whenever IE lost the focus. It used to be at www.lyrics.ch =) Have you considered hooking to something? Bye.
Posted on 2001-06-15 22:27:00 by GogetaSSJ4
Would you consider "cracker" methods? Or using a bootable floppy (or a boot manager on the hard disk) to get code into memory where Windows will not see it? But then why am I suggesting this? The CIA is paying you, not me:).
Posted on 2001-06-16 01:51:00 by Larry Hammick
If you only want to protect your program against known programs you could check if they're running or not...
Posted on 2001-06-16 08:46:00 by BJZ
Perhaps you could intercept calls to GetDC (vxd or whatever it takes) compare its hwnd to the one of your app and the screen and just pass it on if it differs or always pass it on and only remember the calling app and prevent the following BitBlt or mess up its sourceDC :D.
Posted on 2001-06-16 12:01:00 by goofee
yea maybe you can hook this api-call. i've done that with kernel exports for a while and it worked.
Posted on 2001-06-16 12:40:00 by _drcmda
isn't this a bit of a futile search? I mean nothing can stop a user from writing whatever it is down or taking photos or recording the stream send to your monitor or anything.... seems to me that your customer is a bit too paranoid
Posted on 2001-06-16 13:36:00 by Hiroshimator
sure you can't prevent ppl from writing down or taking photos but let's imagine i'm the writer of ~for example~ a new game and i throw out the latest demo or give reporters of a game magazine the possibility to try out a few things. thats fine but because of some reasons i don't want pics of my game published in magazines until i'm done. so i write a routine that prevents the user to get the DC of my games client area... yes they can take photos but i don't think that a serious game-mag publishes pics with such a bad quality.
Posted on 2001-06-16 14:35:00 by _drcmda
Hmm..... but you can get high quality screenshots, if you use VMware to skip the protection :-)
Posted on 2001-06-16 14:50:00 by bAZiK.
Hi Sure i can write a new OS (i allready have some code) and play my info with it...but this is not the case... the app that shows "sensitive data" info is allready done in GDI .... Yeah hooking GDI can be an option but then again a lots of proggy use GetDC in many ways (like skinners of windows or user drawn controls) so i will be preventing a lot of "legal" applications from running or even worst make a system crash :( ... but this is definitively one way of doing it... About CIA paying me eh i dont know about that "no comments" As far as i know it can be an online library that wants the user to see the books on a monthly fee but not be able to copy all pages of them even if they can browse ... unless they are paying...so photos are ok because they cost a lots of money anyway (much more then the original book) or image sites u are not gaoing to make 100+ of photos or so then scan them and repost...will you?...i mean it is TOO MUCH WORK... and the quality of photos of the PC screen is low anyway Average user may be online or right at the computer keyboard, i guess he/she will have acces to internet or Cd-ROM/floppy but will not have enough time or knowledge to install VC++ or MASM32 or VB and test/recompile applications localy. Such actions If they take enough time CAN and evantually WILL be OBSERVED and terminated ;) On the bad side...Downloads of the HyperSnapDX screen capture software trial version or PCAnywhere or VNU remote controll will be availabe ... And its not futile because its a job... ;) and i guess the customer has all the rights to be paranoid...i expect its current/expected loss because of screen capture is bigger then the money he pays/or will pay me ;) I expect you guys will be able to crack it down after a while...but the average user WILL NOT...and besides i have an ideea that can put a PRO (like u guys) quit a lot of problems... only it involves DirectX and stopping the message loop (check our game and try HypersnapDX on it for tips ;)) Strange how our game code can be helpfull for such kinda problem ;) arghh i need an GDI solution also... I belive the hunt for known apps andd kill will work for a while...IF only i can UNIQUE identify each suspect Application that is running.... after al "average user" will be able to rename it ? This message was edited by BogdanOntanu, on 6/16/2001 7:24:19 PM
Posted on 2001-06-16 19:15:00 by BogdanOntanu
Alchemedia has a product called clever content which can display images on the web that are protected against copying/printing/screenshots. Maybe it's useful, maybe not. Maybe you can disassemble a demo or something. It's just something I remembered from a site with satalite pictures, that used this. But it can be beaten with VMWare (VMWare can run a virtual machine (i.e. a complete system with OS and all)). Thomas
Posted on 2001-06-16 19:32:00 by Thomas

 Bogdan, you don't check for the exe's name. you check for the
 name that appears (hmmm. Endtask?)

 for example: myapp.exe when run it, the processor name will be
 different. renaming myapp.exe to yourapp.exe doesn't change
 anything.

 you will lose if you check for the exe name. ;)

Posted on 2001-06-16 20:02:00 by disease_2000
I am sorry to say this but i belive that Win9x thinks that the process name IS the EXE name :( so bad i have tested this with a process viewer, changed the name of the exe..."et voila" the process name changed acordingly ... arghhhhh. PS is not my naked picture, it's JUST a JOB that gives me some money to eat ;) About naked pictures of me or girlfriends...i wish i had some (i will post it for fee, i belive sex can free ppl up ;) but i cant convinge any girl to pose for/with me...also i dont have a web cam ...)
Posted on 2001-06-16 21:54:00 by BogdanOntanu
Bogdan: I am sorry to say this but i belive that Win9x thinks that the process name IS the EXE name
D2k: Bogdan, I don't know about your computer, but mine goes by app title. (caption).
Hmm, I assume you both of you are talking about different things. If I didn't get it wrong, Bogdan means ProcessListers like ASMTask by Papaow. Those show the running tasks with their exe name so there you are right Bogdan. Renaming the exe will change the task name. However Desease 2000 is talking about the list you get when pressing CTRL + ALT + DEL. There you always see the Title/Caption of the program and not the exe name. I assume these are the entries you can check with FindWindow. Maybe this helps to combine the two different statements without a "quarrel". :D Stefan
Posted on 2001-06-17 05:48:00 by Stefan Krause
I assume these are the entries you can check with FindWindow.
Why not use CreateMutex?
Posted on 2001-06-17 06:06:00 by bAZiK.

 Stefan, we might talk like cat and dog, but we never quarrel.


 I'm using win98. Bogdan, you're using NT? ehehehehe.

 NT = No Toy
Posted on 2001-06-17 11:55:00 by disease_2000
Hehe... we sure have no quarrel ;) and thx Stefan for pointing out our diffrent understandings. And i dont think is a joke, after all IF one can surely identify the offending process and shoutdown the image display if such processes are running...this is a valid method i just start to wonder how can one identify VMWare running under my skin? I use win98SE nowdays but the protection scheme should work on 95,NT 4.0,Win2K also :( Thx Thomas, that Alchemedia does a great job...i couldnt trick it (only with windows toys .... i am not using VMWare) nothing i have tried for about 1 hour didnt worked...arghhh about CreateMutex how can it help? please excuse my ignorance..
Posted on 2001-06-17 15:50:00 by BogdanOntanu
Using VMware is one of the best ways to skip a protection, but there are a lot of way's, to detect, if a OS is running under VMware (checking for the VMware dll's or sys files for example). About CreateMutex: Ignore it. I understood something wrong :) regards, bAZiK
Posted on 2001-06-17 16:15:00 by bAZiK.
it might be wise to wonder about the fact that if you're running your application on a user's pc, that you then don't have the right to shut down other applications without his/her consent. It's not your system, it's his/hers. It's also a good way to draw attention. This message was edited by Hiroshimator, on 6/17/2001 4:28:04 PM
Posted on 2001-06-17 16:27:00 by Hiroshimator
Good point, Hiroshimator. But I think it is permissible for one's own program to "malfunction" in the presence of suspicious activity by other programs. I mentioned boot-loaded code. You don't need a whole OS or a TSR like VMware. A floppy, or an extended bootstrap on track 0 of the hard disk, can put a piece of code in memory, and then just load sector 1 of the bootable partition, and jump to that. In effect you get an extension of your BIOS. (Edit) Of course this boot-loading stuff would be no good to sell to any group of "users"; it is only for people who want to protect their own systems. This message was edited by Larry Hammick, on 6/17/2001 10:33:26 PM
Posted on 2001-06-17 22:19:00 by Larry Hammick
in the presence of suspicious activity by other programs.
This is very tangible. Basically any info that may not be copied by other people shouldn't be on a screen/computer in the first place. If it's binary then it can easily be copied. Now I know the rules of the board ;) But I'll go astray for once in my thoughts: in reality there is no such thing as 'suspicious behaviour', there's only that which the user wants to do. There is no cheating in computer games, only altering of data, bits,... e.g. Booting Softice does not make one a criminal and should not cause any of his/her programs to stop. I know some who do ;) Applications don't behave, they just are. It's the user that can use or 'mis-use' them, but you can't just go shutting down everything. I always find it to be arrogant and presumptuous to think you may control the machine over the user... a thing that usually plagues webdesigners in their search for 'style and design' :rolleyes: I think a non-intrusive program specific security would work nicest here. I'd probably look in the direction of Ernies idea, it's pretty cool.
Posted on 2001-06-17 23:13:00 by Hiroshimator