把一些高手的语录总结一下:
控制所有截屏软件肯定是不可能的。但可以用相当小的代价来禁止尽可能多的截屏。
分析截屏软件的行为,可得出截屏基本有两种方式。
1. 通过剪贴板
2. 直接截取屏幕中的某一部分保存成图像文件
针对以上两种可做如下的防护:
1. 监控剪贴板变化 (SetClipboardViewer) ,发现剪贴板发生变化后,看剪贴板中是否有图片,如果有,清空它。
2. 直接保存成图像的软件,如QQ,在截图时总是先锁定屏幕,锁定屏幕其实是新建一个顶层窗口,窗口的背景图绘制成这个窗口显示之前的屏幕。防的话就获取顶层窗口,分析顶层窗口是否是全屏,窗口属主是否是特定的截图软件等。
对于通过剪贴板的截图软件则可以防的相当好,但保存成图像文件的软件,则只能根据市面上常见的软件做行为分析了。不可能做到完美。
首先,hook住最底层api。(无论你做显卡驱动也好、还是windows内核驱动也罢)
有的调用者根本不是想截屏,而是读取窗口背景,做窗口背景alpha混合。来实现窗口阴影、窗口透明的效果。windows就是靠这玩意儿开窗口特效的。你的软件根本无法知道读取屏幕内容是为了截屏还是为了系统功能。你这么搞,等于直接把windows系统功能给废了。
第二,就算你把我前面说的搞定了。我可以负责的告诉你,根本没有任何用处。不信你试试qq的截屏。绝对不是什么getdc(getwindowsdesktop())之类的玩意。因为有比getdc更简单更快速的方法。就是读取显存。而且只需要一行语句。这种技术800年前都已经烂遍大街了。(2003年时,有个哥们说截屏太慢,我告诉他读显存的方法,只需要一行语句,他实现后高兴得不了,说真是又快又方便)
如果你限制读取显存的话。则所有游戏、windows系统功能将极不稳定、兼容性大大降低。可以说windows根本没法用了。
所以说,别整天搞那些没用的。还说什么没有牛人、说什么不可能无解。自己水平菜不是你的错。狂妄自大、口出狂言、出来丢人就是你的不对了。
HOOK API的行为?如果我的窗体正好是通过你 hook 掉的 api 来画特效,那还让不让人活了?
我只知道winxp可以这样读显存,但不知道win7该如何做,谁知道告诉一声
-
C/C++ code
-
NTSTATUS GreDeviceIoControl(PDEVICE_OBJECT DeviceObject,ULONG IoControlCode, void * InputBuffer,ULONG InputBufferSize, void * OutputBuffer,ULONG OutputBufferSize,PULONG ReturnLength) { IO_STATUS_BLOCK Iosb;PIRP pIrp;NTSTATUS Status; pIrp = IoBuildDeviceIoControlRequest(IoControlCode,DeviceObject,InputBuffer,InputBufferSize,OutputBuffer,OutputBufferSize,FALSE,NULL, & Iosb); if (pIrp) { Status = IofCallDriver(DeviceObject,pIrp); * ReturnLength = Iosb.Information; } } NTSTATUS GetDeviceObjectByName(PUNICODE_STRING DeviceName,BOOLEAN CaseInsensitive,PDRIVER_OBJECT * DriverObject,PDEVICE_OBJECT * DeviceObject) { MakeUnicodeString(on, " \\Driver " );OBJECT_ATTRIBUTES oa;NTSTATUS status;HANDLE Dir;BOOLEAN Found = 0 ; InitializeObjectAttributes( & oa, & on,OBJ_CASE_INSENSITIVE, 0 , 0 ); status = ZwOpenDirectoryObject( & Dir,DIRECTORY_QUERY, & oa); if (status == 0 ) { PDIRECTORY_BASIC_INFORMATION dbi;ULONG Context,ReturnLength;PUNICODE_STRING name; dbi = ExAllocatePoolWithTag(PagedPool, 4096 , 0 ); name = ExAllocatePoolWithTag(PagedPool, 1024 , 0 ); if (dbi && name) { status = ZwQueryDirectoryObject(Dir,dbi, 4096 , 1 , 1 , & Context, & ReturnLength); while (status == STATUS_MORE_ENTRIES || status == STATUS_BUFFER_TOO_SMALL || status == 0 ) { PDRIVER_OBJECT driverobj; name -> MaximumLength = 768 ; name -> Buffer = (wchar_t * )(name + 1 ); memcpy(name -> Buffer,L " \\Driver\\ " , sizeof L " \\Driver\\ " - 2 ); memcpy(( char * )name -> Buffer + sizeof L " \\Driver\\ " - 2 ,dbi -> ObjectName.Buffer,dbi -> ObjectName.Length); name -> Length = dbi -> ObjectName.Length + sizeof L " \\Driver\\ " - 2 ; if ((status = ObReferenceObjectByName(name,OBJ_CASE_INSENSITIVE, 0 , 0 ,IoDriverObjectType,KernelMode, 0 ,( void ** ) & driverobj)) == 0 ) { PDEVICE_OBJECT deviceobj; deviceobj = driverobj -> DeviceObject; while (deviceobj) { if (deviceobj) if ((status = ObQueryNameString(deviceobj,name, 1024 , & ReturnLength)) == 0 ) { if (name -> Length) if (RtlCompareUnicodeString(DeviceName,name,CaseInsensitive) == 0 ) { Found = TRUE; if (DriverObject) * DriverObject = driverobj; if (DeviceObject) * DeviceObject = deviceobj; break ; } } deviceobj = deviceobj -> NextDevice; } ObfDereferenceObject(driverobj); } if (Found) break ; status = ZwQueryDirectoryObject(Dir,dbi, 4096 , 1 , 0 , & Context, & ReturnLength); } ExFreePoolWithTag(dbi, 0 ); ExFreePoolWithTag(name, 0 ); status = Found ? 0 :STATUS_OBJECT_NAME_NOT_FOUND; } ZwClose(Dir); } if ( ! Found) { if (DriverObject) * DriverObject = 0 ; if (DeviceObject) * DeviceObject = 0 ; } return status; } void NTAPI DriverUnload( struct _DRIVER_OBJECT * DriverObject) { IoDeleteDevice(DriverObject -> DeviceObject); } NTSTATUS NTAPI DispatchCreateClose(PDEVICE_OBJECT DeviceObject,PIRP Irp) { Irp -> IoStatus.Status = Irp -> IoStatus.Information = 0 ; IofCompleteRequest(Irp,IO_NO_INCREMENT); return 0 ; } NTSTATUS NTAPI DispatchDeviceControl(PDEVICE_OBJECT DeviceObject,PIRP Irp) { PIO_STACK_LOCATION IrpSp;NTSTATUS Status; IrpSp = IoGetCurrentIrpStackLocation(Irp); switch (IrpSp -> Parameters.DeviceIoControl.IoControlCode) { case IOCTL_COPYMEMORY: { PMEMORY_BLOCK mem = (PMEMORY_BLOCK)IrpSp -> Parameters.DeviceIoControl.Type3InputBuffer; char * dest = ( char * )mem -> dest, * src = ( char * )mem -> src;size_t len = mem -> len; int rev = mem -> rev; if (mem -> rev == 0 ) memcpy(dest,src,len); else { size_t i; for (i = 0 ;i < len;i += rev) { memcpy(dest + i,src + len - i - rev,rev); } } Irp -> IoStatus.Information = mem -> len; Status = 0 ; } break ; case IOCTL_GETDEVICE: { PDEVNAME devname = (PDEVNAME)IrpSp -> Parameters.DeviceIoControl.Type3InputBuffer; PDEVOBJS devobjs = (PDEVOBJS)Irp -> UserBuffer; Status = GetDeviceObjectByName( & devname -> DeviceName,devname -> CaseInsensitive,(PDRIVER_OBJECT * ) & devobjs -> DriverObject,(PDEVICE_OBJECT * ) & devobjs -> DeviceObject); Irp -> IoStatus.Information = Status == 0 ? sizeof (DEVOBJS): 0 ; } break ; case IOCTL_MAP_VIDEO_MEMORY: { PDEVICEADDR devaddr = (PDEVICEADDR)IrpSp -> Parameters.DeviceIoControl.Type3InputBuffer; PDEVICE_OBJECT device = (size_t)devaddr -> Device > 65535 ? devaddr -> Device:DeviceObjects[(size_t)devaddr -> Device]; Status = GreDeviceIoControl(device,IOCTL_VIDEO_MAP_VIDEO_MEMORY, & devaddr -> rqva, sizeof (VIDEO_MEMORY),(PVIDEO_MEMORY_INFORMATION)Irp -> UserBuffer, sizeof (VIDEO_MEMORY_INFORMATION), & Irp -> IoStatus.Information); } break ; case IOCTL_UNMAP_VIDEO_MEMORY: { PDEVICEADDR devaddr = (PDEVICEADDR)IrpSp -> Parameters.DeviceIoControl.Type3InputBuffer; PDEVICE_OBJECT device = (size_t)devaddr -> Device > 65535 ? devaddr -> Device:DeviceObjects[(size_t)devaddr -> Device]; Status = GreDeviceIoControl(device,IOCTL_VIDEO_UNMAP_VIDEO_MEMORY, & devaddr -> rqva, sizeof (VIDEO_MEMORY), 0 , 0 , & Irp -> IoStatus.Information); } break ; case IOCTL_DEVICE_IO_CONTROL: { PDEVIOCTRL params = (PDEVIOCTRL)IrpSp -> Parameters.DeviceIoControl.Type3InputBuffer; Status = GreDeviceIoControl((PDEVICE_OBJECT) params -> DeviceObject, params -> IoControlCode, params -> InputBuffer, params -> InputBufferSize, params -> OutputBuffer, params -> OutputBufferSize, & Irp -> IoStatus.Information); } break ; default :Irp -> IoStatus.Information = 0 ; } Irp -> IoStatus.Status = Status; IofCompleteRequest(Irp,IO_NO_INCREMENT); return Status; } NTSTATUS NTAPI DriverEntry( struct _DRIVER_OBJECT * DriverObject,PUNICODE_STRING RegistryPath) { NTSTATUS Status;MakeUnicodeString(DeviceName, " \\??\\viddev " ); MakeUnicodeString(n, " ObQueryNameString " ); ObQueryNameString = MmGetSystemRoutineAddress( & n); if ((Status = IoCreateDevice(DriverObject, 0 , & DeviceName,FILE_DEVICE_UNKNOWN, 0 , 0 , & ThisDeviceObject)) == 0 ) { DriverObject -> MajorFunction[IRP_MJ_CREATE] = DriverObject -> MajorFunction[IRP_MJ_CLOSE] = DispatchCreateClose; DriverObject -> MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchDeviceControl; DriverObject -> DriverUnload = DriverUnload; } return Status; }
网上有很多关于DirectX截屏的文章,但大都是屏幕截图,很少有窗口截图,本文则两者都涉及到,先讲如何截取整个屏幕,再讲如何截取某个窗口,其实二者的区别不大,只是某个参数的设置不同而已,最后我们还将扩展到任意区域的截图。
首先看一下截屏用到的函数,最核心的当然是D3DXSaveSurfaceToFile,先看下函数原型
- 1 HRESULT D3DXSaveSurfaceToFile(
- 2 LPCTSTR pDestFile,
- 3 D3DXIMAGE_FILEFORMAT DestFormat,
- 4 LPDIRECT3DSURFACE9 pSrcSurface,
- 5 CONST PALETTEENTRY * pSrcPalette,
- 6 CONST RECT * pSrcRect
- 7 );
第一个参数是指向设备的指针,不多说啦
第二个参数是截图文件的类型,支持的类型还不少,主要有下面这些
BMP,JPG,TGA,PNG,DDS,PPM,DIB,HDR,PFM
这里我们使用BMP-即位图格式
第三个参数是指向Surface的指针,也就是保存了截图数据的表面
第四个参数是Surface的调色板,这里不使用,设置为NULL
最后一个参数是Surface的矩形区域,也就是我们可以只截取Surface上某一矩形区域的数据,其实截取全屏和截取窗口的差别也就在这个参数的设置上
其他的函数在下面会逐一讲解
现在来定义我们的截屏函数,首先我们需要一个设备指针,因为在DX中,任何操作都与设备密切相关,所以设备指针几乎是每个DX函数都要用到的参数,我们这个函数也不例外,齐次需要一个窗口句柄,当我们截取窗口时,把窗口句柄传入,当我们截取整个屏幕时,直接传入NULL。最后我们需要一个字符串参数来指定截图对应的文件名,如下
1 BOOL ScreenShot(LPDIRECT3DDEVICE9 lpDevice, HWND hWnd, TCHAR* fileName)
详细步骤:
首先我们需要获取显示模式,注意这里获取的是显卡的显示模式,而不是设备的显示模式,因为设备的显示模式既有窗口模式,也有全屏模式,所以它的分辨率是不确定的,而显卡的显示模式返回的始终是最大分辨率,我们需要创建整个屏幕区域对应的Surface,当截取真个屏幕时,直接保存即可,当截取窗口时,我们将窗口所对应的区域保存即可
获取显卡显示模式的代码如下
- 1 HRESULT hr;
- 2
- 3 // Get adapter display mode
- 4 D3DDISPLAYMODE mode;
- 5 if (FAILED(hr = lpDevice->GetDisplayMode(0, &mode)))
- 6 return hr;
- 7
下面开始创建表面,这个表面是对应整个屏幕的
- 1 // Create the surface to hold the screen image data
- 2 LPDIRECT3DSURFACE9 surf;
- 3 if (FAILED(hr = lpDevice->CreateOffscreenPlainSurface(mode.Width,
- 4 mode.Height, D3DFMT_A8R8G8B8, D3DPOOL_SYSTEMMEM, &surf, NULL))) //注意第四个参数不能是D3DPOOL_DEFAULT
- 5 {
- 6 return hr;
- 7 }
- 8
接下来获取屏幕对应的数据,这个函数实际上是将显存中的数据拷贝到系统内存中
- 1 // Get the screen data
- 2 if (FAILED(hr = lpDevice->GetFrontBufferData(0, surf)))
- 3 {
- 4 surf->Release() ;
- 5 return hr ;
- 6 }
- 7
接下来我们判断是截取窗口还是截取屏幕,很简单,只需判断hWnd是否为NULL即可,如果是截取窗口则设置窗口对应的矩形区域即可
- 1 // area to capture
- 2 RECT *rect = NULL ;
- 3
- 4 WINDOWINFO windowInfo ;
- 5 windowInfo.cbSize = sizeof(WINDOWINFO) ;
- 6
- 7 if(hWnd) // capture window
- 8 {
- 9 GetWindowInfo(hWnd, &windowInfo) ;
- 10 rect = &windowInfo.rcWindow ;
- 11 }
- 12
最后一部,保存截图!
- 1 // Save the screen date to file
- 2 hr = D3DXSaveSurfaceToFile(fileName, D3DXIFF_BMP, surf, NULL, rect);
- 3
- 4 surf->Release() ;
- 5
- 6 return hr ;
- 7
大功告成!
完整代码
- 1 BOOL ScreenShot(LPDIRECT3DDEVICE9 lpDevice, HWND hWnd, TCHAR* fileName)
- 2 {
- 3 HRESULT hr;
- 4
- 5 // Get adapter display mode
- 6 D3DDISPLAYMODE mode;
- 7 if (FAILED(hr = lpDevice->GetDisplayMode(0, &mode)))
- 8 return hr;
- 9
- 10 // Create the surface to hold the screen image data
- 11 LPDIRECT3DSURFACE9 surf;
- 12 if (FAILED(hr = lpDevice->CreateOffscreenPlainSurface(mode.Width,
- 13 mode.Height, D3DFMT_A8R8G8B8, D3DPOOL_SYSTEMMEM, &surf, NULL))) //注意第四个参数不能是D3DPOOL_DEFAULT
- 14 {
- 15 return hr;
- 16 }
- 17
- 18 // Get the screen data
- 19 if (FAILED(hr = lpDevice->GetFrontBufferData(0, surf)))
- 20 {
- 21 surf->Release() ;
- 22 return hr ;
- 23 }
- 24
- 25 // area to capture
- 26 RECT *rect = NULL ;
- 27
- 28 WINDOWINFO windowInfo ;
- 29 windowInfo.cbSize = sizeof(WINDOWINFO) ;
- 30
- 31 if(hWnd) // capture window
- 32 {
- 33 GetWindowInfo(hWnd, &windowInfo) ;
- 34 rect = &windowInfo.rcWindow ;
- 35 }
- 36
- 37 // Save the screen date to file
- 38 hr = D3DXSaveSurfaceToFile(fileName, D3DXIFF_BMP, surf, NULL, rect);
- 39
- 40 surf->Release() ;
- 41
- 42 return hr ;
- 43 }
那么如何实现任意区域截屏呢,我想大家已经想到了,假设使用鼠标拖拽的方法截图,记下鼠标按下和抬起时的坐标,构造一个RECT,然后传递给 D3DXSaveSurfaceToFile函数就可以了,需要注意到是,由于鼠标拖拽到方向是任意的,所以在构造RECT的时候要注意right < left或者bottom < top 的情况,用下面的方法可以处理
- 1 int left = 0 ;
- 2 int right = 0 ;
- 3 int top = 0 ;
- 4 int bottom = 0 ;
- 5 RECT rect ;
- 6
- 7 case WM_LBUTTONDOWN:
- 8 left = ( short )LOWORD( lParam );
- 9 top = ( short )HIWORD( lParam );
- 10 break ;
- 11
- 12 case WM_LBUTTONUP:
- 13 right = ( short )LOWORD( lParam );
- 14 bottom = ( short )HIWORD( lParam );
- 15
- 16 rect.left = min(left, right) ;
- 17 rect.right = max(left, right) ;
- 18 rect.top = min(top, bottom) ;
- 19 rect.bottom = max(top, bottom) ;
- 20 // 调用截图函数
- 21