Saturday, 22 June 2013

PoC of Auto-Screenshot of Hijacked Notepad main Window

On the topic of Window-Hijacking, here is a PoC that:
  • creates a GUI with two Panels (left and right)
  • starts a new notepad process
  • hijacks its main window into the left panel
  • takes a screenshot of a captured Nodepad window every 100ms
  • checks if the screenshot is different from the last one, and if it is:
    • shows the screenshot of the hijacked notepad window into the right panel (inside a PictureBox)
Here is the code:

//var notepad = "notepad".o2Cache<Process>(()=>"notepad".startProcess().waitFor_MainWindowHandle());
var notepad = "notepad".startProcess().waitFor_MainWindowHandle();

//var topPanel = panel.add_Panel(true);  
var topPanel = "PoC - AutoScrenshot of Notepad".popupWindow().insert_LogViewer();
var pictureBox = topPanel.insert_Right("ScreenShots").add_PictureBox();
var wHandle = notepad.MainWindowHandle;

var screenShot = wHandle.window_ScreenShot();
var count = 0;
var newPics=0;
    var newScreenShot = wHandle.window_ScreenShot();
    if (screenShot.isNotEqualTo(newScreenShot))
        "[{0} : {1}] Different screenshots, updating screen".info(count, ++newPics);        
        screenShot = newScreenShot;;

//using System.Diagnostics


that when executed looks like this:


If we make a change on the left-hand-side TextBox, we will see the same text appear on the right-hand-side TextBox (the one on the left is the real one, and the one of the right is just a screenshot),


One interesting side effect is that the child windows (for example the menu items) are currently not being captured (since we are only taking a screenshot from the main window handle (not all its childs)


Now an interesting development would be to stream these images from a webserver (nodeJS maybe) so that they could be consumed from another process or operating system :)
Post a Comment