ScreenLogger - smile, you are filmed by a hidden camera

So, welcome. In this article, we will analyze the process of writing a program that allows real-time monitoring of all actions occurring on a remote computer, without the knowledge of the end user. The author of the article warns that he is not responsible for the unlawful use of the following technologies and does not recommend using it for illegal purposes. Go!

When writing any sufficiently large software product, you need to break the global task into several simpler ones. So in this case, I have identified several practically unrelated processes that, working together, allow us to achieve the desired result. In particular, to implement the task it is required to implement:

0) Adding service files at first launch in the system folders
Taking a screenshot from the screen 2) Sending a screenshot to a remote server

Accordingly, the .NET platform was selected for implementation, which has all the necessary functionality. The application is written in WindowsForms for the purpose of visualization and debugging, by and large it could be a console.

Description of the functions:

SetConfig - provides reading of configuration parameters from the attached settings file
Send - is responsible for sending a screenshot to Mail
MakeScreen - is responsible for taking a screenshot
Circle - is responsible for repeating taking and sending a screenshot in the background with a specified frequency
CasualStart - determines actions at the next program start
FirstStart - ensures the correct installation of the program

Now - a little more detail on each of the functions. Configuration:

Since the software must be flexible, it should be possible to change the internal parameters of the program from outside its code. At each start, this software tries to find the SaveScreen.ini file, update its settings, and only then begin to work in normal mode. In the case when it is impossible to update the parameters, the default values ​​are used.

(about which parameter is responsible for what - will be at the end of the article)

For technical reasons, instead of a space, I had to use the underscore, and instead of @ - #, but the program does the opposite replacement.

Program execution starts in the Form1_load block, and can develop in two modes - normal launch (if the computer has an installation directory) and installation (if there is no installation directory). Let's consider each of them.

First start:
At the first start, you need to create a directory in which the program files will be placed, transfer the executable file and the configuration file there, as well as add the necessary entries to the registry to add software to autorun.

Accordingly, this is carried out by the FirstStart () function.


After installation, the application closes - the next time you restart the computer, it will work as usual.

Regular launch:
A regular launch launches a background thread that takes screenshots and sends them, as well as clears the folder with screenshots taken during the last session. After which, it waits for a considerable period of time before the forced termination of the application. Before starting the background thread, a pause is possible, which should be set on relatively slow computers to speed up the loading of the system and the absence of conflicts at startup.
СasualStart ()


Everything is prosaic to disgrace - in the eternal cycle we take and send screenshots, after which we wait for the specified time. An order of magnitude more interesting is the process of taking and sending a screen.


Take a screenshot:
In C #, it is possible to save an image in a bitmap by using the copy function from the screen. Therefore, all that needs to be done is to create an object for storing a screenshot with a resolution equal to the current screen resolution, attach an object to it that can receive a bitmap from the screen and save it to a previously created directory.


Sending by mail:
In C #, it is possible to work with mail using predefined classes that allow you to fill in the message fields, specify the addressee and addressee, and, in fact, send by calling one method. Wrap this method in a try-catch block in case there is no network connection - even in this case, the program will not give an error message, but will dutifully wait until it has the opportunity to access the server. The mail server was chosen for reasons of simplicity, in principle - you can throw pictures anywhere.


General interaction:
The program launch, I repeat, is carried out in the Form1_Load method. The program tries to update the config, then determines whether it was launched for the first time, if so, it is added to the correct folder and to startup and shuts down, and if not, it starts a background process that stably throws the image from the screen onto the mail server at a given interval. Nothing complicated or unusual, just the interaction of several built-in classes.

And finally, an explanation of the autoconfiguration file - all variable names coincide with the names in the program, therefore, explaining the fields in the int file, I also describe the variables themselves.


wayToDir - name of the subfolder into which screenshots are
dropped finalDir = -name of the directory into which the program
nameOfApp = executable file name is transferred
subKeyAdress = path to the registry entry to be added to the autorun
reserved - reserved field
name - name of the registry
entry startPause - pause before recording screenshots
exitPause - pause before forced exit from the program
adressFrom - sender
address nameFrom - sender
signature nameTo - mail address of the recipient
mailSubject - The subject of the message
mailBody - The text of the letter
smtpAdress - The SMTP address of the sender mail server
smtpPort - The port for sending mail
mailPassword - The password for the sender mail
exp - The file extension
timeBetweenScreens –– The time between taking two screenshots.

In summary:

The process of writing an application for tracking actions on a remote computer has just been described. By connecting here receiving a file with a list of commands from the server and splitting it, we get a simplified self-written TeamViewer. But this is not in this article.

Source code

Also popular now: