I am working with screen sharing project.But i was got into trouble to capture secure desktop. I have already ask related question here and got Answer too
Pls go through above link
as suggested by dymanoid. I am using PsExec exe to capture secured desktop/winlogon desktop as below
The /x and /s switches run the process under the SYSTEM account and on the Winlogon desktop.
PsExec /i /h /x /d /s "path_\screencapture.exe"
Now screencapture exe is running as SYSTEM account on winlogon desktop, i able to see screencapture exe on user login screen but not on user desktop screen.
Now the things reverse i able to capture user login screen but not user desktop.
User desktop gives me Empty/black screen.
If i remove /x from command as below then i able to get userdesktop not secured desktop
PsExec /i /h /d /s "path_\screencapture.exe"
My question is if there any way to do this
I am unable to test my theory since I'm at work. + I do not have the rights to comment yet... So please bear with me, if this does not work.
Running as system could be related that it does not have a "desktop" directory. So please create a these directories:
32-bit: %windir%\System32\config\systemprofile\desktop
64-bit: %windir%\SYSWOW64\config\systemprofile\desktop
Try again with the SYSTEM account:
PsExec -i -h -x -d -s "path_\screencapture.exe"
Sometimes the working directory is "read only" so by specifying that you could get it to work
PsExec -i -h -x -d -s -w c:\temp "path_\screencapture.exe"
If that does not work, try to attach it to a session, query the user-sessions available to see if a secure desktop are running its own sessioname, i command-prompt enter this:
query sessions
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
>console xxxx 2 Active
rdp-tcp 65536 Listen
My only session available here is services = 0 and mylogin = 2.
I would suggest to try
PsExec -i 0 -h -x -d -s -w c:\temp "path_\screencapture.exe"
or
PsExec -i 2 -h -x -d -s -w c:\temp "path_\screencapture.exe"
And see if there are any difference in the captures.
I have never worked with the secure desktop before, so it could be an extra layer. In a user situation the -i has always worked fine for me.
Good luck :)
Edit:
I have tested this out with luck, this is what I did:
Downloaded a capture tool with gui, I tried 7capture.com
Then I started 7capture.exe like this:
PsExec -i -s -x c:\7capture.exe
Now I showed the secure desktop with "run as admin" on something. When the popup comes, I pushed ALT+TAB and there was 7capture :)
Press the "Refresh" button to see a list of items. The "desktop" is called something like "$$$Secure UAP Background window" on my computer.
Voila, capture taken and visible
Now for the code on Screenshot secure desktop
I would change the desktop HWND call:
Win32Stuff.GetDesktopWindow();
To a Enum function and take a picture of every HWND you find in the secure desktop.
Untested, but I belive you can use this:
[DllImport("user32.dll")]
private static extern bool EnumWindows(EnumWindowsProc enumProc, IntPtr lParam);
// Delegate to filter which windows to include
public delegate bool EnumWindowsProc(IntPtr hWnd, IntPtr lParam);
Give that a try and see if you can make it work for all scenarios.
Edit2:
Since these are 2 different user scopes, you need to run two copies of Screencapture.exe. One for secure desktop and one for the interactive session:
UAC:
PsExec -i -h -x -d -s "path_\screencapture.exe"
Without UAC:
PsExec -i -h -d "path_\screencapture.exe"