A screen capture application records the output of the computer screen. When the output of computer screen is continuously recorded it is called screencasting, and when the output of computer screen is stored as an image it is called screenshot/snapshot. Screencasting softwares have been used over years for the purpose of teaching and demonstration. But using screen capture applications all the user activity can be monitored and this a threat to privacy and security of user. For example, to avert stealing of passwords using keystroke loggers, many online banking sites make use of virtual keyboard. Virtual keyboard is an on-screen keyboard for entering password by clicking on the keys on the screen using a mouse. But using screencasting software, the screen can be recorded, and password can be seen, and this defeats the purpose of virtual keyboard. The screen capture application can be used to periodically take screenshots of the monitor of the attacked computer. These screenshots can then be remotely sent to the attacker.
Methods of Screen Capture
This mechanism is based on the principle that the desktop has a Window Handle (HWND) and a device context (DC). Using device context of the desktop to be captured, we can just blit those contents to application defined device context in the normal way. We can get the device context of the desktop if we know its window handle, which can be obtained using the function GetDesktopWindow().
Every DirectX application contains buffer to hold the contents of the video memory related to that application. This is called the Back Buffer of the application. And there is another buffer that every application can by default access – the Front buffer. The front buffer holds the video memory related to the desktop contents and so essentially is the screen image. By accessing the front buffer from our DirectX application it can capture the contents of the screen at that moment
- Windows Media Encoder API
Windows Media 9.0 supports screen captures using the Windows Media Encoder 9 API. It includes a codec named Windows Media Video 9 Screen codec that has been specially optimized to operate on the content produced through screen captures. The Windows Media Encoder API provides the interface IWMEncoder2 which can be used to capture the screen content efficiently.
Preventing the Screen Capture
The screen capturing methods belong to two prominent categories:
1. User mode capturing
2. Kernel mode capturing.
The method using the Kernel mode capturing, is through writing video miniport mirror drivers. A typical way of preventing screen capture for the user mode capturing applications is to hook the API and restrict the operations. This solution is prone to failures and difficult to extend or maintain, since every all possible API that can be used to capture the screen have to be considered and each of them should be hooked for denial.
The other more reliable approach to screen capture prevention is writing Video filter drivers. Typically you would have a kernel mode filter driver (that permits or denies the video blit operations) along with a user mode service which will take care of identifying the access security for the capturing processes and supplies those details to the kernel mode driver, which then will take care of either denying the blit request or processing it. It is just allowing or denying existing display operations. It would include writing a filter driver that sits on top of existing display driver and hack the calls to it.
More details can be found on the site
Rapport is web security software developed by Trusteer, a company that provides safe communication between business websites and customers. Rapport is a lightweight browser security plug-in. It protects a user’s browsing sessions while visiting specific websites such as e-commerce and banking websites. When visiting any protected site, Rapport blocks any attempt to take control of the session by malware, which includes keylogging and screen capture, session hijacking, and DNS redirection hijacks. Rapport prevents taking screen shots while you are connected to protected websites and uses API blocking to prevent this type of behaviour, alerting users if any such activities are attempted
SnoopFree Privacy Shield
SnoopFree Privacy Shield is a security guard that watches your computer for programs that try to invade privacy. If any program tries to access potentially sensitive information, SnoopFree Privacy Shield stops the offending program and asks the user how to handle. It is a “firewall” for keyboard, screen and open windows. Whenever a screen capture application tries to capture screen, SnoopFree generates the following message where the user can either allow or deny access to the application.
Saving Web Page as an image in Mozilla Firefox
HTML5 Canvas Element
getContext() Method for Canvas Element
The canvas is initially blank, and to display something a script first needs to access the rendering context and draw on it. The canvas element has a DOM method called getContext, used to obtain the rendering context and its drawing functions. getContext() takes one parameter, the type of context.
Rendering Web Content Into A Canvas using context.drawWindow() Method
Mozilla’s canvas is extended with the drawWindow() method. This method draws a snapshot of the contents of a DOM window into the canvas. Currently the drawWindow function can only be used by chrome privileged content. So extension authors and XUL application developers can use it, but normal Web pages cannot. This is the main function which is used for saving webpage as an image.
The context.toDataURL() method returns a data URL containing the image encoded in .PNG format by default. The toDataURL function is used to get a data: url that has the base-64 encoded image. This URL can then be used for converting the image into a file. Hence using the drawWindow() and toDataURL() methods, we can convert DOM contents into an image.
 Screenshot, http://en.wikipedia.org/wiki/Screenshot
 Trusteer Rapport
 SnoopFree Privacy Shield
 Canvas Tutorial
 Drawing Graphics with Canvas
 Banking Trojan Captures User’s Screen in Video Clip, Hispasec / VirusTotal, 05 September 2006, http://www.hispasec.com/laboratorio/banking_trojan_capture_video_clip.pdf
 New technique against virtual keyboards, Hispasec / VirusTotal, 26 September 2006, http://www.hispasec.com/laboratorio/New_technique_against_virtual_keyboards.pdf