Anti-screen recording? (99%) It doesn’t exist!
Firstly, I discovered that this video encryption player has an anti-screenshot and anti-screen recording effect. When I pressed the screenshot key of my screenshot software, the window turned black. However, it did not ban my screenshot software (Snipaste), which gives us many opportunities.
Based on my previous experience with C# Winform, the reason the window turns black during screenshotting is that it uses the SetWindowDisplayAffinity function. Simply hooking this function will do.
I won’t go into the details of how SetWindowDisplayAffinity works and how to hook it. You can write a DLL and inject it into a remote thread. This player doesn’t have any anti-injection mechanisms.
After hooking, it becomes easy to take screenshots.
But if you want to record the screen, let’s analyze it. In the most primitive way, the player probably enumerates some screen recording software and bans it if detected. Since this software doesn’t have anti-injection, it likely won’t check for the use of screen recording-related API combinations, such as detecting how many times the screen is captured per second, or detecting the use of GetDC, CreateDC, CreateCompatibleDC, BitBlt, or StretchBlt, and then checking if there is a large file being written…
However, to be on the safe side, it’s better not to use mainstream screen recording software like QQ or FastStone Capture.
Then I thought of a good method: using a browser extension to record the entire screen.
I used Screenity, an Edge browser extension (I haven’t tried other browsers or extensions), and it successfully recorded the screen.
This is generally the approach for most anti-screen recording software. As long as it’s not something like Vt talk (which I really don’t know how to bypass), it’s basically this method.