图像捕获桌面和用户跟踪

• 下载 snapshot_and_track_user - 25.1 KB
• 下载 Debug (RAR) - 131.9 KB
• 下载 Debug (ZIP) - 134.7 KB

*注意：运行程序时，快照保存在程序路径“...\snapshot_and_track_user\bin\Debug\image”中，日志保存在“...\snapshot_and_track_user\bin\Debug\loge”中。

引言

该程序可能被用于黑客行为或其他用途。但我编写它的目的是为了跟踪使用我电脑的用户。它是一个桌面快照应用（不是运行时捕获事件），它将运行程序的标题和一张压缩图像作为输出发送电子邮件，并保存用户跟踪信息，包括时间和应用程序名称。

背景

当用户运行应用程序时，它会拍照并以压缩大小与用户程序一起保存。

Using the Code

启动应用程序并在 Windows 启动时运行

  private void Form1_Load(object sender, EventArgs e)
        {
            creat_folder_log("//log"); //check folder log
            creat_folder("//image");   //check folder image
            RegistryKey add = Registry.CurrentUser.OpenSubKey("SOFTWARE\\
            Microsoft\\Windows\\CurrentVersion\\Run", true); //add to Registry windows
            add.SetValue("vchimg", "\"" + 
                Application.ExecutablePath.ToString() + "\"");
          // this.Opacity = 0;   // if you want hide form
           path_log = path_program_log + "\\logtex.txt"; // static way to get path app
        }

获取活动窗口标题所需的头文件

WinEventDelegate dele = new WinEventDelegate(WinEventProc);
IntPtr m_hhook = SetWinEventHook(EVENT_SYSTEM_FOREGROUND, EVENT_SYSTEM_FOREGROUND,
IntPtr.Zero, dele, 0, 0, WINEVENT_OUTOFCONTEXT);

//  WinEventDelegate dele = null;

delegate void WinEventDelegate(IntPtr hWinEventHook, uint eventType, IntPtr hwnd,
int idObject, int idChild, uint dwEventThread, uint dwmsEventTime);

[DllImport("user32.dll")]
static extern IntPtr SetWinEventHook(uint eventMin, uint eventMax,
IntPtr hmodWinEventProc, WinEventDelegate lpfnWinEventProc, uint idProcess,
uint idThread, uint dwFlags);

private const uint WINEVENT_OUTOFCONTEXT = 0;
private const uint EVENT_SYSTEM_FOREGROUND = 3;

[DllImport("user32.dll")]
static extern IntPtr GetForegroundWindow();

[DllImport("user32.dll")]
static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);

[DllImport("user32.dll")]
private static extern IntPtr GetWindowRect(IntPtr hWnd, ref Rect rect);

[StructLayout(LayoutKind.Sequential)]
private struct Rect
{
    public int Left;
    public int Top;
    public int Right;
    public int Bottom;
}

使用 user32.dll 的 GetActiveWindowTitle 方法

public string GetActiveWindowTitle()
{
    const int nChars = 256;
    IntPtr handle = IntPtr.Zero;
    StringBuilder Buff = new StringBuilder(nChars);
    handle = GetForegroundWindow();

    if (GetWindowText(handle, Buff, nChars) > 0)
    {
        return Buff.ToString();
    }
    return null;
}

快照图像并压缩为 Jpg

void  captcure_imge()
    {
       // set size bitmap
        Rectangle bounds;
        var foregroundWindowsHandle = GetForegroundWindow();
        var rect = new Rect();
        GetWindowRect(foregroundWindowsHandle, ref rect);
        bounds = new Rectangle(rect.Left, rect.Top, rect.Right - rect.Left,
         rect.Bottom - rect.Top);
      // control error (not need tray and catch)
        if (bounds.Width != 0 || bounds.Height != 0)
        {

            var result = new Bitmap(bounds.Width, bounds.Height);
            //take screen form
            using (var g = Graphics.FromImage(result))
            {
                g.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty
                , bounds.Size);
                //g.CopyFromScreen(new Point(w, h), Point.Empty, bounds.Size);
            }
            
            // creat_folder("//image");
            
            string name_file = path_program + "\\image" + m.ToString() + 
            "_" + DateTime.Now.Hour.ToString() + "_" + DateTime.Now.Minute.ToString()+
            "_"+DateTime.Now.Second.ToString() + "_day" + DateTime.Now.Day.ToString() +
            ".jpg";
            
            //result.Save(name_file, ImageFormat.Jpeg);
            
            //-----compress jpg
            // Bitmap bmp1 = new Bitmap(name_file);
            Bitmap bmp1 = new Bitmap(result);
            ImageCodecInfo jgpEncoder = GetEncoder(ImageFormat.Jpeg);
            
            // Create an Encoder object based on the GUID 
            // for the Quality parameter category.
            System.Drawing.Imaging.Encoder myEncoder =System.Drawing.Imaging.Encoder.Quality;
            
            // Create an EncoderParameters object. 
            // An EncoderParameters object has an array of EncoderParameter 
            // objects. In this case, there is only one 
            // EncoderParameter object in the array.
            EncoderParameters myEncoderParameters = new EncoderParameters(1);
            EncoderParameter myEncoderParameter = new EncoderParameter(myEncoder, 10L);
            myEncoderParameters.Param[0] = myEncoderParameter;
            
            bmp1.Save(name_file, jgpEncoder, myEncoderParameters);
           
            //--------one file
            // clear memory 24kb mem
            result.Dispose();
            bmp1.Dispose();
        }
    }
    
private ImageCodecInfo GetEncoder(ImageFormat format)
    {        
        ImageCodecInfo[] codecs = ImageCodecInfo.GetImageDecoders();
        
        foreach (ImageCodecInfo codec in codecs)
        {
            if (codec.FormatID == format.Guid)
            {
                return codec;
            }
        }
        return null;
    }

创建图像和日志文件夹

void creat_folder(string name_folder)
{
    string n = System.IO.Path.GetDirectoryName(Application.ExecutablePath.ToString()).
    ToString() + name_folder;
    if (Directory.Exists(n) == false)
    {
        System.IO.Directory.CreateDirectory(n);
    }
    path_program = n;
}

主 Void Run 与 EventHook。我们需要在此函数中运行的所有 Void。

public void WinEventProc(IntPtr hWinEventHook, uint eventType, IntPtr hwnd,
int idObject, int idChild, uint dwEventThread, uint dwmsEventTime)
{
    // write log with time now
    StreamWriter log = new StreamWriter(path_log, true);
    log.WriteLine(GetActiveWindowTitle() + "=>Time:" + 
    DateTime.Now.ToLongTimeString());
    log.Close();
    // add ID for Image
    m++;
    // snapshot desktop
    captcure_imge();
}