• 0

[C#] Allowing Services to Interact with Desktop.


Question

I have a module that takes screenshots of the computer from a Windows Service. This works when the 'Allow service to interact with Desktop" checkbox is selected on both Windows 2000/XP. It doesn't however work on Windows Vista. I know this is apparently a known issue with Vista and level 0 isolation. Is their a way around this? I'm using the System.Drawing libraries to capture screenshots. Would this work with native code? Is their a better way to take screenshots without using a system service? (The service must not be able to be shut off.)

Thanks again for the help.

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0
I have a module that takes screenshots of the computer from a Windows Service. This works when the 'Allow service to interact with Desktop" checkbox is selected on both Windows 2000/XP. It doesn't however work on Windows Vista. I know this is apparently a known issue with Vista and level 0 isolation. Is their a way around this? I'm using the System.Drawing libraries to capture screenshots. Would this work with native code? Is their a better way to take screenshots without using a system service? (The service must not be able to be shut off.)

Thanks again for the help.

If anyone is interested, I finally found the 'correct' way to handle this issue. Level 0 isolation came about because of several injectable code exploits that allowed hackers to gain full system control. It is now impossible for system services to interact with desktop users. In solving this problem, I had to call native library methods, in particular 'CreateProcessAsUser' from 'advapi32.dll'. I have a C# service that runs in the background at level 0 as SYSTEM and spawns a helper application in userspace using the CreateProcessAsUser function. The service checks to make sure that the application is running, and when it is not, it respawns the process in userspace. The helper process then uses IPC to send the screenshots back to the system service so that the screenshot can be saved in a secure location that can't be edited by a limited user. It works pretty well, the only issues I have are with Fast User Switching obviously running into issues with the service knowing who is logged in, so I just disable that service.

Link to comment
Share on other sites

  • 0

This is very similar to something that I've been trying to do. Would you be willing to provide code to your soluiton, specifically using the runprocessasuser method?

Link to comment
Share on other sites

  • 0
If anyone is interested, I finally found the 'correct' way to handle this issue. Level 0 isolation came about because of several injectable code exploits that allowed hackers to gain full system control. It is now impossible for system services to interact with desktop users. In solving this problem, I had to call native library methods, in particular 'CreateProcessAsUser' from 'advapi32.dll'. I have a C# service that runs in the background at level 0 as SYSTEM and spawns a helper application in userspace using the CreateProcessAsUser function. The service checks to make sure that the application is running, and when it is not, it respawns the process in userspace. The helper process then uses IPC to send the screenshots back to the system service so that the screenshot can be saved in a secure location that can't be edited by a limited user. It works pretty well, the only issues I have are with Fast User Switching obviously running into issues with the service knowing who is logged in, so I just disable that service.

Hi I would be very interested in having a look at the way you're doing it.

Do u mind to post a sample of your code.

Cheers.

Link to comment
Share on other sites

  • 0
If anyone is interested, I finally found the 'correct' way to handle this issue. Level 0 isolation came about because of several injectable code exploits that allowed hackers to gain full system control. It is now impossible for system services to interact with desktop users. In solving this problem, I had to call native library methods, in particular 'CreateProcessAsUser' from 'advapi32.dll'. I have a C# service that runs in the background at level 0 as SYSTEM and spawns a helper application in userspace using the CreateProcessAsUser function. The service checks to make sure that the application is running, and when it is not, it respawns the process in userspace. The helper process then uses IPC to send the screenshots back to the system service so that the screenshot can be saved in a secure location that can't be edited by a limited user. It works pretty well, the only issues I have are with Fast User Switching obviously running into issues with the service knowing who is logged in, so I just disable that service.

can you explain by sample code

or can you give as some detailed about what you done ?

Link to comment
Share on other sites

This topic is now closed to further replies.