- Forked from here
The code in the imgui display part is a bit ugly....
- Compatible with most Windows 10/11 systems
- Confirmed working on Windows 10 21H2 (LTSC 2021), 22H2, and Windows 11 23H2
- May not work on recent Windows 11 versions
- Mirillis Action (paid, watermarked demo available) is also capable of grabbing DWM screenshots, try that if this doesn't work
- DWM hooking is easier on Windows Vista and 7 so you can use a generic D3D recorder on those OSes. Some of them support DWM hooking by default (e.g. Fraps), and some others only require bypassing the built-in blacklist for dwm.exe. You can also make the hidden
DWM Notification Windowvisible with AHK, WindowDetective, or something like that, then select/activate that as a target game window to record (Bandicam and OBS work with this).
- Purposes
- Bypass various anti-screenshot techniques
- SetWindowDisplayAffinity
- Function hooks (BitBlt, PrintWindow, etc.)
- DRM (Widevine, PlayReady)
- Note that the whole screen will be scrambled/encrypted if HDCP (2.2?) is being used.
- Understand how multiplane overlay (MPO) and fullscreen optimization (FSO) works
- Figure out what are being rendered in MPO (they won't appear in this program's screenshot)
- Bypass various anti-screenshot techniques
- Translated the whole program into English.
- Automatically save the taken screenshot to a file.
- Automatically run as administrator.
- Automatically take a screenshot on launch.
- Automatically exit after taking a screenshot.
- Only download the symbol once - try deleting dxgi.pdb if it's not working after a Windows update.
- From console (original repo's method):
// Make sure u have installed Visual Studio 2019 or later version
// Open PowerShell and enter a folder prepared for the project, enter the following commands in turn, Enter the following commands in PowerShell
> git clone https://github.com/Ingan121/dwm-screen-shot.git
> cd dwm-screen-shot
> git submodule update --init --recursive
> cd ./build
> devenv dwm-screen-shot.sln /Project dwm-screen-shot
> (Change the build target as VS asks, go to the properties of the DirectXTK solution, and change the runtime library option in `C/C++ -> Code generation` to `/MT`.)
> devenv dwm-screen-shot.sln /build "Release|x64" /Project dwm-screen-shot
> cd ../bin/x64/Release
> .\dwm-screen-shot
Or just build it with the VS GUI. (Used 2022) Debug build is somehow broken currently.
20220322_232657.2.mp4
You may find that there is a payload.hpp in the source code, this is the shellcode generated by the main code of the screenshot
- Please see shellcode-factory
- in shellcode-factory/shellcode-payload/dwm-screen-shot-demo.cpp you will see how it is written
Direct3D(...Dx9 Dx10 Dx11 Dx12...) and DXGI
- Direct3D is a low-level drawing API (application programming interface) that allows us to draw 3D worlds through 3D hardware acceleration. Essentially, Direct3D provides a set of software interfaces through which we can control the graphics hardware. In the past, the graphics subsystems were all owned by D3D, and as a result, D3D8/D3D9 had a set of codes to manage the swap chain. In Vista+, there are more and more graphics APIs, D3D9/D3D10/D3D11/D3D12, a set of swap chain is too meaningless. Therefore, all APIs can be refactored to share a swap chain code, which is placed in DXGI. In addition, things like full-screening of windows are also owned by DXGI, and you can think that the part of the screen output is owned by DXGI.
DWM
- Desktop Window Manager (dwm.exe) is an integral part of the window manager. [Later DXGI added some low-level functions to deal with DWM, such as copying mixed screens, device rotation, cross-screen windows](https ://www.zhihu.com/question/36501678/answer/67786884)
VEH hook
- ...to be continued
Code injection under multi-threading
- ...to be continued