How do I make it more difficult for somebody to take a screenshot of my window?


Ultimately, you can't stop somebody from ignoring the words Confidential at the top of a document and whipping out a digital camera and taking a picture of the screen. But at least starting in Windows 7 you can make it a little more difficult.

Take our scratch program and add this one line:

    ...
    SetWindowDisplayAffinity(hwnd, WDA_MONITOR);
    ShowWindow(hwnd, nShowCmd);
    ...

Assuming you have the Desktop Window Manager enabled, you will find that attempting to capture our scratch program in a screenshot or via the Snipping Tool will result in black pixels.

Remember, this is just an obstacle, not a security measure. If somebody is determined to get the pixels, this step is only going to slow them down a little. (For example, on Windows 7, they can simply disable the Desktop Window Manager.) But it's handy for reducing the likelihood of an accidental breach of confidential information.

Pre-emptive hate: "DRM is evil!" My response to you: If you don't like DRM, then don't buy DRM-protected content. If you don't like IRM, then don't read IRM-protected documents. If you don't like Blu-Ray, then don't buy Blu-Ray DVDs.

Comments (39)
  1. Raphael says:

    DRM is not evil, it is merely a silly waste of resources.

  2. Joshua says:

    Run this code, get uninstalled for failing accessibility. ADA is not optional.

    [Try it. Accessibility still works. -Raymond]
  3. SimonRev says:

    @Joshua:  Does ADA demand the ability to take screen shots with DWM enabled?

  4. Joker_vD says:

    And if you don't like drugs, don't buy drugs! If you don't like poverty, don't become poor!.. The whole point of disliking something is that you try to make this "something" disappear from reality.

    Anyway, thanks for revealing the trick: now I will turn DWM off before trying to screenshot that one arrogant program.

    [I was afraid this was going to happen. That's why I added the pre-empting hate, but it didn't work. I may have to shut off comments on this article if people keep debating DRM here. -Raymond]
  5. Joshua says:

    @SimonRev: Advanced third-party magnifiers do. Starting in Windows 8, cannot just turn off DWM to break this code. Can't just use DWM magnify either. Might have to OCR and re-render text in a highly readable font.

  6. [ DRM is not evil, it is merely a silly waste of resources. ]

    Especially since it's optimizing for the wrong case. The "normal", non-tech-savvy user doesn't try to rip Blu-Rays on his/her machine, he just opens the favorite P2P application/Torrent search engine and finds the work already done by people who know how to work around the obstacles.

    Many anti-piracy initiatives seem to have this same problem; my favorite is the hideous "Piracy is a crime" mandatory, non-skippable ad (http://www.youtube.com/watch), which annoys just the people who actually bought the official DVD (I've never seen a DVD rip that includes annoying ads). The point is similar to the one made by Jeff Atwood here (http://www.codinghorror.com/…/the-problem-with-software-registration.html) about software registration – you are doing a disservice only to people who are actually willing to pay you.

    [The primary audience here is probably not DRM but rather IRM. There is no torrent for "The confidential email sent from the CEO." -Raymond]
  7. Miff says:

    I feel like I have to bear the burden of pointing out there's no such thing as a "Blu-Ray DVD"… DVD and Blu-Ray Disc are two completely separate technologies, and that makes about as much sense as saying "DVD CD".

  8. Rick C says:

    Great, now "accessibility" is another thing Raymond will have to point out his sample programs don't support, along with error handling.

  9. Joshua says:

    [Try it. Accessibility still works. -Raymond]

    I refer the honourable gentleman the answer I already gave to SimonRev. If my eyes decay any farther I'll be looking at taking such an option.

  10. Random832 says:

    > Might have to OCR and re-render text in a highly readable font.

    I thought programs were supposed to support system settings for large fonts (and high contrast) to be considered accessible.

  11. Timothy Fries says:

    MSDN doesn't document if the hWnd has to be owned by the current process/thread or not, though I'd imagine it to be so (I'm not in front of Windows 7 at the moment to test) otherwise someone could just enumerate over all top level windows and set their display affinity to WDA_NONE before taking a screenshot.

  12. John Muller says:

    Arn't there discs that are Bluray on one side, DVD on the other?

  13. Joshua says:

    @Random832: And one other thing. Respect all font rendering selections made by the ClearType tuner, including both grey-scale and off (bi-level rendering) (clear type + high mag = misaligned). Windows 8 doesn't.

  14. laonianren says:

    So I tried it.  As expected, when I take a screenshot my window's client area is now blacked out.

    Then I ran Windows Magnifier.  And my window's client area is blacked out in Magnifier.

    Windows Magnifier is advertised as an accessibility tool even if it doesn't rely on technologies a developer would think of as "accessibility".  And this feature stops it working.

  15. Anonymous Coward says:

    Raymond, do you honestly think that childish reactions will do anything constructive? Furthermore, so far the comments don't contain a ‘hate flamefest’, just reasonable critique.

    Maybe the reason that you the comments you get is that you read but don't adequately listen. If you internalise the comments and take them into proper account the next time you write an article, the reactions would be a lot more constructive and then the comments will move on also.

    But your ‘pre-emptive hate’ only shows that you didn't listen and hence things have to be said again. And if you go on like this, and do senseless things like removing comments, you'll get the exact same thing any time you write a tangentially related article.

    And rightly so, because the commenters aren't the problem. You are out of step with reality and that's the problem. Fix yourself and the problem will disappear.

    [I should've just said, "Let's not discuss whether DRM is a good idea or not, because (1) we've been through it already, and (2) it's not not something that can be resolved here. It's not like I have the power to change it. Complaining to me accomplishes nothing." This was a test to see if it was possible to mention an IRM-related feature without people complaining that the feature exists at all. The answer is apparently "No". Result: Back onto the topic embargo list it goes. -Raymond]
  16. Joker_vD says:

    Holy fatcats. I didn't make a comment about DRM, now did I? What I said was two things:

    a) The argument from "Pre-emptive hate" is just a re-phrasing of "If you don't like something, turn away from it", which is quite a silly argument; and

    b) I have one pesky program which refuses to export data from it, so now I have one more way to try and make it cooperate (though it didn't work, sadly).

  17. John says:

    @Anonymous Coward:  He just wants to focus on his salad.

  18. Gabe says:

    So this API can ensure that a window is only displayed on a monitor. That makes me wonder, what are the alternatives? Is an RDP session considered a monitor?

  19. Steve says:

    I could see this being super useful when doing a screencast.

    But if this is intended as a DRM thing I doubt a process can toggle this setting on arbitrary windows.

    The only example of a limitation I read on MSDN though is that it has to be called on a top level window.. The Get version says it works with windows of any process.. Does that mean the Set version doesn't?

    I would try it but I don't have a copy of Windows atm..

  20. Joshua says:

    @Gabe: Really good question. Read the docs. Oh wait, the MSDN docs don't say.

  21. Suppose it only works from within the same process. That just means an attacker would have to inject a thread into that process. Since the attacker is probably an administrator of that machine, that's hard to prevent.

    [The purpose of this feature is not to defend against an attacker who can run code on the system. It's to defend against users who take a screen shot without realizing that the confidential budget data is visible in the background. See the linked article. -Raymond]
  22. Joshua says:

    We shouldn't have to wait until the end of the day and another embargo list before sanity. Maybe Raymond should delete most comments matching DRM from this article.

  23. Matteo Italia says:

    [The primary audience here is probably not DRM but rather IRM. There is no torrent for "The confidential email sent from the CEO." -Raymond]

    Of course, sorry, I was digressing.

    Actually, this function could have a widespread usage for the p̶o̶r̶n̶ privacy mode of the browsers, especially if it was applicable to their taskbar button – for one thing, it would avoid problems like this thedailywtf.com/…/Whoops!.aspx :)

  24. Anonymous Coward says:

    Raymond, if you actually read Joker's comment, you'll note it's in response to your ‘pre-emptive hate’. So your comment is like complaining that nuking Moscow to prevent Russia from nuking us didn't have the intended effect.

    Anyway, I'm more aligned with Raphael's view, but supposing for a moment that DRM could actually work, the companies that want DRM pretty much have a monopoly so your ‘then don't buy DRM'ed goods’ quip doesn't make any sense.

    As it stands however, DRM doesn't work and that's the only reason that there are good alternatives do DRM'ed content. But that does mean that saying ‘If you don't like DRM, then don't buy DRM-protected content.’ is essentially the same as saying ‘If you don't like DRM, then go to the Pirate Bay.’ and I doubt that was your intention.

    In any case, given the subject of your article, DRM related comments are entire on-topic and censoring them would be *extremely* childish. If someone tells you something you don't want to know, but that is true, do you plug your ears and sing ‘La la I can't hear you’ on the top of your voice? I posit no sensible adult would act in such a manner.

    [I wrote the pre-emptive hate so people would stop rehashing the hate flamefest that happens every time I mention DRM, even in passing. It didn't work. I'm going to be childish. -Raymond]
  25. Drak says:

    Interesting article, Raymond. I'll have to keep this in mind if we even make a non-browser based interface for the system I work on.

  26. ender says:

    To everybody that says DRM doesn't work – that's wrong. DRM works just fine, it just doesn't do what most people think it does (prevent unauthorized copying). It's purpose is to prevent manufacturers from adding unapproved functionality to their devices and programs (anything that isn't explicitly allowed is forbidden, since you can't get the keys without signing a contract that tells you exactly what you can do).

  27. Danny Moules says:

    From the SetWindowDisplayAffinity MSDN page:

    "It is important to note that unlike a security feature or an implementation of Digital Rights Management (DRM), there is no guarantee that using SetWindowDisplayAffinity and GetWindowDisplayAffinity, and other necessary functions such as DwmIsCompositionEnabled, will strictly protect windowed content, for example where someone takes a photograph of the screen."

    I'd be impressed to see any "security feature or an implementation of Digital Rights Management (DRM)" that can leap out of the screen and disable my camera. Think they need a better example.

    (NB. I didn't see the DRM conversation before drafting this. Hey-ho. Blame MSDN!)

  28. Anon says:

    There are a lot of workplaces where phones/cameras are banned. So you're premise is not unreasonable.

  29. kog999 says:

    people do stupid things and they dont think about or care about data security. imagine that sales guy who decides to send an email to his personal account with that not yet published internal quartaly report so that he doesn't need to take the extra 2 seconds to log into the VPN. You all know that guy i'm talking about. with IRM he'll get an error message and probably proceed to not read it and ask the helpdesk what the heck is wrong with there computers? The helpdesk can then respond that he shouldn't be emailing the report. mabye his manager gets involved and hopefully tells him the same thing. crisis adverted. thats the use case from IRM not protected it from someone who really wants to get at it. although people especially management will often think its to proect against "hackers".

  30. 640k says:

    @Raymond: "It's to defend against users who take a screen shot without realizing that the confidential budget data is visible in the background. See the linked article."

    No, that's not true. This is only the first step of many DRM features which will be harder and harder to circumvent for each Windows version.

  31. 640k says:

    @Miff: "there's no such thing as a Blu-Ray DVD"…

    He probably meant HD DVD, xbox2's epic fail no one remembers.

  32. Ray says:

    What about in a VM? If I run the app in a VM and then switch back to the host, can I screenshot that?

  33. Nick says:

    @Ray: Missing the point bro. The feature is designed to stop unwanted information being leaked by users taking screenshots of programs but not realizing a confidential program is lingering in the background.

  34. Ian Boyd says:

    This function would be useful (as part of required defense in depth) for an application like SnapChat (along with functions like SecureZeroMemory).

  35. Dark Mark says:

    Would this also apply to Onenote's ability to take a screenshot? It seems to work a little differently then the normal 'Print Screen'.

  36. :-( says:

    Running this app on Windows 7, and attempting to call SetWindowDisplayAffinity on a top-level hwnd of another process results in error code 5. Even if run from a requireadministrator application belonging to the same user running the other app.

  37. Rick C says:

    "He probably meant HD DVD, xbox2's epic fail no one remembers."

    What are you talking about?  HD-DVD was <i>winning<i/> the format war until Sony spent about $3B bribing the major studios to switch to Blu-Ray.

  38. Dave says:

    >It's to defend against users who take a screen shot without realizing that the

    >confidential budget data is visible in the background. See the linked article.

    What would be more useful in this case is a SelectiveSetWindowDisplayAffinity() that allowed you to, for example, take a snapshot of your browser screen without also capturing all your *** sites open in the tab bar at the top.

  39. Danny Moules says:

    > There are a lot of workplaces where phones/cameras are banned. So you're premise is not unreasonable.

    If you completely ignore the idea of context, that's fair comment. Can we not do that?

Comments are closed.

Skip to main content