C# Windows登录界面进行截图,控制鼠标键盘等操作实现(二)

上一篇:C# Windows登录界面进行截图,控制鼠标键盘等操作实现(一) - log9527 - 博客园 (cnblogs.com) 我们了解了要实现在Windows登录界面进行截图等操作必须满足的条件,这一篇我们主要通过代码实现这些条件。

首先先建一个项目A

下面一些windows自带非托管dll的调用类。

/// 
    /// WtsApi32.dll导入帮助类
    /// 
    public static class WtsApi32
    {
        [StructLayout(LayoutKind.Sequential)]
        public struct WtsSessionInfo
        {
            public int SessionID;
            [MarshalAs(UnmanagedType.LPStr)]
            public string pWinStationName;
            public WtsConnectStateClass State;
        }

        public enum WtsConnectStateClass
        {
            WtsActive,
            WtsConnected,
            WtsConnectQuery,
            WtsShadow,
            WtsDisconnected,
            WtsIdle,
            WtsListen,
            WtsReset,
            WtsDown,
            WtsInit
        }

        public static IntPtr WtsCurrentServerHandle = IntPtr.Zero;

        [DllImport("wtsapi32.dll", SetLastError = true)]
        public static extern int WTSEnumerateSessions(
            IntPtr hServer,
            int reserved,
            int version,
            ref IntPtr ppSessionInfo,
            ref int pCount);
    }
/// 
    /// user32.dll导入帮助类
    /// 
    public static class User32
    {
        #region Constants

        public const int DesktopCapabilityIndex = 118;
        
        #endregion

        #region Enums

        [Flags]
        public enum AccessMask : uint
        {
            Delete = 0x00010000,
            ReadControl = 0x00020000,
            WriteDac = 0x00040000,
            WriteOwner = 0x00080000,
            Synchronize = 0x00100000,

            StandardRightsRequired = 0x000F0000,

            StandardRightsRead = 0x00020000,
            StandardRightsWrite = 0x00020000,
            StandardRightsExecute = 0x00020000,

            StandardRightsAll = 0x001F0000,

            SpecificRightsAll = 0x0000FFFF,

            AccessSystemSecurity = 0x01000000,

            MaximumAllowed = 0x02000000,

            GenericRead = 0x80000000,
            GenericWrite = 0x40000000,
            GenericExecute = 0x20000000,
            GenericAll = 0x10000000,

            DesktopReadObjects = 0x00000001,
            DesktopCreateWindow = 0x00000002,
            DesktopCreateMenu = 0x00000004,
            DesktopHookcontrol = 0x00000008,
            DesktopJournalrecord = 0x00000010,
            DesktopJournalplayback = 0x00000020,
            DesktopEnumerate = 0x00000040,
            DesktopWriteobjects = 0x00000080,
            DesktopSwitchdesktop = 0x00000100,

            WinstaEnumdesktops = 0x00000001,
            WinstaReadattributes = 0x00000002,
            WinstaAccessclipboard = 0x00000004,
            WinstaCreatedesktop = 0x00000008,
            WinstaWriteattributes = 0x00000010,
            WinstaAccessglobalatoms = 0x00000020,
            WinstaExitwindows = 0x00000040,
            WinstaEnumerate = 0x00000100,
            WinstaReadscreen = 0x00000200,

            WinstaAllAccess = 0x0000037F
        }

        #endregion

        #region DLL Imports

        [DllImport("gdi32.dll")]
        public static extern int GetDeviceCaps(
            IntPtr hdc, // handle to DC
            int nIndex // index of capability
        );

        [DllImport("user32.dll")]
        public static extern IntPtr GetDesktopWindow();

        [DllImport("user32.dll", SetLastError = true)]
        public static extern bool SwitchDesktop(IntPtr hDesktop);

        [DllImport("user32.dll", SetLastError = true)]
        public static extern IntPtr OpenInputDesktop(uint dwFlags, bool fInherit, AccessMask dwDesiredAccess);

        [return: MarshalAs(UnmanagedType.Bool)]
        [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
        [DllImport("user32", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern bool CloseWindowStation(IntPtr hWinsta);

        [DllImport("User32.dll")]
        public static extern int ReleaseDC(IntPtr hWnd, IntPtr hDC);

        [DllImport("user32.dll", SetLastError = true)]
        public static extern bool SetThreadDesktop(IntPtr hDesktop);

        [DllImport("user32.dll", SetLastError = true)]
        public static extern bool CloseDesktop(IntPtr hDesktop);

        [DllImport("user32.dll")]
        public static extern IntPtr GetDC(IntPtr hWnd);

        #endregion
    }
/// 
    /// 非托管dll引入帮助类
    /// 
    public static class Kernel32
    {
        #region DLL Imports

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool CloseHandle(IntPtr hSnapshot);

        [DllImport("kernel32.dll")]
        public static extern uint WTSGetActiveConsoleSessionId();

        [DllImport("kernel32.dll")]
        public static extern bool ProcessIdToSessionId(uint dwProcessId, ref uint pSessionId);

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, uint dwProcessId);

        #endregion
    }
/// 
    /// 非托管dll引入帮助类
    /// 
    public static class AdvApi32
    {
        #region Structs

        [StructLayout(LayoutKind.Sequential)]
        public struct SECURITY_ATTRIBUTES
        {
            public int Length;
            public IntPtr lpSecurityDescriptor;
            public bool bInheritHandle;
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct PROCESS_INFORMATION
        {
            public IntPtr hProcess;
            public IntPtr hThread;
            public int dwProcessId;
            public int dwThreadId;
        }

        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
        public struct STARTUP_INFO
        {
            public Int32 cb;
            public string lpReserved;
            public string lpDesktop;
            public string lpTitle;
            public Int32 dwX;
            public Int32 dwY;
            public Int32 dwXSize;
            public Int32 dwYSize;
            public Int32 dwXCountChars;
            public Int32 dwYCountChars;
            public Int32 dwFillAttribute;
            public Int32 dwFlags;
            public Int16 wShowWindow;
            public Int16 cbReserved2;
            public IntPtr lpReserved2;
            public IntPtr hStdInput;
            public IntPtr hStdOutput;
            public IntPtr hStdError;
        }

        #endregion

        #region Enums
        
        public enum TOKEN_TYPE : int
        {
            TokenPrimary = 1,
            TokenImpersonation = 2
        }

        public enum SECURITY_IMPERSONATION_LEVEL : int
        {
            SecurityAnonymous = 0,
            SecurityIdentification = 1,
            SecurityImpersonation = 2,
            SecurityDelegation = 3,
        }

        #endregion

        #region Constants

        public const int TOKEN_DUPLICATE = 0x0002;
        public const uint MAXIMUM_ALLOWED = 0x2000000;
        public const int CREATE_NEW_CONSOLE = 0x00000010;
        public const int CREATE_NO_WINDOW = 0x08000000;
        public const int DETACHED_PROCESS = 0x00000008;
        public const int NORMAL_PRIORITY_CLASS = 0x20;
        public const int UOI_NAME = 2;

        #endregion

        #region DLL Imports

        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
        public static extern bool CreateProcessAsUser(
            IntPtr hToken,
            string lpApplicationName,
            string lpCommandLine,
            ref SECURITY_ATTRIBUTES lpProcessAttributes,
            ref SECURITY_ATTRIBUTES lpThreadAttributes,
            bool bInheritHandles,
            uint dwCreationFlags,
            IntPtr lpEnvironment,
            string lpCurrentDirectory,
            ref STARTUP_INFO lpStartupInfo,
            out PROCESS_INFORMATION lpProcessInformation);

        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool AllocateLocallyUniqueId(out IntPtr pLuid);

        [DllImport("advapi32", SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
        public static extern bool OpenProcessToken(IntPtr ProcessHandle, int DesiredAccess, ref IntPtr TokenHandle);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public extern static bool DuplicateTokenEx(
            IntPtr hExistingToken,
            uint dwDesiredAccess,
            ref SECURITY_ATTRIBUTES lpTokenAttributes,
            SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
            TOKEN_TYPE TokenType,
            out IntPtr phNewToken);

        [DllImport("user32.dll", SetLastError = true)]
        public static extern bool GetUserObjectInformationW(IntPtr hObj, int nIndex,
             [Out] byte[] pvInfo, uint nLength, out uint lpnLengthNeeded);

        #endregion
    }

外部调用入口类为Win32Interop,包含创建桌面会话进程、将当前进程切换到Desktop等主要功能

/// 
    /// 切换会话状态帮助类
    /// 
    public class Win32Interop
    {
        [DllImport("kernel32.dll")]
        public static extern uint WTSGetActiveConsoleSessionId();

        /// 
        /// 获取当前桌面名称
        /// 
        /// 
        public static string GetCurrentDesktop()
        {
            // 打开接收用户输入的桌面。
            var inputDesktop = OpenInputDesktop();
            var deskBytes = new byte[256];
            // 检索有关指定窗口站或桌面对象的信息。(这里检索名字)
            var success = GetUserObjectInformationW(inputDesktop, UOI_NAME, deskBytes, 256, out var lenNeeded);
            if (!success)
            {
                CloseDesktop(inputDesktop);
                return "Default";
            }

            // 返回窗口站或桌面的名字
            var desktopName = Encoding.Unicode.GetString(deskBytes.Take((int)lenNeeded).ToArray()).Replace("\0", "");
            // 关闭桌面对象的打开句柄。
            CloseDesktop(inputDesktop);
            return desktopName;
        }

        /// 
        /// 获取会话列表
        /// 
        /// 
        public static IEnumerable EnumerateSessions()
        {
            var ppSessionInfo = IntPtr.Zero;
            var count = 0;

            // 检索远程桌面会话主机(RD 会话主机)服务器上的会话列表。
            var retrieval = WtsApi32.WTSEnumerateSessions(WtsApi32.WtsCurrentServerHandle, 0, 1, ref ppSessionInfo, ref count);
            var dataSize = Marshal.SizeOf(typeof(WtsApi32.WtsSessionInfo));
            var current = (long)ppSessionInfo;

            if (retrieval == 0) yield break;
            for (var i = 0; i < count; i++)
            {
                var sessionInf = (WtsApi32.WtsSessionInfo)Marshal.PtrToStructure((System.IntPtr)current, typeof(WtsApi32.WtsSessionInfo));
                current += dataSize;
                yield return sessionInf;
            }
        }

        /// 
        /// 获取Rdp会话
        /// 
        /// 
        public static uint GetRdpSession()
        {
            // 返回远程桌面会话主机(RD 会话主机)服务器上的会话列表信息
            var sessionList = EnumerateSessions();
            uint retVal = 0;

            // pWinStationName 指向包含此会话的 WinStation 名称的 null 终止字符串的指针。 WinStation 名称是 Windows 与会话关联的名称,例如“services”、“console”或“RDP-Tcp#0”。
            // 「rdp-tcp#0」和「console」是两种不同的远程桌面协议(Remote Desktop Protocol)的连接方式。 「rdp-tcp#0」是使用TCP 协议的RDP 连接,它可以通过网络与远程主机进行连接。 「console」则代表通过本地控制台连接,它只能在本地机器上直接连接到远程主机。
            var wtsSessionInfos = sessionList.ToList();
            var rdpSession = wtsSessionInfos.FirstOrDefault(ses => ses.pWinStationName.ToLower().Contains("rdp") && ses.State == 0);
            if (wtsSessionInfos.Any(ses => ses.pWinStationName.ToLower().Contains("rdp") && ses.State == 0))
            {
                retVal = (uint)rdpSession.SessionID;
            }
            return retVal;
        }

        /// 
        /// 打开输入桌面
        /// 
        /// 
        public static IntPtr OpenInputDesktop()
        {
            return User32.OpenInputDesktop(0, false, AccessMask.GenericAll);
        }

        /// 
        /// 创建桌面会话进程
        /// 
        /// 
        /// 
        /// 
        /// 
        /// 
        /// 
        public static bool OpenInteractiveProcess(string applicationName, string desktopName, bool hiddenWindow, uint dwSessionId, out PROCESS_INFORMATION procInfo)
        {
            uint winlogonPid = 0;
            var hPToken = IntPtr.Zero;
            procInfo = new PROCESS_INFORMATION();

            // Obtain the process ID of the winlogon process that is running within the currently active session.
            var processes = Process.GetProcessesByName("winlogon");
            foreach (var p in processes)
            {
                if ((uint)p.SessionId == dwSessionId)
                {
                    winlogonPid = (uint)p.Id;
                }
            }

            // Obtain a handle to the winlogon process.
            // 打开现有的本地进程对象。
            var hProcess = Kernel32.OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);

            // Obtain a handle to the access token of the winlogon process.
            // OpenProcessToken函数打开与进程关联的访问令牌。
            if (!OpenProcessToken(hProcess, TOKEN_DUPLICATE, ref hPToken))
            {
                Kernel32.CloseHandle(hProcess);
                return false;
            }

            // Security attribute structure used in DuplicateTokenEx and CreateProcessAsUser.
            var sa = new SECURITY_ATTRIBUTES();
            sa.Length = Marshal.SizeOf(sa);

            // Copy the access token of the winlogon process; the newly created token will be a primary token.
            // DuplicateTokenEx函数创建一个新的访问令牌来复制现有令牌。此函数可以创建主令牌或模拟令牌。
            if (!DuplicateTokenEx(hPToken, MAXIMUM_ALLOWED, ref sa, SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, TOKEN_TYPE.TokenPrimary, out var hUserTokenDup))
            {
                Kernel32.CloseHandle(hProcess);
                Kernel32.CloseHandle(hPToken);
                return false;
            }

            // By default, CreateProcessAsUser creates a process on a non-interactive window station, meaning
            // the window station has a desktop that is invisible and the process is incapable of receiving
            // user input. To remedy this we set the lpDesktop parameter to indicate we want to enable user 
            // interaction with the new process.
            var si = new STARTUP_INFO();
            si.cb = Marshal.SizeOf(si);
            si.lpDesktop = @"winsta0\" + desktopName;

            // Flags that specify the priority and creation method of the process.
            uint dwCreationFlags;
            if (hiddenWindow)
            {
                dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW | DETACHED_PROCESS;
            }
            else
            {
                dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
            }

            // Create a new process in the current user's logon session.
            // 创建一个新进程及其主线程。新进程在指定令牌表示的用户的安全上下文中运行。
            // 通常,调用CreateProcessAsUser函数的进程 必须具有SE_INCREASE_QUOTA_NAME权限,并且如果令牌不可分配,则可能需要SE_ASSIGNPRIMARYTOKEN_NAME权限。如果此函数失败并出现ERROR_PRIVILEGE_NOT_HELD(1314),请改用CreateProcessWithLogonW函数。CreateProcessWithLogonW不需要特殊权限,但必须允许指定的用户帐户以交互方式登录。通常,最好使用CreateProcessWithLogonW创建具有备用凭据的进程。
            var result = CreateProcessAsUser(hUserTokenDup, null, applicationName, ref sa, ref sa, false, dwCreationFlags, IntPtr.Zero, null, ref si, out procInfo);

            // Invalidate the handles.
            Kernel32.CloseHandle(hProcess);
            Kernel32.CloseHandle(hPToken);
            Kernel32.CloseHandle(hUserTokenDup);

            return result;
        }

        /// 
        /// 将当前进程切换到Desktop
        /// 
        public static void SwitchToInputDesktop()
        {
            var inputDesktop = OpenInputDesktop();
            SwitchDesktop(inputDesktop);
            SetThreadDesktop(inputDesktop);
            CloseDesktop(inputDesktop);
        }
    }

然后再建一个新项目B,用于启动一个新进程进行截图。进程名就叫WinLogonScreenShot。

项目A中继续写以下代码用于启动项目B中的进程WinLogonScreenShot:

        /// 
        /// 创建新进程
        /// 
        /// 
        internal bool Create()
        {
            try
            {
                // 返回值为uint类型,不要写int类型
                uint dwSessionId = Win32Interop.WTSGetActiveConsoleSessionId();
                Log.Info($"检索控制台会话的会话标识符句柄:{dwSessionId}");

                var desktopName = Win32Interop.GetCurrentDesktop();

                Log.Info($"返回窗口站或桌面的名字:{desktopName}");

                // 返回rdpSession会话id
                var rdpSessionId = Win32Interop.GetRdpSession();

                Log.Info($"返回rdpSession会话id:{rdpSessionId}");

                if (rdpSessionId > 0)
                {
                    if (dwSessionId != rdpSessionId)
                        desktopName = "winlogon";
                    dwSessionId = rdpSessionId;
                }

                Log.Info($"desktopName:{desktopName};dwSessionId:{dwSessionId}");

                var res = CreateProcessAsUser(dwSessionId, desktopName, _winLogonType);

                Log.Info($"CreateProcessAsUser:{res}");

                Log.Info($"Service started.");

                return res;
            }
            catch (Exception ex)
            {
                ServiceCenters.Log.Error(ex);
                return false;
            }
        }

        /// 
        /// 守护会话ID>0的进程
        /// 
        /// 
        internal async Task StartMonitorAsync()
        {
            await Task.Run(MonitorProcess);
        }

        /// 
        /// 守护会话ID>0的进程
        /// 
        private async Task MonitorProcess()
        {
            while (true)
            {
                try
                {
                    var process = Process.GetProcessesByName("WinLogonScreenShot");
                    if (process.Length == 0)
                    {
                        Log.Info($"创建会话ID=1的新进程");
                        var activeSessionId = Kernel32.WTSGetActiveConsoleSessionId(); //获取活动会话
                        Log.Info($"检索控制台会话的会话标识符句柄:{activeSessionId}");
                        var desktop = Win32Interop.GetCurrentDesktop();
                        var isOk = CreateProcessAsUser(activeSessionId, desktop, _winLogonType);
                        Log.Info($"新建进程结果:{isOk}");
                    }

                    await Task.Delay(1000);
                }
                catch (Exception ex)
                {
                    ServiceCenters.Log.Error(ex);
                }
            }
        }

        /// 
        /// 创建用户进程
        /// 
        /// 
        /// 
        /// 
        /// 
        private bool CreateProcessAsUser(uint dwSessionId, string desktopName, WinLogonType type)
        {//用户进程启动
            var result = Win32Interop.OpenInteractiveProcess("WinLogonScreenShot", desktopName, true, dwSessionId, out _);
            return result;
        }

需要把项目B生成到项目A运行目录下。上面就是创建一个满足在登录界面截图的进程WinLogonScreenShot,并且守护该进程的操作。

然后在项目A中截图/控制鼠标键盘等操作前,必须先调将当前进程切换到Desktop的方法

Win32Interop.SwitchToInputDesktop();

你可能感兴趣的:(c#,开发语言)