← Back to DevelopmentAging & Mixing viewer.dll generatorProgramsClan filesInternet Information ServiceOllyDbg tutorialsMiscellaneousSkinsLinks / Files

disable_jpeg_screenshot

← Back to Miscellaneous
Apparently there's people out there who find nothing more amusing than taking alot of JPEG screenshots to slow their computer "thanks to" the compression that is done on the image.
This makes them "teleport" on other people screen and they don't see the abuser attacking them.

Here's my approach to counter this phenomenon :
- Completely disable JPEG screenshots (no more compression that slows down the client), but the BMP screenshots is still here so there won't be any problem for reports.
- Add the date on BMP screenshots (maybe you noticed that BMP screenshots don't display the date)

The screenshot procedure knows 2 values for the screenshot type : 0C8 which is JPEG, and 64 which is BMP.

Here's where the arguments are pushed for a JPEG screenshot :

OllyDbg - Client side

004150C5  |.  68 C8000000   PUSH 0C8
004150CA  |.  50            PUSH EAX
004150CB  |.  EB 20         JMP SHORT 004150ED


We need to change that 0C8 to 64 to make the screenshot a BMP.

OllyDbg - Client side

004150C5      68 64000000   PUSH 64
004150CA  |.  50            PUSH EAX
004150CB  |.  EB 20         JMP SHORT 004150ED


(I did that replacement with Ctrl+E rather then Space to avoid NOPs being added)

Now pressing Ctrl+Home or Ctrl+End will produce the same, a BMP screenshot.

We still need to make the date appear on our screenshots.
Inside the procedure, there's a comparison of one of the arguments with 0C8. That's what determines if a date is to be added or not.

OllyDbg - Client side

005091EA  |.  817D 0C C8000 CMP DWORD PTR SS:[ARG.2],0C8
005091F1  |.  0F85 6F010000 JNE 00509366


We just need to change the comparison value with the BMP code : 64.

OllyDbg - Client side

005091EA      817D 0C 64000 CMP DWORD PTR SS:[EBP+0C],64
005091F1  |.  0F85 6F010000 JNE 00509366


(Again, with Ctrl+E)

Now all the screenshot will be BMP ones, with the date and time displayed on the top left corner.