I'm developing a real-time video processing application where I handle sensitive data within my driver and display it on screen. However, for security reasons, I need to prevent direct access to this data from the host PC. I'm exploring ways to implement a privacy filter. This filter would detect actions like taking screenshots (e.g. BitBlt, DirectDraw, etc..) and respond by either disabling the information or overlaying it with a black screen.
For instance, Kaspersky employs a technique involving a hypervisor to hook bitblt in the kernel to render screenshots as black when you are viewing your banking details.
While I'm comfortable with the drawing and overlay functions, I'm less familiar with creating the hook or sensing mechanism to detect these actions at the kernel level. I suspect this might involve a kernel GDI hook or similar, but this hasn't really been taught in my lessons as it is more advanced.
---> Could you recommend any code blocks or tutorials that provide guidance on implementing this effectively?
--> If not feasible, is there an alternative approach to concealing any proprietary information? I am ideally trying to conceal it in general, from both user and malware (e.g. other drivers that may try to take screen grabs or UM applications/functions that ultimately make sys calls)
I've looked into some open source code such as Windows Detours (https://github.com/microsoft/Detours) and MinHook(https://github.com/TsudaKageyu/minhook) but these are all meant for user-mode applications. I am specifically looking for kernel hooking which I am inexperienced with