I HATE THIS APP
- Challenge: I HATE THIS APP
- Category: Rev
- Flag:
LYKNCTF{setwindowdisplayaffinity}
My initial read / first impressions
The challenge description says:
Aughhh, how the hell can I not take a screenshot of this freaking app? I... I mean... It feels like the app is transparent to my screen. I can see it, but I can’t capture it. Why? Am I living in a simulation or something?
Your mission is to find the function that prevents me from taking screenshots.
So the goal was not to recover some hidden text from the UI or bypass the app visually. The challenge was asking for the exact function responsible for making the app disappear from screenshots.
The important clue is this part:
That sounds like a Windows screen-capture protection API. Some apps can mark their window so that normal screenshot / recording tools either show a black box or do not capture the window at all.
Extracting the app
The provided file was:
After extracting it, I started treating it like a normal reversing challenge and looked for anything related to screenshots, capture protection, or Windows UI APIs.
A quick strings/imports check was enough to find the important lead:
That immediately stood out because user32.dll is where a lot of Windows GUI/window-management APIs live, and SetWindowDisplayAffinity is specifically related to controlling where a window's contents are allowed to be displayed.
Finding the screenshot-blocking call
In the disassembly/decompiler, the interesting call was basically:
The first argument is the window handle, and the second argument is the display affinity value.
The value 0x11 is the important part. That corresponds to:
That mode tells Windows to exclude the window from screen capture. So the window can still be visible normally on the user's monitor, but when a screenshot or recording tries to capture the screen, the protected window does not show up properly.
That matches the challenge description perfectly. The app feels "transparent" to screenshots because Windows is intentionally excluding that window from capture.
Why this works
This was less about breaking encryption or patching the binary and more about recognizing the Windows API being used.
The full logic is:
app creates/shows a window
-> gets the window handle
-> calls SetWindowDisplayAffinity
-> passes 0x11 / WDA_EXCLUDEFROMCAPTURE
-> Windows hides the window from screenshots
So the function preventing screenshots is:
The challenge asks for all lowercase with no spaces, so the function name becomes: