With increasing population in using network, abundant digital content is available on network for people’s share, whereas copyright problems accompanied by it become more and more serious. Currently, digital right protection mechanisms including watermark, encryption. validation and authorization technologies highlights how to completely and safely deliver digital content required by users to authorized people. Even though such mechanisms increase safety of digital content on cyberspace, its controllable range is limited to provide protection on digital content access control, application control and starting time, however, at the time of browsing, in case users occur ultra vires act, monitor is still deficient. Current technology of monitoring acts are mainly applied to anti-block virus, trojan, worm invasion or analyze users with abnormal authorization, seldom applied to digital right management. This study tries to detect user behavior through API Hook(Application Programming Interface Hook), which indicates that during using capture function, users will return events in violation of digital rights detected to server；upon receipt by server, account number of such users will be controlled and managed, leading to users can’t access other digital content due to authority limits. After steal acts of users are prevented, data received from server will be used to check identify of users. This study creates a software to monitor user behavior, namely a online real-time system of protecting copyright which is constituted by monitor through program, keyboard and mouse, combining with monitor under state of linking to server；as user browse network through built-in browser in monitor system, if they happen to use built-in screen capture function in operating system or do act of capturing software, they will be determined as intentionally stealing digital content by system. Meanwhile, through on-line state monitor, problem that event return to server is interrupted possibly through blocking packages by users will be solved; target webpage is only browsed through built-in browser in monitor system after delivery of parameters and database. However, this system mainly regards webpage as protected units, thus in principle, various kinds of files are protected to avoid real-time capture as long as through newly increment of database in capture software, covering from picture-type digital content to video and audio streams. Finally, this system is to evaluate how to strengthen monitor to user behaviors unavailable in applicable digital right management, with the aim to understand values of this study.