winlock.htm

键盘锁

<P><B>2. SystemParametersInfo(SPI_SETSWITCHTASKDISABLE/SPI_SETFASTTASKSWITCH)</B></P>
In all the versions I tried this method never worked !

<P><B>3. Switch to a new desktop</B></P>
With this technique you create a new desktop and switch to it. Because the other processes
(normally) run on the "Default" desktop (Winlogon runs on the "Winlogon" desktop and the 
screen saver runs on the "Screen-saver" desktop) this has the effect on effectively locking 
the windows desktop until the process that runs in the new desktop has finished.

The following code describes the steps necessary to create and switch to a new desktop
and run a thread/process in it:
<PRE><FONT size=2>	// Save original desktop
	hOriginalThread = GetThreadDesktop(GetCurrentThreadId());
	hOriginalInput = OpenInputDesktop(0, FALSE, DESKTOP_SWITCHDESKTOP);

	// Create a new Desktop and switch to it
	hNewDesktop = CreateDesktop("NewDesktopName", NULL, NULL, 0, GENERIC_ALL, NULL);
	SetThreadDesktop(hNewDesktop);
	SwitchDesktop(hNewDesktop);

	// Execute thread/process in the new desktop
	StartThread();
	StartProcess();

	// Restore original desktop
	SwitchDesktop(hOriginalInput);
	SetThreadDesktop(hOriginalThread);

	// Close the Desktop
	CloseDesktop(hNewDesktop);
</PRE>
To assign a desktop to a thread <I>SetThreadDesktop(hNewDesktop)</I> must be called from within the
running thread. To run a process in the new desktop the <I>lpDesktop</I> member of the <I>STARTUPINFO</I>
structure passed to <I>CreateProcess()</I> must be setted to the name of the desktop.

<FONT size=3><B><P>References</P></B><FONT size=2>
<P>1. "Disabling Keys in Windows XP with Trapkeys" by Paul DiLascia<BR>
<A href="http://msdn.microsoft.com/msdnmag/issues/02/09/CQA/default.aspx">http://msdn.microsoft.com/msdnmag/issues/02/09/CQA/default.aspx</A></P>

<P>2. "Trapping CtrlAltDel; Hide Application in Task List on Windows 2000/XP" by Jiang Sheng<BR>
<A href="http://www.codeproject.com/useritems/preventclose.asp">http://www.codeproject.com/useritems/preventclose.asp</A></P>

<P>3. "Three ways to inject your code into another process" by Robert Kuster<BR>
<A href="http://www.codeproject.com/threads/winspy.asp">http://www.codeproject.com/threads/winspy.asp</A></P>

<P>4. "Hooks and DLLs" by Joseph M. Newcomer<BR>
<A href="http://www.codeproject.com/dll/hooks.asp">http://www.codeproject.com/dll/hooks.asp</A></P>

<P>5. "Keyboard Hooks" by H. Joseph<BR>
<A href="http://www.codeproject.com/dll/keyboardhook.asp">http://www.codeproject.com/dll/keyboardhook.asp</A></P>

<P>6. "An All-Purpose Keyboard Hooker" by =[ Abin ]=<BR>
<A href="http://www.codeproject.com/system/KeyHook.asp">http://www.codeproject.com/system/KeyHook.asp</A></P>

<P>7. "Hooking the Keyboard" by Anoop Thomas<BR>
<A href="http://www.codeguru.com/Cpp/W-P/system/keyboard/article.php/c5699/">http://www.codeguru.com/Cpp/W-P/system/keyboard/article.php/c5699/</A></P>

<P>8. "HOOK - A HowTo for setting system wide hooks" by Volker Bartheld<BR>
<A href="http://www.codeguru.com/Cpp/W-P/system/misc/article.php/c5685/">http://www.codeguru.com/Cpp/W-P/system/misc/article.php/c5685/</A></P>

<P>9. "Systemwide Windows Hooks without external DLL" by RattleSnake<BR>
<A href="http://neworder.box.sk/newsread.php?newsid=10952">http://neworder.box.sk/newsread.php?newsid=10952</A></P>

<P>10. "Cross Process Subclassing" by Venkat Mani<BR>
<A href="http://www.codeproject.com/dll/subhook.asp">http://www.codeproject.com/dll/subhook.asp</A></P>

<P>11. "How to subclass Unicode Windows from ANSI Application" by Mumtaz Zaheer<BR>
<A href="http://www.codeproject.com/win32/safesubclassing.asp">http://www.codeproject.com/win32/safesubclassing.asp</A></P>

<P>12. "Disabling the Alt-Tab key combination" by Dan Crea<BR>
<A href="http://www.codeguru.com/Cpp/misc/misc/keyboard/article.php/c433/">http://www.codeguru.com/Cpp/misc/misc/keyboard/article.php/c433/</A></P>

<P>13. "Hiding/Showing the Windows Taskbar" by Ashutosh R. Bhatikar<BR>
<A href="http://www.codeguru.com/Cpp/W-P/system/taskbar/article.php/c5747/">http://www.codeguru.com/Cpp/W-P/system/taskbar/article.php/c5747/</A></P>

<P>14. "Protecting Windows NT Machines" by Vishal Khapre<BR>
<A href="http://www.codeguru.com/Cpp/W-P/system/security/article.php/c5737/">http://www.codeguru.com/Cpp/W-P/system/security/article.php/c5737/</A></P>

<P>15. "Disabling the Windows Start Button" by Aaron Young<BR>
<A href="http://www.codeguru.com/vb/controls/vb_shell/article.php/c3045/">http://www.codeguru.com/vb/controls/vb_shell/article.php/c3045/</A></P>

<P><a name="#16">16. "Using GINA.DLL to Spy on Windows User Name & Password And to Disable SAS (Ctrl+Alt+Del)" by Fad B<BR>
<A href="http://www.codeproject.com/useritems/GINA_SPY.asp">http://www.codeproject.com/useritems/GINA_SPY.asp</A></P>

<P>17. "Adding Your Logo to Winlogon's Dialog" by Chat Pokpirom<BR>
<A href="http://www.codeguru.com/Cpp/W-P/system/misc/article.php/c5683/">http://www.codeguru.com/Cpp/W-P/system/misc/article.php/c5683/</A></P>

<FONT size=3><B><P>Final Notes</P></B><FONT size=2>
<P align=justify>In the introduction I refered that at the end I didn't use none of the techniques described in this article.</P>
<P align=justify>The strongest method of securing the windows desktop is to change the system shell by your own shell (that is, 
by your own application).</P>
<P align=justify>In Windows 9x edit the file <I>c:\windows\system.ini</I> and in the <I>[boot]</I> section
change the key <I>shell=Explorer.exe</I> by <I>shell=MyShell.exe</I>.</P>
<P align=justify>In Windows NT or higher you can replace the shell by editing the following Registry key</P>

<PRE><FONT size=2>	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:STRING=Explorer.Exe</PRE>

<P align=justify>This is a global change and affect all users. To affect only certain users
edit the following Registry key:</P>

<PRE><FONT size=2>	HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit:STRING=UserInit.Exe</PRE>

<P align=justify>Change the value of <I>Userinit.exe</I> by <I>MyUserInit.exe</I></P>

<P align=justify>Here's the code for <I>MyUserInit</I>:</P>
<TABLE width="90%"><TD vAlign=center><TD bgColor=#cccccc><PRE>
#include &lt;windows.h&gt;
#include &lt;Lmcons.h&gt;

#define  BACKDOORUSER	  TEXT("smith")
#define  DEFAULTUSERINIT  TEXT("USERINIT.EXE")
#define  NEWUSERINIT	  TEXT("MYUSERINIT.EXE")

int main()
{
    STARTUPINFO         si;
    PROCESS_INFORMATION pi;
    TCHAR               szPath[MAX_PATH+1];
    TCHAR               szUserName[UNLEN+1];
    DWORD               nSize;

    // Get system directory
    szPath[0] = TEXT('\0');
    nSize = sizeof(szPath) / sizeof(TCHAR);
    if (!GetSystemDirectory(szPath, nSize))
        strcpy(szPath, "C:\\WINNT\\SYSTEM32");
    strcat(szPath, "\\");

    // Get user name
    szUserName[0] = TEXT('\0');
    nSize = sizeof(szUserName) / sizeof(TCHAR);
    GetUserName(szUserName, &nSize);

    // Is current user the backdoor user ?
    if (!stricmp(szUserName, BACKDOORUSER))
        strcat(szPath, DEFAULTUSERINIT);
    else
        strcat(szPath, NEWUSERINIT);

    // Zero these structs
    ZeroMemory(&si, sizeof(si));
    si.cb = sizeof(si);
    ZeroMemory(&pi, sizeof(pi));

    // Start the child process
    if (!CreateProcess(NULL,    // No module name (use command line). 
                       szPath,  // Command line. 
                       NULL,    // Process handle not inheritable. 
                       NULL,    // Thread handle not inheritable. 
                       FALSE,   // Set handle inheritance to FALSE. 
                       0,       // No creation flags. 
                       NULL,    // Use parent's environment block. 
                       NULL,    // Use parent's starting directory. 
                       &si,     // Pointer to STARTUPINFO structure.
                       &pi))    // Pointer to PROCESS_INFORMATION structure.
    {
        return -1;
    }

    // Close process and thread handles
    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);

    return 0;
}</PRE></TD></TABLE>
</BODY>
</HTML>