Re: Simulating Control-Alt-Delete?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Alex Ionescu [397670] (alex_at_relsoft.net)
Date: 11/11/04 

Date: Wed, 10 Nov 2004 22:22:27 -0500

Richard Lewis Haggard wrote:
> I'm making an automated test program that will exercise a suite of programs,
> one of which is a replacement for MSGINA. That complicates things
> considerably since it will have to inject keyboard SAS events
> (Control-Alt-Delete) and survive across desktops.

So you basically want a way to show your GINA replacement as if the user
had pressed CAD?

>
> I think I can make the actual program itself a service and so it should be
> able to operate on both the default desktop (the one that the logon box
> appears on) and the user's own desktop. Being a service, there will be
> issues with sending keystrokes/mouse messages that are to emulate human
> interaction but it shouldn't be insurmountable.

If you make it interactive and do a lot of hacking (and violate service
rules) you would get it to work.

>
> The only unknown that I'm concerned about is the actual Control-Alt-Delete
> sequence itself. I've solved this problem years ago back in the stone age
> when women were women, men were men and sheep were afraid by writing a
> keyboard driver that could be commanded to send key down/up sequences to the
> system as though the physical keyboard itself had received human keystroke
> action. I don't want to go that far this time because the program is going
> to have to run generically, not just on a particular hardware configuration.

A keyboard filter hook is pretty generic, although injecting keystrokes
is a bit harder since you'll probably need a full virtual driver. In any
case, I don't see why they woudl be stuck to a particular hardware
configuration. You actually run more risk of not having it run on
general configurations by playing around with services that inject
keystrokes.

Anyways, since it looks like you need this for legimiate reasons, I'll
give you my answer. It's not pretty, but it works up to Longhorn (I
haven't tested on that OS). IMO it is the nicest.

Write this part of your test suite as a DLL, and add it to AppInit_DLLs.
Give it a shared section or some other way in which you plan to
communicate with it. After system startup, your DLL will live inside
Winlogon. Your process has to load the DLL (it automatically will), and
then somehow communicate with the other DLL (This is easiest by using
shared sections, much like creating a hook dlls). You need to tell the
DLL inside Winlogon to:

hSasWnd = FindWindow("SAS Window class", "SAS window");
SendMessage(hSasWnd, WM_HOTKEY, 0, MAKELONG(MOD_CONTROL | MOD_ALT,
VK_DELETE));

If you really want to get ugly and lean, skip the whole DLL part and
open a handle to winlogon, use
CreateRemotethread+WriteProcessMemory+VirtualAllocEx to allocate memory,
write the above code (in ASM os really neat C, making sure not to make
any assumptions about the environment, remember, you're running in
outsider memory), and then call CreateRemoteThread to execute those
lines. Done properly, this is something like 10 lines of code and
provides an instant way of faking Ctrl-Alt-Del. The nicer, more
recommended way is to use AppInit_DLLs.

I would pick this method over a driver, because if a User-Mode app
messes up, the damage is much worse then if a driver messes up.

There's another method which will probably work for any version of NT
that will ever be made, but I don't want to get into it. 

-- 
Best regards,
Alex Ionescu,
President, Relsoft Technologies
Kernel Developer, ReactOS
http://www.reactos.com

Relevant Pages

  • Re: Simulating Control-Alt-Delete?
    ... you don't need a keyboard filter (there could be no keyboards attached to ... >> afraid by writing a keyboard driver that could be commanded to send key ... > A keyboard filter hook is pretty generic, although injecting keystrokes is ... > Write this part of your test suite as a DLL, ...
    (microsoft.public.win32.programmer.kernel)
  • Re: HID device
    ... Just copy the PUBLIC driver code and build one ... monolithic USBHID DLL under your platform. ... > defined hid). ... We are severly customizing this keyboard and we have some ...
    (microsoft.public.windowsce.platbuilder)
  • Re: FTDI USB Serial Drivers
    ... The DLL accesses the inf for setup ... from the FTDI driver readme: ... Notes on INF files ... particular VID and PID requires access to a registry editor which (unlike ...
    (microsoft.public.windowsce.platbuilder)
  • Re: FTDI USB Serial Drivers
    ... The DLL accesses the inf for setup ... from the FTDI driver readme: ... Notes on INF files ... particular VID and PID requires access to a registry editor which (unlike ...
    (microsoft.public.windowsce.platbuilder)
  • Re: Reprise: Pended IOCtrl + LoadLibrary == Deadlock?
    ... Is your driver handle open in FILE_FLAG_OVERLAPPED mode? ... > happen at startup and shutdown. ... The dll is loaded and instructed by the ... >>> Devstudio and windbg both use int 3 for breakpoints. ...
    (microsoft.public.development.device.drivers)