How to mask Ctrl Alt Del, Alt Tab, and Ctrl ESC key sequences in the Windows XP system
Compilation / Northtibet
Keywords: Ctrl Alt Del, Alt Tab, Ctrl ESC, VK_LWIN, VK_RWIN, TASK BAR, TASK Manager, taskbar, task manager.
Download this article source code:
Trapkeys.zip (95KB)
For people who have used Windows, almost no one knows the Ctrl Alt DEL combination key, especially when using the frequent crashing Windows9X, using its frequency, this combination is specially provided for the system security. Exit. VC Knowledge Base Online Magazine No. 11, AC952_Z_CN writes an article on this aspect in his personal column: "
WINDOWS NT / 2000 How to block Ctrl Alt DEL ". Therefore, this paper is important to introduce how to implement the mask Ctrl Alt Del combination key in Windows XP, that is, task manager, task switching combination key (Alt Tab), The taskbar and the "Start" menu (Ctrl Esc, VK_LWIN, VK_RWIN). This method can also be applied to the Windows 2000 environment.
In the Windows 9x / ME system, the key to masking Ctrl Alt DEL and various tasks to switch is implemented by the following method:
Bool boldstate;
SystemParametersInfo (SPI_SETSCREENSAVERRUNNING, TRUE, & BoldState, 0); MS big thinks think this method is amarage, so this is modified in Windows NT / 2000 / XP. In these newer Windows versions, users use Winlogon and Gina - Graphical Identification and Authentication, meaning the graphical authentication, is not very scared! In fact, it's just something. Winlogon is part of the Windows system that provides interactive login support, and Gina is a DLL for Winlogon to implement authentication. This DLL is Msgina.dll. WLXInitialize, WLXActivateUsershell is the output, of course, I don't know that these two, there is nothing. The former is initialized, the latter activates the user's shell. Windows uses this DLL to implement the authentication of the username password, but developers can replace MSGina.dll with their own Gina. For example, implementing a smart card, a retinal scanner, a DNA check, and the like instead of an authentication of the username password form. All functions related to GINA are listed in the table below. One of them is WLXLoggedonSAS, when Press the Ctrl Alt DEL key, Winlogon calls this function.
(Table 1) Gina function list
When the user activates the function described WlxActivateUserShell shell WlxDisplayLockedNotice allow GINA DLL lock information displayed when no user login WlxDisplaySASNotice, WlxDisplayStatusMessageWinlogon the Winlogon calls this function call this function with a status information display WlxGetConsoleSwitchCredentials Winlogon calls this function to read information of the current login user trust and Transparently transmitting them to target sessions WLXGETSTATUSMESSAGE WINLOGON Call this function Get Current Status Information WLXInitialize for the specified window location Gina DLL initialization WLXISLOCKOK Verification Workstation Normal Lock WLXISLOGOFFOK Verify that the normal WLXLoggedonSas user has logged in and the workstation is not locked, if this time If the SAS event is received, WINLOGON calls this function WLXLoggedoutSAS no user login. If you receive the SAS event at this time, Winlogon calls this function WLXLOGOFF requests to log off the operation Notification Gina DLL WLXNEGOTIATE indicates whether the current WinLogon version can use Gina DLLXNetworkProviderLoad to load the network After the service provider collected identity and authentication information, Winlogon calls this function WLXREMOVESTATUSMESSAGE WINLOGON Call this function tells the Gina DLL to stop display status information WLXSCREENSAVERNOTIFY allows Gina to call this function to call this function before shutting down, allowing Gina to implement any shutdown task For example, from the card reader WLXStartApplication When the system needs to start the application in the user's context, call this function WLXWKSTALOCKEDSAS as the workstation is locked, if a SAS is received, Winlogon calls this function by default, Gina Show landing Dialog, user input username and password. So you want to block the Ctrl Alt DEL, you can write a new MyGina.dll, which provides the interface to call Msgina.dll's function WLXLoggedonsas to implement Ctrl Alt DEL mask. Or write a keyboard driver to implement.
Is it so troublesome? Is there a better way? The answer is yes. So forget the Gina, use the operating system's policy settings to make this problem. The method is to enter the "Start" menu, select "Run", then enter "gpedit.msc" in the Run dialog, start the WINDOWS system's group policy editor. View "User Configuration | Manage Template | System | Login / Logout" on the left pane, it is difficult to find the Disable Task Manager in the right pane policy. As shown in Figure 2:
Figure a set of strategy editor
Ctrl Alt Del can be shielded by setting the settings for this policy. If you want to implement by writing a code, you must do the following registry key:
HKCU /
Software /
Microsoft /
WINDOWS /
CURRENTVERSION /
Policies /
System / disabletaskmgr = dword: 1
After this setting, in Windows XP, if the user presses Ctrl Alt DEL, an error dialog will pop up, as shown in Figure 2:
Figure 2 error message
Note Here, it is assumed that "Select Login and Logout Options" settings "Use the User Account" management in the control panel enabled "Welcome Screen". As shown in Figure 3: Figure 3 login option
Otherwise, XP will use Windows's traditional login mode to require the user to enter the account name. And the behavior of the Ctrl Alt Del combination key is the same as the traditional behavior. The settings of DisableTaskmgr in the registry are only masked or gray on the task manager button in the login / logout dialog. Some people may ask, there is no clear statement about the documentation of the task manager, then how do you know that disabletaskmgr is used to disable task manager? Tell you, I am discovered when using gpedit. GPEDIT is a very useful tool that can not only use it to edit the policy, but also use it to discover strategies. With this tool, you can easily control a lot of Windows, access to whether to use the traditional appearance of IE from license privileges, from whether the Places BAR in the dialog box is displayed in Ctrl Alt DEL Start Task Manager. In short, it can be configured with hundreds of interface behavior, so it is a tool sufficient to allow system administrators to extends. Once you find a strategy of interest, how do you know the corresponding registry location? There are two ways. The first is a relatively rude approach: output the registry to a .reg file before and after the modification policy, then compare what is different. All strategies are not more than the following four registry keys:
// User specified
HKEY_CURRENT_USER / SOFTWARE / Policies
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies
// Machine designation
HKEY_LOCAL_MACHINE / SOFTWARE / Policies
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies The second method is the directive information source - check the management template file (.adm) for description policies. Here is a description of Windows XP's System.adm file to DisableTaskmgr: (Windows 2000 is slightly different, please refer to Windows 2000 resource development package)
Category !! Cadoptions
#if version> = 4
Explain !! Cadoptions_help
#ENDIF
Keyname "Software / Microsoft / Windows / CurrentVersion / Policies / System"
Policy !! disabletaskmgr
#if version> = 4
Supported !! supported_win2k
#ENDIF
Explain !! disabletaskmgr_help
Valuename "DisableTaskmgr"
End policy
;
More Ctrl Alt Del Policies Here ...
;
End category; Ctrl Alt Del Options
......
......
Disabletaskmgr_help = "Prevents User from starting '' Task Manager '' '' ./ n / n If this setting is enabled, and the user attempts to start the task manager, system
The message will be displayed, the interpretation is a policy to prohibit this operation. / N / N task manager lets users start or terminate programs, monitor computer performance, view and monitor all operations on your computer
The program (including system service), the execution file name of the search program, and the priority order of the program run. "Disabletaskmgr =" Delete Task Manager "is described above DISABLETASKMGR
It is in this description of keyName and Valuename specify the key value pair of the registry. With this method, you can create management templates and policies for your application, but editors and browse. The editor of the .adm template file must support Unicode characters. Such as NOTEPAD or WordPad, etc. In addition, use management template files, system administrators can use it for policies required for the entire organization - thus it can be seen that this file is rampant in the system! For more information on template management file format, please refer to the platform SDK. Finally, it is necessary to emphasize that disabletaskmgr is only disabled with Ctrl Alt Del. Let's discuss how to capture its button sequences. To intercept Ctrl Alt Del, there are three optional methods:
1. Write a Gina agent; this method we introduce in later articles. In fact, AC952_Z_CN's personal column articles: "How to block Ctrl ALT DEL" under Windows NT / 2000 is this method. 2. Write a keyboard driver; the method used in this article example. 3. Use your own program instead of the task manager program Taskmgr.exe. See the example code of this article for the specific implementation details of the shield Ctrl Alt DEL solution.
Let us solve the problem of blocking task switching key sequences, including Alt Tab, Ctrl Esc, Alt Esc, VK_LWIN / VK_RWIN, and taskbar. In the past World of WINDOW forces, the method of dealing with this problem is achieved by WM_SYSKEYDOWN. During the Windows 9x, the process of processing of this problem is mentioned in front of this article, using SPI_SETSCREENSAVERRUNNING. However, enter Windows NT 4.0 (SP3 ), Windows 2000, and Windows XP eras, the processing of this problem has been different, and a low-level keyboard drive hook must be written. Don't be afraid, because this hook is not difficult. This article will show how to implement this keyboard hook. In general, the system-level hook must be a DLL. Here is a source code snippet of a keyboard hook DLL provided herein:
head File
//TaskKeyhook.h
//
#define dllimport __declspec (dllimport)
DLLIMPORT BOOL DISABLETASKKEYS (Bool Benable, BOOL BBEEP);
Dllimport Bool AretaskKeysdisabled ();
Implement file
// TaskKeyHOK.cpp
//
#define_win32_winnt 0x0500 // for KBDLLHOOKSTRUCT
#include
#define dllexport __declspec (dllexport)
//
// app (dll) Object
//
Class CTaskKeyHOKDLL: PUBLIC CWINAPP {
PUBLIC:
CtaskKeyHOKDLL () {}
~ CtaskKeyHOKDLL () {}
} Mydll;
// The following code indicates that this part is shared between all instances of this DLL.
// The lower keyboard hook must be a system-level hook
//
#pragma data_seg (".mydata") hHOOK G_HHHOOKKBDLL = NULL; // Hook handle
Bool g_bbeep = false; // Beep Running when the illegal key is pressed
#pragma data_seg ()
#pragma comment (Linker, "/SECTION:: ildata ,rws") // tells the linker: establish a data sharing section
//
// Low-level keyboard hook
// Intercept Task Conversion Key: Do not pass directly
//
LResult Callback MyTaskKeyHookll (Int Ncode, WPARAM WP, LPARAM LP)
{
KBDLLHOKSTRUCT * PKH = (KBDLLHOKSTRUCT *) LP;
IF (ncode == hc_action) {
Bool bctrlkeydown =
GetasyncKeyState (vk_control) >> ((SIZEOF (SHORT * 8) - 1);
IF ((pkh-> vkcode == vk_escape && bctrlkeydown) || // Ctrl ESC
// alt tab
(pkh-> vkcode == vk_tab && pkh-> flags & llkhf_altdown) ||
// Alt ESC
(pkh-> vkcode == vk_escape&& pkh-> flags & llkhf_altdown) ||
(pkh-> vkcode == vk_lwin || pkh-> vkcode == vk_rwin)) {// Start menu
IF (g_bbeep && (wp == wm_syskeydown || wp == wm_keydown)))
MessageBeep (0); // Bee
Return 1; // No longer passed to CallNexthookex, return directly
}
}
Return CallNexthookex (G_HhookKBDLL, NCODE, WP, LP);
}
/ / Whether to shield the task key sequence - means that the keyboard hook is installed?
// Note: This assumes that there is no other hook to do the same thing
//
DLLEXPORT BOOL AretaskKeysdisabled ()
{
Return g_hhookkbdll! = NULL;
}
// Mask task key: Install lower keyboard
/ / Return to the current shield mark (TRUE / FALSE)
//
DLLEXPORT BOOL DISABLETASKKEYS (Bool BDisable, Bool Bbeep)
{
IF (bdisable) {
IF (! g_hhookkbdll) {
g_hookkbdll = setwindowshookex (wh_keyboard_ll,
MytaskKeyhookll, Mydll.m_HINSTANCE, 0);
}
} else if (g_hhookkbdll! = null) {
UnHookWindowsHookex (g_hhookkbdll);
g_hookkkbdll = null;
}
g_bbeep = bbeep;
Return AretaskKeysdisabled ();
} TaskKeyHook Outputs Two functions: disabletaskKeys and AretaskKeysdisabled. The former is installed on the wh_keyboard_ll hook; the latter determines whether this hook is installed. The processing idea of this keyboard hook is to intercept Alt Tab, Ctrl Esc, Alt ESC, and Windows key vk_lwin / vk_rwin, and will be described in detail later about these two keys. When the hook encounters these keys, it returns directly to the caller instead of passing the processing to CallNexthookex. LResult Callback MyTaskKeyhookll (...)
{
IF (/ * task key *)
Return 1; // Return immediately
Return CallNexthookex (...);
} Most of TaskKeyHook is very simple. Only one place uses a little tip: both #pragma data_seg named the data segment containing full data, and tells the linker with #pragma comment (Linker ...) to let this data segment as a shared section. Please refer to the source code for details. The example of this article comes with the above several features related to the masking keyboard button sequence, in addition to this, there is still a function to disable the taskbar. Because since the task conversion key is disabled, it is generally necessary to disable the taskbar, otherwise the task conversion key is disabled. The specific way to disable the taskbar is as follows:
HWND HWND = FindWindow ("shell_trayWnd", null; // Find the taskbar
EnableWindow (HWND, FALSE); // Disable task bar, such as Figure 4 is the example of an example:
Figure 4 TRAPKEYS program running screen
The following is the implementation code of the TRAPKEYS program:
/
// trapkeys.cpp
//
#include "stdafx.h"
#include "resource.h"
#include "statlink.h"
#include "taskKeymgr.h"
// Main dialog
//
Class CMYDIALOG: PUBLIC CDIALOG {
PUBLIC:
CMYDIALOG (CWND * PParent = NULL): CDIALOG (IDD_MYDIALOG, PPARENT) {}
protected:
Hicon M_Hicon;
CstaticLink M_WndLink1;
CSTATICLINK M_WNDLINK2;
CStaticLink M_Wndlink3;
Virtual Bool OnInitdialog ();
// Command / UI update processing
AFX_MSG Void OnDisableTaskmgr ();
AFX_MSG void OnDisableTaskKeys ();
AFX_MSG void onDisabletaskbar ();
AFX_MSG Void OnupdatedisableTaskmgr (CCMDui * PCMDUI);
AFX_MSG Void OnupdatedisableTaskKeys (CCMDUI * PCMDUI);
AFX_MSG Void OnupdatedisableTaskbar (CCMDUI * PCMDUI);
AFX_MSG LRESULT ONKICKIDLE (WPARAM, LPARAM);
Declare_message_map ()
}
///
// Standard MFC dialog application class code.
//
Class CMYAPP: Public CWINAPP {
PUBLIC:
Virtual Bool InitInstance () {// Initialization App: Run dialog
CMYDIALOG DLG;
m_pmainwnd = & dlg;
Dlg.domodal ();
Return False;
}
Virtual int exitInstance () {
/ / In order to see the whole, all disabled items are restored when exiting the program
CTaskKeymgr :: Disable (CTaskKeymgr :: all, false);
Return 0;
}
}.
Begin_MESSAGE_MAP (CMYDIALOG, CDIALOG)
ON_COMMAND (IDC_DISABLE_TASKKEYS, ONDISABLETASKKEYS)
ON_COMMAND (IDC_DISABLE_TASKBAR, OnDISABLETASKBAR)
ON_COMMAND (IDC_DISABLE_TASKMGR, ONDISABLETASKMGR)
ON_UPDATE_COMMAND_UI (IDC_DISABLE_TASKKEYS, ONUPDATEDISABLETASKKEYS)
ON_UPDATE_COMMAND_UI (IDC_DISABLE_TASKBAR, ONUPDATEDISABLETASKBAR)
ON_UPDATE_COMMAND_UI (IDC_DISABLE_TASKMGR, OnUpdatedisableTaskmgr)
ON_MESSAGE (WM_KICKIDLE, ONKICKIDLE)
END_MESSAGE_MAP ()
///
// Initialization dialog: Subclass hyperlink connector
//
Bool CMYDIALOG :: OnNitdialog ()
{
CDIALOG :: OnInitdialog ();
// Initialization hyperlink
M_wndlink1.subclassdlgitem (IDC_Email, this);
M_WndLink2.SubclassDLGITEM (IDC_VCKBASEURL, THIS);
m_wndlink3.subclassdlgitem (IDC_VCKBaseLink, this);
// Set your own dialog icon. MFC does not set it for dialog applications
m_hicon = AFXGetApp () -> loadicon (iDR_mainframe);
Seticon (M_Hicon, True); // Type Icon
Seticon (M_Hicon, False); // Small icon
Return True;
}
// Command / UI update processing: Write these things should be easy.
Void CMYDIALOG :: OnDisableTaskKeys ()
{
CTaskKeymgr :: Disable (CTaskKeymgr :: TaskKeys,
! CtaskKeymgr :: AretaskKeysdisabled (), true); // Bee
}
Void CMYDIALOG :: OnupdatedisableTaskKeys (ccmdui * pcmdui)
{
PCMDUI-> SetCheck (ctaskKeymgr :: AretaskKeysDisabled ());
}
Void CMYDIALOG :: OnDisableTaskbar ()
{
CTaskKeymgr :: Disable (CTaskKeymgr :: Taskbar,
! CtaskKeymgr :: istaskbardisabled ());
}
Void CMYDIALOG :: OnupdatedisableTaskbar (ccmdui * pcmdui)
{
PCMDUI-> SetCheck (ctaskKeymgr :: istaskbardisabled ());
}
Void CMYDIALOG :: OnDisableTaskmgr ()
{
CtaskKeymgr :: Disable (CTaskKeymgr :: Taskmgr,! CTaskKeymgr :: istaskmgrdisabled ());
}
Void CMYDIALOG :: OnupdatedisableTaskmgr (ccmdui * pcmdui)
{
PCMDUI-> SetCheck (ctaskKeymgr :: istaskmgrdisabled ());
}
// If you want to make ON_UPDATE_COMMAND_UI to work properly, it is necessary.
//
Lresult CMYDIALOG :: ONKICKIDLE (WPARAM WP, LPARAM LCOUNT)
{
UpdatedialogControls (this, true);
Return 0;
} Although the task bar is disabled, it is disabled, but there is no handle, that is, the "Start" menu can still pop up the Windows button. Obviously before processing VK_LWIN, the taskbar does not check if it is enabled. Generally speaking, if a window is blocked, then it will no longer handle the user's input in this window - this is the so-called disable (disable) meaning. This is usually achieved after EnableWindow (False). However, the code that handles the VK_LWIN / VK_RWIN button will never check the taskbar to enable / disable status. In this regard, the method of processing this article is still using the keyboard hook. Modify the TaskKeyHook implementation and increase the capture of the Windows key. This will not happen anything after the "Start" menu key is pressed. I hope that there is no other button. If Which reader finds what key, please contact me to add it to the keyboard hook. For the sake of simplicity, I encapsulated all disabled functions in class CTaskKeymgr. Below is the definition of this class implementation file:
TaskKeymgr
// TaskKeymgr.h
//
#pragma overce
#include "taskkeyhook.h"
/
// Use this class to disable the task keys, task manager, or taskbar.
// Call disable with the corresponding flag, such as: ctaskmgrkeys :: disable (ctaskmgrkeys :: all);
//
Class CTaskKeymgr {
PUBLIC:
ENUM {
Taskmgr = 0x01, // Disable Task Manager (Ctrl Alt Del)
TaskKeys = 0x02, // Disable task conversion key (Alt-Tab, ETC)
Taskbar = 0x04, // Disable taskbar
All = 0xfffff // Disable everything L
}
Static Void Disable (DWORD DWITEM, BOOL BDISABLE, BOOL BBEEP = FALSE);
Static bool istaskmgrdisabled ();
Static bool istaskbardisabled ();
Static bool aretaskkeysdisabled () {
Return :: AretaskKeysdisabled (); // Call DLL
}
}
CPP implementation
// TaskKeymgr.cpp
//
#include "stdafx.h"
#include "taskKeymgr.h"
#define HKCU HKEY_CURRENT_USER
// Used to disable the registry key value pair of task manager policies
LPCTSTR key_disabletaskmgr =
"Software // Microsoft // Windows // CurrentVersion // Policies // System";
LPCTSTR VAL_DISABLETASKMGR = "disabletaskmgr"; ///
// Disable the relevant task key
//
// dwflags = What is the disabled?
// bdisable = disabled (TRUE), otherwise enable (false)
// bbeep = Press whether or not the illegal button is buzzing (refer to the task key)
//
Void CTaskKeymgr :: Disable (DWORD DWFLAGS, BOOL BDISABLE, BOOL BBEEP)
{
// Task Manager (Ctrl Alt Del)
IF (dwflags & taskmgr) {
HKEY HK;
IF (REGOPENKEY (HKCU, Key_DisableTaskmgr, & HK)! = Error_Success)
RegcreateKey (HKCU, Key_DisableTaskmgr, & HK);
IF (bdisable) {/ / Disable Task Manager (DisableTM): Set Policy = 1
DWORD VAL = 1;
RegSetValueex (HK, Val_DisableTaskmgr, Null,
REG_DWORD, (Byte *) & Val, SizeOf (VAL));
} Else {// Enable Task Manager (EnableTM)
RegdeleteValue (HK, VAL_DISABLETASKMGR);
}
}
// Task Key (Alt-Tab ETC)
IF (dwflags & taskkeys)
:: DisabletaskKeys (bdisable, bbeep); // Install the keyboard hook
// mission Board
IF (dwflags & taskbar) {
HWND HWND = FindWindow ("shell_trayWnd", null;
EnableWindow (HWND,! BDISABLE);
}
}
Bool CTaskKeymgr :: istaskbardisabled ()
{
HWND HWND = FindWindow ("shell_trayWnd", null;
RETURN Iswindow (HWND)?! iswindowenabled (hwnd): True;
}
Bool ctaskKeymgr :: istaskmgrdisabled ()
{
HKEY HK;
IF (REGOPENKEY (HKCU, Key_DisableTaskmgr, & HK)! = Error_Success)
Return false; // No button, no use
DWORD VAL = 0;
DWORD LEN = 4;
Return RegqueryValueex (HK, Val_DisableTaskmgr,
NULL, NULL, (BYTE *) & VAL, & LEN) == Error_Success && Val == 1;
} The functions in this class are static, in fact, CTASKKEYMGR is completely a name space. You can use it with your own procedure. For example, disabling task conversion buttons and taskbars, but Ctrl Alt Del:
CTaskKeymgr :: Disable (CTaskKeymgr :: TaskKeys |
