How to block Ctrl+esc key sequences in XP system

For people who have used windows, few people are unaware of the Ctrl+alt+del key combination, especially when using a windows9x that often freezes, and this key combination is an emergency exit specifically for system security. VC Knowledge Base Online magazine 11th, Ac952_z_cn wrote an article on this in his personal column: "How to block Ctrl+alt+del under WINDOWS nt/2000". So this article focuses on how to implement the masking Ctrl+alt+del key combination in Windows XP, which is Task Manager, task switch key combination (ALT + TAB), taskbar, and Start menu (Ctrl+esc,vk_lwin,vk_rwin). This method can also be applied to Windows 2000 environments.

In the Windows 9x/me system, masking the Ctrl+alt+del and various tasks is accomplished by the following methods:

BOOL boldstate;

SystemParametersInfo (spi_setscreensaverrunning, TRUE, &boldstate, 0);

Ms Big Guy thinks this method is very amateur, so it was modified in Windows NT/2000/XP. In these newer versions of Windows users log in using Winlogon and gina--graphical identification and authentication, meaning graphical authentication, pretty scary isn't it! Winlogon is part of the Windows system that specializes in interactive login support, while Gina is a dll--winlogon used to implement authentication is Msgina.dll. Wlxinitialize, Wlxactivateusershell is the output, of course, I do not know these two, there are other. The former initiates its own initialization, which activates the user's shell. Windows uses this DLL to authenticate user names + passwords, but developers can use their Gina instead of Msgina.dll. For example, implement authentication mechanisms such as smart cards, retinal scanners, DNA checks, and so on instead of an identity check in the form of a user name + password. All the functions associated with Gina are listed in the table below. One of them is WlxLoggedOnSAS, and Winlogon calls this function when the Ctrl+alt+del key is pressed.

(Table i) GINA Function List Function description

Wlxactivateusershell Activating the user shell

Wlxdisplaylockednotice allow Gina DLLs to display lock information

Wlxdisplaysasnotice Winlogon Call this function when no user is logged in

Wlxdisplaystatusmessagewinlogon Call this function to display with a State message

Wlxgetconsoleswitchcredentials Winlogon calls this function to read the trust information of the current logged-in user and transparently upload them to the target session

Wlxgetstatusmessage Winlogon Call this function to get the current state information

Wlxinitialize the GINA DLL class for the specified window position

Wlxislockok Verify that the workstation is locked properly

Wlxislogoffok Verify logoff is normal

WlxLoggedOnSAS the user is logged in and the workstation is not locked, Winlogon calls this function if a SAS event is received at this time

WlxLoggedOutSAS no user logged in, Winlogon call this function if a SAS event is received at this time

Wlxlogoff notify the Gina DLL when requesting a logoff operation

Wlxnegotiate indicates whether the current Winlogon version can use the Gina DLL

Wlxnetworkproviderload Winlogon Call this function after the Load Network service provider collects identity and authentication information

Wlxremovestatusmessage Winlogon Call this function to tell the Gina DLL to stop displaying state information

Wlxscreensavernotify allows Gina to interact with screen protection operations

Wlxshutdown Winlogon Call this function before closing, allowing Gina to implement any shutdown tasks, such as exiting a smart card from a card reader

Wlxstartapplication Call this function when the system needs to start the application in the context of the user

Wlxwkstalockedsas when a workstation is locked and if a SAS is received, Winlogon calls this function

By default, Gina displays the login dialog box, where the user enters the user name and password. So if you want to block out Ctrl+alt+del, you can write a new MyGina.dll that provides an interface to call Msgina.dll's function WlxLoggedOnSAS, which implements Ctrl+alt+del masking. or write a keyboard driver to implement.

is shielding Ctrl+alt+del really as troublesome as said? Is there a better way? The answer is yes. So forget about Gina, and use the operating system's policy settings to get the problem right. Start the Group Policy Editor for the Windows system by going to the Start menu, choosing Run, and then entering gpedit.msc in the Run dialog box. In the left pane, you can see the "Disable Task Manager" item in the right pane policy, which looks at "User Configuration | Administrative Templates | system | Logon/Logoff".

Group Policy Editor

By setting this policy, you can block out Ctrl+alt+del. If you are implementing it by writing code, you must manipulate the following registry key:

HKCU

Software

Microsoft

Windows

CurrentVersion

Policies

Systemdisabletaskmgr = Dword:1

When this is set, then in Windows XP, if the user presses Ctrl+alt+del, an error dialog box pops up.

Note This assumes that the "Use Welcome screen" option is enabled in the "Select Logon and logoff options" setting in user account management in Control Panel.

Otherwise, XP will use the Windows Legacy login mode, which requires the user to enter the account name. and Ctrl+alt+del the behavior of the key combination is the same as the traditional behavior, the DisableTaskMgr setting in the registry simply masks or grays the Task Manager button in the Logon/Logoff dialog box. One might ask, how do you know that DisableTaskMgr is used to disable Task Manager when the documentation for Task Manager is not explicitly stated? I'm telling you, I found it when I was using GPEdit. GPEdit is a very useful tool that can be used not only to edit a policy, but also to use it to discover strategies. With this tool, you can easily control many things in Windows, from Access to permission access to the traditional look of IE, from whether to display the Places bar in the dialog box to whether to start the task manager with Ctrl+alt+del. In short, it can be configured with hundreds of interface behavior, so it is enough to allow the system administrator to defer three feet of tools. Once you have found a strategy of interest, how do you know the appropriate registry location? There are two ways to do this. The first is a more rude approach: output the registry to a. reg file before and after modifying the policy, and then compare them to what is different. All policies are four registry keys without the following:

User-specified

Hkey_current_usersoftwarepolicies

Hkey_current_usersoftwaremicrosoftwindowscurrentversionpolicies

Machine designation

Hkey_local_machinesoftwarepolicies

Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpolicies

The second method is to strike the source of the information-examine the Administrative template file (. adm) that describes the policy. The following is a description of the Windows XP System.adm file for DisableTaskMgr: (Windows 2000 describes this slightly differently, for details, refer to Windows 2000 Resource Development Kit)

CATEGORY!! Cadoptions

#if version >= 4

EXPLAIN!! Cadoptions_help

#endif

KEYNAME "Softwaremicrosoftwindowscurrentversionpoliciessystem"

POLICY!! DisableTaskMgr

#if version >= 4

Supported!! Supported_win2k

#endif

EXPLAIN!! Disabletaskmgr_help

VALUENAME "DisableTaskMgr"

END POLICY

;

; More Ctrl+alt+del policies ...

;

END CATEGORY; Ctrl+alt+del Options

......

......

disabletaskmgr_help= "Prevents user from starting Task Manager" (Taskmgr.exe). nn if the setting is enabled and the user tries to start Task Manager, the system

A message is displayed explaining that a policy prohibits this operation. The NN Task Manager lets users start or stop programs, monitor computer performance, and view and monitor all running on a computer

Programs (including system services), search for the program's executable file name, and change the order in which programs run. "

Disabletaskmgr= "Delete Task Manager"

The above is a description fragment of DisableTaskMgr

It is in this section of the description that KeyName and ValueName specify the key-value pairs for the registry. With this approach, you can create administrative templates and policies for your own applications, but the editor for editing and browsing. adm template files must support Unicode characters. such as Notepad or WordPad, etc. can be. In addition, using an Administrative template file, the system administrator can use it to configure the required policies for the entire organization-as you can see, this file plays a pivotal role in the system! For more information about template management file formats, refer to the Platform SDK. The last point to emphasize is that DisableTaskMgr only disables Ctrl+alt+del functionality. Let's discuss how to capture its key sequence. To intercept Ctrl+alt+del, there are three ways to choose:

1, write a Gina agent; This method is described in a later article. In fact, AC952_Z_CN's personal column: "How to block Ctrl+alt+del under WINDOWS nt/2000" is the way to do it.

2. Write a keyboard driver; This article is an example of how the program is used.

3, replace the Task Manager program TaskMgr.exe with your own program.

For detailed implementation details of the shielding Ctrl+alt+del solution, refer to the example code in this article.

Let's solve the problem of masking task toggle key sequences, which include ALT + TAB, CTRL+ESC, Alt+esc, Vk_lwin/vk_rwin, and taskbar. In the early Window 3.1 era, the approach to dealing with this problem was achieved through wm_syskeydown. By the time of the Windows 9x, this article dealt with how to handle this problem, using spi_setscreensaverrunning. But into Windows NT 4.0 (SP3 +), Windows 2000 and the Windows XP era, the handling of this issue has been different and must be written with a low-level keyboard driver hook. Don't be afraid, because it's not hard to implement this hook. The following article describes how to implement this keyboard hook. In general, a system-level hook must be a DLL. The following is a snippet of the source code for a keyboard hook DLL provided in this article (TaskKeyHook.dll):

Header file

////////////////////////////////////////////////////////////////

TaskKeyHook.h

//

#define DLLIMPORT __declspec (DLLIMPORT)

DLLIMPORT bool Disabletaskkeys (bool benable, bool bbeep);

DLLIMPORT BOOL aretaskkeysdisabled ();

Implementation file

////////////////////////////////////////////////////////////////

TaskKeyHook.cpp

//

#define _WIN32_WINNT 0x0500//For Kbdllhookstruct

#include//MFC core and standard components

#define DLLEXPORT __declspec (DLLEXPORT)

//////////////////

APP (DLL) object

//

Class Ctaskkeyhookdll:public CWinApp {

Public

Ctaskkeyhookdll () {}

~ctaskkeyhookdll () {}

} MyDll;

////////////////////////////////////////////////

The following code indicates that this part is shared between all instances of this DLL

Low-level keyboard hooks must be system-level hooks.

//

#pragma data_seg (". MyData")

Hhook G_hhookkbdll = NULL; Hook handle

BOOL g_bbeep = FALSE; Beep ringing when illegal key is pressed

#pragma data_seg ()

#pragma COMMENT (linker, "/SECTION:.MYDATA,RWS")//TELL linker: Establish data sharing segment

//////////////////////////////////

Low-level keyboard hooks

Intercept Task Conversion key: Do not pass direct return

//

LRESULT CALLBACK mytaskkeyhookll (int nCode, WPARAM WP, LPARAM LP)

{

Kbdllhookstruct *pkh = (KBDLLHOOKSTRUCT *) LP;

if (ncode==hc_action) {

BOOL Bctrlkeydown =

Getasynckeystate (Vk_control) >> (sizeof (short) * 8)-1);

if ((Pkh->vkcode==vk_escape && bctrlkeydown) | |//CTRL+ESC

ALT + Tab

(Pkh->vkcode==vk_tab && pkh->flags & llkhf_altdown) | |

Alt+esc

(Pkh->vkcode==vk_escape && pkh->flags & llkhf_altdown) | |

(Pkh->vkcode==vk_lwin | | pkh->vkcode==vk_rwin)) {//Start menu

if (g_bbeep && (wp==wm_syskeydown| | Wp==wm_keydown))

MessageBeep (0); Beeps

return 1; No longer pass to CallNextHookEx, return directly

}

}

Return CallNextHookEx (G_hhookkbdll, NCode, WP, LP);

}

////////////////////////////////////////////////

Do you want to block the task key sequence--that is, the keyboard hooks are installed?

Note: This assumes there are no other hooks to do the same thing

//

DLLEXPORT BOOL aretaskkeysdisabled ()

{

return g_hhookkbdll! = NULL;

}

////////////////////////////////////////////////

Masking task keys: Installing low-level keyboard construction

Returns whether the current masking flag (True/false)

//

DLLEXPORT bool Disabletaskkeys (bool bdisable, BOOL Bbeep)

{

if (bdisable) {

if (!g_hhookkbdll) {

G_hhookkbdll = SetWindowsHookEx (Wh_keyboard_ll,

Mytaskkeyhookll, mydll.m_hinstance, 0);

}

} else if (g_hhookkbdll! = NULL) {

UnhookWindowsHookEx (G_hhookkbdll);

G_hhookkbdll = NULL;

}

G_bbeep = Bbeep;

return aretaskkeysdisabled ();

}

Taskkeyhook outputs two functions: Disabletaskkeys and aretaskkeysdisabled. The former installs the Wh_keyboard_ll hook; the latter determines whether the hook is installed. This keyboard hook processing idea is to intercept alt+tab,ctrl+esc,alt+esc and Windows key Vk_lwin/vk_rwin, about these two keys, will be described in detail later. When a hook encounters these keys, it returns directly to the caller instead of passing the processing to CallNextHookEx.

LRESULT CALLBACK mytaskkeyhookll (...)

{

if (/* Task key *)

return 1; return now

Return CallNextHookEx (...);

}

Most implementations of Taskkeyhook are simple. There's only one place to use a little trick: use #pragma data_seg to name data segments that contain the entire data, and use #pragma comment (linker ...). Tell the linker to make this data segment a shared segment. For details, please refer to the source code. The example program (TrapKeys.exe) included in this article brings together several of the above functions for masking keyboard key sequences, and in addition, it has a function of disabling the taskbar. Since the task conversion key is disabled, it is generally necessary to disable the taskbar, otherwise disabling the task conversion key is meaningless. The specific ways to disable the taskbar are as follows:

HWND hwnd = FindWindow ("Shell_traywnd", NULL);//Find the taskbar

EnableWindow (hwnd, FALSE); Disable taskbar

As shown in Figure IV is an example program running screen:

Figure Four Trapkeys program run screen

The following is the implementation code for the Trapkeys program:

/////////////////////////////////////////////////

TrapKeys.cpp

//

#include "stdafx.h"

#include "resource.h"

#include "StatLink.h"

#include "TaskKeyMgr.h"

////////////////////

Main dialog box

//

Class Cmydialog:public CDialog {

Public

CMyDialog (cwnd* pparent = NULL): CDialog (Idd_mydialog, pparent) {}

Protected

Hicon M_hicon;

Cstaticlink M_wndlink1;

Cstaticlink M_wndlink2;

Cstaticlink M_wndlink3;

Virtual BOOL OnInitDialog ();

Update processing for command/ui

afx_msg void Ondisabletaskmgr ();

afx_msg void Ondisabletaskkeys ();

afx_msg void Ondisabletaskbar ();

afx_msg void Onupdatedisabletaskmgr (ccmdui* pcmdui);

afx_msg void Onupdatedisabletaskkeys (ccmdui* pcmdui);

afx_msg void Onupdatedisabletaskbar (ccmdui* pcmdui);

afx_msg LRESULT Onkickidle (Wparam,lparam);

Declare_message_map ()

};

///////////////////////////////////////////////////////

The standard MFC dialog box applies the class code.

//

Class Cmyapp:public CWinApp {

Public

Virtual BOOL InitInstance () {

Initialize app: Run dialog box

CMyDialog dlg;

m_pMainWnd = &dlg;

Dlg. DoModal ();

return FALSE;

}

virtual int ExitInstance () {

In order to be on the whole, when exiting the program, all disabled items are restored

Ctaskkeymgr::D isable (Ctaskkeymgr::all, FALSE);

return 0;

}

} Theapp;

Begin_message_map (CMyDialog, CDialog)

On_command (Idc_disable_taskkeys,ondisabletaskkeys)

On_command (Idc_disable_taskbar, Ondisabletaskbar)

On_command (Idc_disable_taskmgr, Ondisabletaskmgr)

ON_UPDATE_COMMAND_UI (Idc_disable_taskkeys, Onupdatedisabletaskkeys)

ON_UPDATE_COMMAND_UI (Idc_disable_taskbar, Onupdatedisabletaskbar)

ON_UPDATE_COMMAND_UI (Idc_disable_taskmgr, Onupdatedisabletaskmgr)

On_message (Wm_kickidle,onkickidle)

End_message_map ()

///////////////////////////////////////////////

Initialize dialog box: Subclass hyperlink Handle Add icon

//

BOOL Cmydialog::oninitdialog ()

{

CDialog::OnInitDialog ();

Initialize a hyperlink

M_wndlink1.subclassdlgitem (Idc_email,this);

M_wndlink2.subclassdlgitem (Idc_vckbaseurl,this);

M_wndlink3.subclassdlgitem (Idc_vckbaselink,this);

Set the dialog box icon yourself. MFC does not set it for a dialog box application

M_hicon = AfxGetApp ()->loadicon (IDR_MAINFRAME);

SetIcon (M_hicon, TRUE); Hit icon

SetIcon (M_hicon, FALSE); Small Icons

return TRUE;

}

////////////////////////////////////////////////////////

Command/ui update processing: It should be easy to write these things.

void Cmydialog::ondisabletaskkeys ()

{

Ctaskkeymgr::D isable (Ctaskkeymgr::taskkeys,

! Ctaskkeymgr::aretaskkeysdisabled (), TRUE); Beeps

}

void Cmydialog::onupdatedisabletaskkeys (ccmdui* pcmdui)

{

Pcmdui->setcheck (ctaskkeymgr::aretaskkeysdisabled ());

}

void Cmydialog::ondisabletaskbar ()

{

Ctaskkeymgr::D isable (Ctaskkeymgr::taskbar,

! Ctaskkeymgr::istaskbardisabled ());

}

void Cmydialog::onupdatedisabletaskbar (ccmdui* pcmdui)

{

Pcmdui->setcheck (ctaskkeymgr::istaskbardisabled ());

}

void Cmydialog::ondisabletaskmgr ()

{

Ctaskkeymgr::D isable (Ctaskkeymgr::taskmgr,

! Ctaskkeymgr::istaskmgrdisabled ());

}

void Cmydialog::onupdatedisabletaskmgr (ccmdui* pcmdui)

{

Pcmdui->setcheck (ctaskkeymgr::istaskmgrdisabled ());

}

////////////////////////////////////////////////////////

This is necessary for ON_UPDATE_COMMAND_UI to work properly.

//

LRESULT cmydialog::onkickidle (WPARAM wp, LPARAM lCount)

{

Updatedialogcontrols (this, TRUE);

return 0;

}

Although the taskbar has been disabled as described above, there is one other organ that has not been processed, that is, pressing the Windows key can still pop up the Start menu. Obviously, the taskbar does not check whether it is enabled until Vk_lwin is processed. In general, if a window is blocked, then it will no longer handle the user's input in this window-this is what is called disabling (Disable) meaning. This is usually achieved after calling EnableWindow (FALSE). But the code that handles Vk_lwin/vk_rwin keys will never check the taskbar enable/disable state. In this respect, the approach of this article is still using keyboard hooks. Modify the Taskkeyhook implementation to increase the capture of Windows keys. This will not happen after you press the Start Menu key. I hope I didn't miss the other keys. If a reader finds out what the key is missing, please contact me to add it to the keyboard hooks. For the sake of simplicity, I encapsulated all disabled functions in the class ctaskkeymgr. The following is a definition of the implementation file for this class:

Taskkeymgr

////////////////////////////////////////

TaskKeyMgr.h

//

#pragma once

#include "TaskKeyHook.h"

/////////////////////////////////////////////////////////////////////

Use this class to disable the task key, Task Manager, or taskbar.

Call the Disable with the appropriate flags, such as: Ctaskmgrkeys::D isable (Ctaskmgrkeys::all);

//

Class Ctaskkeymgr {

Public

enum {

TASKMGR = 0x01,//Disable Task Manager (Ctrl+alt+del)

Taskkeys = 0x02,//Disable Task Conversion key (Alt-tab, etc)

taskbar = 0x04,//disable taskbar

ALL=0XFFFF//Disable all things L

};

static void Disable (DWORD dwitem,bool bdisable,bool bbeep=false);

Static BOOL istaskmgrdisabled ();

Static BOOL istaskbardisabled ();

Static BOOL aretaskkeysdisabled () {

Return:: aretaskkeysdisabled (); Call DLL

}

};

CPP implementation

////////////////////////////////////////////////////////////////

TaskKeyMgr.cpp

//

#include "StdAfx.h"

#include "TaskKeyMgr.h"

#define HKCU HKEY_CURRENT_USER

Registry key pair for disabling Task Manager policy

LPCTSTR Key_disabletaskmgr =

"Softwaremicrosoftwindowscurrentversionpoliciessystem";

LPCTSTR val_disabletaskmgr = "DisableTaskMgr";

///////////////////////////////////////////

Disable the related task key

//

DwFlags = indicates what is disabled

bdisable = disabled for (TRUE), otherwise enabled (FALSE)

Bbeep = Whether an illegal key is pressed (refers to the task key)

//

void Ctaskkeymgr::D isable (DWORD dwFlags, bool bdisable, BOOL Bbeep)

{

Task Manager (Ctrl+alt+del)

if (DwFlags & TASKMGR) {

HKEY HK;

if (RegOpenKey (HKCU, KEY_DISABLETASKMGR,&HK)!=error_success)

RegCreateKey (HKCU, Key_disabletaskmgr, &HK);

if (bdisable) {//Disable Task Manager (disable TM): Set policy = 1

DWORD val=1;

RegSetValueEx (HK, val_disabletaskmgr, NULL,

REG_DWORD, (byte*) &val, sizeof (Val));

} else {//Enable Task Manager (enable TM)

Regdeletevalue (hk,val_disabletaskmgr);

}

}

Task key (Alt-tab etc)

if (DwFlags & Taskkeys)

::D Isabletaskkeys (Bdisable,bbeep); Installing the keyboard hook

Task bar

if (dwFlags & taskbar) {

HWND hwnd = FindWindow ("Shell_traywnd", NULL);

EnableWindow (hwnd,!bdisable);

}

}

BOOL ctaskkeymgr::istaskbardisabled ()

{

HWND hwnd = FindWindow ("Shell_traywnd", NULL);

Return IsWindow (hwnd)?! IsWindowEnabled (HWND): TRUE;

}

BOOL ctaskkeymgr::istaskmgrdisabled ()

{

HKEY HK;

if (RegOpenKey (HKCU, Key_disabletaskmgr, &HK)!=error_success)

return FALSE; Without this key, do not disable

DWORD val=0;

DWORD len=4;

Return RegQueryValueEx (HK, Val_disabletaskmgr,

NULL, NULL, (byte*) &val, &len) ==error_success && val==1;

}

The functions in this class are static, in fact Ctaskkeymgr is completely a namespace. You can use it as you wish in your own program. For example, disable the task conversion keys and taskbar, but Ctrl+alt+del:

Ctaskkeymgr::D isable (Ctaskkeymgr::taskkeys |

Ctaskkeymgr::taskbar, TRUE);

In addition, several functions are used to check what is currently disabled and can even beep when the user presses the Disable key ... Go and enjoy Paul's source code!