In Windows XP, how does one block CTRL + ALT + DEL, ALT + tab, and CTRL + ESC key sequences?

On Windows XPBlock the CTRL + ALT + DEL, ALT + tab, and CTRL + ESC key sequences

Compile/northtibet

Keywords: CTRL + ALT + DEL, ALT + TAB, CTRL + ESC, vk_lwin, vk_rwin, task bar, task manager, taskbar, and task manager.

Download this articleSource code: Trapkeys.zip (95kb)

For those who have used Windows, almost no one knows the CTRL + ALT + DEL key combination, especially when Windows 9x, which often crashes, is used more frequently, this combination of keys is provided for the purpose of system security. Issue 1 of VC Knowledge Base online magazine, ac952_z_cn wrote an article about this in his personal column.Article: "How to block CTRL + ALT + DEL in Windows NT/2000 ". Therefore, this article focuses on how to shield CTRL + ALT + DEL keys in Windows XP, that is, the task manager, and the task switchover key combination (Alt + TAB ), taskbar and start menu (CTRL + ESC, vk_lwin, vk_rwin ). This method can also be applied to Windows 2000.
In Windows 9x/Me, the key method to block CTRL + ALT + DEL and various task activation is as follows:

 
Bool boldstate; systemparametersinfo (spi_setscreensaverrunning, true, & boldstate, 0 );
 

Ms believes this method is very amateur, so it was modified in Windows NT/2000/XP. In these newer Windows versions, users log on to Winlogon and gina -- graphical identification and authentication, which means graphical identity authentication, which can scare people, right! This is actually the case. Winlogon is a part of Windows systems. It provides interactive login support, while Gina is a DLL used by WinLogon for authentication-This dll is MSGINA. dll. Wlxinitialize, wlxactivateusershell is the output, of course, do not know these two, there are other. The former initializes itself, and the latter activates the user's shell.Program. Windows uses this DLL to authenticate the user name and password, but developers can replace MSGINA. dll with their own Gina. For example, authentication mechanisms such as smart cards, retina scanners, and DNA checks are implemented to replace identity checks in the form of user names and passwords. The following table lists all functions related to Gina. One of them is wlxloggedonsas. When you press CTRL + ALT + DEL, Winlogon calls this function.

(Table 1) Gina function list

Function	Description
Wlxactivateusershell	Activate User Shell
Wlxdisplaylockednotice	Allow Gina DLL to display lock Information
Wlxdisplaysasnotice	Winlogon calls this function when no user logs in.
Wlxdisplaystatusmessage	Winlogon calls this function with a status information for display.
Wlxgetconsoleswitchcredentials	Winlogon calls this function to read the trust information of the current login user and transparently upload them to the target session.
Wlxgetstatusmessage	Winlogon calls this function to obtain the current status information
Wlxinitialize	Gina DLL initialization for the specified window location
Wlxislockok	Verify that the workstation is properly locked
Wlxislogoffok	Verify normal Cancellation
Wlxloggedonsas	The user has logged on and the workstation has not been locked. If a SAS event is received at this time, Winlogon calls this function.
Wlxloggedoutsas	No user logs in. If a SAS event is received at this time, Winlogon calls this function.
Wlxlogoff	Notification to Gina DLL when requesting cancellation
Wlxnegotiate	Indicates whether the Gina dll can be used in the current Winlogon version.
Wlxnetworkproviderload	After the network service provider collects identity and authentication information, Winlogon calls this function.
Wlxremovestatusmessage	Winlogon calls this function to tell Gina DLL to stop displaying status information
Wlxscreensaverpolicy	Allow Gina to interact with screen saver operations
Wlxshutdown	Before the function is disabled, Winlogon calls this function to allow Gina to disable any tasks, such as exiting the smart card from the card reader.
Wlxstartapplication	This function is called when the system needs to start the application in the user's context.
Wlxwkstalockedsas	Winlogon calls this function when the workstation is locked and receives a SAS

By default, the Gina logon dialog box is displayed. You can enter your username and password. To block CTRL + ALT + DEL, you can write a new mygina. dll, which provides an interface to call the function wlxloggedonsas of MSGINA. DLL to implement CTRL + ALT + DEL blocking. Or write a keyboard driver.
Is it really as troublesome to block CTRL + ALT + DEL as mentioned above? Is there a better way? The answer is yes. So forget Gina and use the operating system policy settings to solve this problem. In the "Start" menu, select "run", and enter "gpedit. msc" in the "run" dialog box to start the Group Policy Editor for Windows. In the left-side pane, you can view "User Configuration | management template | system | logon/logout". In the policy on the right-side pane, it is not difficult to find "Disable Task Manager. 2:

Figure 1 Policy Editor

You can disable CTRL + ALT + DEL by setting this policy. If you want to writeCodeThe following registry key must be operated:

Hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ disabletaskmgr = DWORD: 1
 

If you press CTRL + ALT + DEL in Windows XP, an error dialog box is displayed, as shown in figure 2:

Figure 2 error message

Note that the "use welcome screen" option is enabled for "select logon and logout options" under "User Account" Management in the control panel. 3:

Figure 3 Logon Options

Otherwise, XP uses the traditional logon mode of windows and requires the user to enter the account name. In addition, the CTRL + ALT + DEL key combination behavior is the same as the traditional behavior. The disabletaskmgr setting in the registry only blocks or sets the Task Manager button in the logon/logout dialog box. Someone may ask, the documents about the task manager are not clearly stated, so how do you know that disabletaskmgr is used to disable the task manager? I found it when using gpedit. Gpedit is a very useful tool that can be used not only to edit policies, but also to discover policies. Using this tool, you can easily control many windows things, from access to permission to whether to use the traditional appearance of IE, from the places bar in the displayed dialog box to whether to use CTRL + ALT + DEL to start the task manager. In short, it can be used to configure hundreds of interface behaviors, so it is enough to extend the system administrator by three feet. Once you find a policy of interest, how do you know the corresponding Registry location? There are two methods. The first is a rude method: output the Registry to A. reg file before and after the policy is modified, and then compare the differences between them. All the policies have the following four registry keys:

// Specify HKEY_CURRENT_USER \ Software \ policieshkey_current_user \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies // specify HKEY_LOCAL_MACHINE \ SOFTWARE \ policieshkey_local_machine \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies
 

The second method is to directly tamper with the information source-check the management template file (. Adm) of the description policy ). The following is the description of disabletaskmgr in the system. ADM file of Windows XP: (Windows 2000 has a slightly different description. For details, refer to the Windows 2000 Resource Development Kit)

 
CATEGORY !! Cadoptions # If version> = 4 explain !! Cadoptions_help # endifkeyname "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System" Policy !! Disabletaskmgr # If version> = 4 supported !! Supported_win2k # endifexplain !! Disabletaskmgr_helpvaluename "disabletaskmgr" end policy; More CTRL + ALT + DEL policies here...; end category; CTRL + ALT + DEL options ............ Disabletaskmgr_help = "Prevent Users From starting '''task manager '(taskmgr.exe ). \ N If this setting is enabled and the user tries to start the task manager, the system displays a message, which is interpreted as a policy that disables this operation. \ N Task Manager allows the user to start or stop programs, monitor computer performance, view and monitor all running programs (including system services) on the computer, and search for program execution file names, and change the program running priority. "Disabletaskmgr =" delete Task Manager"
 

The above is the description of disabletaskmgr.

In this section, keyname and valuename specify the key-value pairs of the Registry. By using this method, you can create Management Templates and policies for your applications, but the editor that edits and browses the. ADM template file must support Unicode characters. Such as NotePad or wordpad. In addition, using the management template file, the system administrator can use it to configure the required policies for the entire Organization-it can be seen that this file plays an important role in the system! For more information about the template management file format, see the Platform SDK. Finally, disabletaskmgr only disables CTRL + ALT + DEL. Next we will discuss how to capture its key sequence. There are three methods to intercept CTRL + ALT + DEL:

• 1. Compile a Gina proxy. We will introduce this method in future articles. In fact, ac952_z_cn's personal column: "How to block CTRL + ALT + DEL in Windows NT/2000" is this method.
• 2. Compile a keyboard driver. The method used in this example is as follows.
• 3. Use the replacement program to replace Task Manager program taskmgr.exe.

for detailed implementation of the CTRL + ALT + DEL solution, see the example code in this article.
let's solve the problem of blocking the sequence of Task Switch keys, including ALT + TAB, CTRL + ESC, ALT + ESC, vk_lwin/vk_rwin, and taskbar. In the earlier Windows 3.1 S, the method to solve this problem was implemented through wm_syskeydown. In the Windows 9x period, this article mentioned how to solve this problem, using spi_setscreensaverrunning. However, in the Windows NT 4.0 (SP3 +), Windows 2000, and Windows XP era, we have to write a low-level keyboard driver hook to handle this problem. Don't be afraid, because it is not very difficult to implement this hook. This article describes how to implement this keyboard hook. Generally, the system-level hook must be a DLL. The following is the source code snippet of a keyboard hook DLL provided in this article (taskkeyhook. dll):

Header file /////////////////////////////////////// /// // taskkeyhook. h // # define dllimport _ declspec (dllimport) dllimport bool disabletaskkeys (bool benable, bool bbeep); dllimport bool aretaskkeysdisabled (); implementation file ////////////////////////////////////// /// // taskkeyhook. CPP // # DEFINE _ win32_winnt 0x0500 // For KBDLLHOOKSTRUCT # include <afxwin. h> // MFC core and Standard C Omponents # define dllexport _ declspec (dllexport) // app (DLL) object // class ctaskkeyhookdll: public cwinapp {public: ctaskkeyhookdll (){}~ Ctaskkeyhookdll () {}} mydll; //////////////////////////////////////// ///// the following code indicates that this part of the DLL is shared among all instances. // the low-level keyboard hook must be a system-level hook. // # pragma data_seg (". mydata ") hhook g_hhookkbdll = NULL; // hook handle bool g_bbeep = false; // when an invalid key is pressed, a beep is triggered. # pragma data_seg () # pragma comment (linker, "/section :. mydata, RWS ") // tell the linker: create a data share segment //////////////////////////////////// low-level keyboard hook // interception task conversion key: direct return without passing // lresult callback mytaskkeyhookll (I NT ncode, wparam WP, lparam LP) {KBDLLHOOKSTRUCT * PKH = (KBDLLHOOKSTRUCT *) LP; If (ncode = hc_action) {bool bctrlkeydown = getasynckeystate (vk_control)> (sizeof (short) * 8)-1); If (PKH-> vkcode = vk_escape & bctrlkeydown) | // Ctrl + ESC // Alt + tab (PKH-> vkcode = vk_tab & PKH-> flags & llkhf_altdown) | // Alt + ESC (PKH-> vkcode = vk_escape & PKH-> flags & llkhf_altdown) | (PKH-> vkcode = vk_lwin | PKH-> vkcod E = vk_rwin) {// Start Menu if (g_bbeep & (Wp = wm_syskeydown | Wp = wm_keydown) messagebeep (0); // beep return 1; // no longer passed to callnexthookex, direct return} return callnexthookex (g_hhookkbdll, ncode, WP, LP );} //////////////////////////////////////// ////// // do you want to block the task Key sequence? That is to say, do you want to install the keyboard hook? // Note: here we assume there are no other hooks to do the same thing. // dllexport bool aretaskkeysdisabled () {return g_hhookkbdll! = NULL ;} //////////////////////////////////////// ///////// mask the task key: install the low-level keyboard structure // return whether the current mask flag (true/false) // dllexport bool disabletaskkeys (bool bdisable, bool bbeep) {If (bdisable) {If (! G_hhookkbdll) {g_hhookkbdll = setwindowshookex (wh_keyboard_ll, mytaskkeyhookll, mydll. m_hinstance, 0);} else if (g_hhookkbdll! = NULL) {unhookwindowshookex (g_hhookkbdll); g_hhookkbdll = NULL;} g_bbeep = bbeep; return aretaskkeysdisabled ();}

Taskkeyhook outputs two functions: disabletaskkeys and aretaskkeysdisabled. The former installs the wh_keyboard_ll hook, and the latter determines whether the hook is installed. The keyboard hook process is to intercept Alt + TAB, CTRL + ESC, ALT + ESC, and the Windows key vk_lwin/vk_rwin. The two keys will be described in detail later. When the hook encounters these keys, it returns directly to the caller instead of passing the processing to callnexthookex.

 
Lresult callback mytaskkeyhookll (...) {If (/* task key *) return 1; // return callnexthookex (...) immediately (...);}
 

Most implementations of taskkeyhook are simple. One tips is used: Use # pragma data_seg to name the data segment that contains the full data, and use # pragma comment (linker...) to tell the linker to make this data segment a shared segment. For implementation details, see source code. The example program (trapkeys.exe) in this document brings together the above functions to block the sequence of keyboard buttons. In addition, it also has the function of disabling the taskbar. Since the task conversion key is disabled, the taskbar must be disabled. Otherwise, disabling the task conversion key is meaningless. The following describes how to disable a taskbar:

 
Hwnd = findwindow ("shell_traywnd", null); // find the taskbar enablewindow (hwnd, false); // disable the taskbar
 

The fourth is the program running screen of the example:

Figure 4 running trapkeys

The following is the implementation code of the trapkeys program:

//////////////////////////////////////// //// // Trapkeys. CPP // # include "stdafx. H "# include" resource. H "# include" statlink. H "# include" taskkeymgr. H "// Main Dialog Box // class cmydialog: Public cdialog {public: cmydialog (cwnd * pparent = NULL): cdialog (idd_mydialog, pparent) {} protected: hicon m_hicon; cstaticlink m_wndlink1; cstaticlink release Ialog (); // command/UI update handling afx_msg void ondisabletaskmgr (); afx_msg void handle (); afx_msg void ondisabletaskbar (); afx_msg void handle (ccmdui * pcmdui ); afx_msg void Merge (ccmdui * pcmdui); afx_msg void onupdatedisabletaskbar (ccmdui * pcmdui); afx_msg lresult onkickidle (wparam, lparam); merge ()}; //////////////////////////////////////// /// // Quasi-MFC Dialog Box Application class code. // Class cmyapp: Public cwinapp {public: Virtual bool initinstance () {// initialize the app: run the dialog box cmydialog DLG; m_pmainwnd = & DLG; DLG. domodal (); Return false;} virtual int exitinstance () {// restore all disabled items to ctaskkeymgr: Disable (ctaskkeymgr:: All, false); Return 0 ;}theapp; begin_message_map (cmydialog, cdialog) on_command (idc_disable_taskkeys, ondisabletaskkeys) on_command (idc_disable_taskbar, ondisabletaskbar) On_command (assign, ondisabletaskmgr) Assign (assign, assign) Assign (assign, onupdatedisabletaskbar) Assign (assign, onupdatedisabletaskmgr) on_message (wm_kickidle, onkickidle) end_message_map () //////////////////////////////////////// //////// initialization dialog box: subclass hyperlink handle planting icon // bool cmydialog: oninitdialog () {C Dialog: oninitdialog (); // initialize the hyperlink publish (idc_email, this); publish (idc_vckbaseurl, this); m_wndlink3.subclassdlgitem (idc_vckbaselink, this); // set the dialog box icon. MFC does not set m_hicon = afxgetapp ()-> loadicon (idr_mainframe); seticon (m_hicon, true) for the dialog box application; // seticon (m_hicon, false ); // small icon return true ;} //////////////////////////////////////// //////////////// command/UI update processing: writing these things should be easy. Void cmydialog: ondisabletaskkeys () {ctaskkeymgr: Disable (ctaskkeymgr: taskkeys ,! Ctaskkeymgr: encrypt (), true); // beep} void cmydialog: onupdatedisabletaskkeys (ccmdui * pcmdui) {pcmdui-> setcheck (ctaskkeymgr: decrypt ());} void cmydialog: ondisabletaskbar () {ctaskkeymgr: Disable (ctaskkeymgr: taskbar ,! Ctaskkeymgr: Counter ();} void cmydimgr: Counter (ccmdui * pcmdui) {pcmdui-> setcheck (ctaskkeymgr: istaskbardisabled ();} void cmydimgr :: ondisabletaskmgr () {ctaskkeymgr: Disable (ctaskkeymgr: taskmgr ,! Ctaskkeymgr: istaskmgrdisabled ();} void cmydialog: Custom (ccmdui * pcmdui) {pcmdui-> setcheck (ctaskkeymgr: istaskmgrdisabled ());} //////////////////////////////////////// //// // to make on_update_command_ui work properly, this is required. // Lresult cmydialog: onkickidle (wparam WP, lparam lcount) {updatedialogcontrols (this, true); Return 0 ;}

even if the taskbar is disabled by the preceding method, another authority does not handle the task. Press the Windows key to bring up the "Start" menu. The taskbar does not check whether vk_lwin is enabled before vk_lwin is processed. Generally, if a window is blocked, it will no longer process user input in this window-this is the so-called disable meaning. Generally, this goal is achieved after you call enablewindow (false. However, the code that processes the vk_lwin/vk_rwin buttons will never check the enable/disable status of the taskbar. In this regard, the solution in this article is still to use the keyboard hook. Modify the taskkeyhook implementation to add the capture of Windows keys. In this way, nothing happens after you press the Start menu key. Do not miss other buttons. If any reader finds any key missing, contact me to add it to the keyboard hook. For simplicity, I encapsulate all disabled functions in the class ctaskkeymgr. The following is the implementation file for the definition of this class:

Taskkeymgr /////////////////////////////////////// /// taskkeymgr. h // # pragma once # include "taskkeyhook. H "////////////////////////////////////// //// // use this class to disable the task key, task Manager or taskbar. // Call disable with the corresponding flag, such as ctaskmgrkeys: Disable (ctaskmgrkeys: All); // class ctaskkeymgr {public: Enum {taskmgr = 0x01, // disable the Task Manager (CTRL + ALT + DEL) taskkeys = 0x02, // disable the task conversion key (Alt-tab, etc) taskbar = 0x04, // disable the taskbar all = 0 xFFFF // disable all things l}; static void disable (DWORD dwitem, bool bdisable, bool bbeep = false); static bool istaskmgrdisabled (); static bool istaskbardisabled (); static bool aretaskkeysdisabled () {return: aretask Keysdisabled (); // Call DLL }}; CPP implementation ////////////////////////////////////// /// // taskkeymgr. CPP // # include "stdafx. H "# include" taskkeymgr. H "# define hkcu HKEY_CURRENT_USER // The registry key value pair used to disable the Task Manager Policy for the lpctstr key_disabletaskmgr =" SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System "; lpctstr val_disabletaskmgr = "disabletaskmgr "; //////////////////////////////////////// //// disable related tasks Service Key /// dwflags = indicates what is disabled // bdisable = disabled to (true), otherwise enabled (false) // bbeep = whether the illegal key is beeching (pointer-to-task key) // void ctaskkeymgr: Disable (DWORD dwflags, bool bdisable, bool bbeep) {// Task Manager (CTRL + ALT + DEL) if (dwflags & taskmgr) {hkey HK; If (regopenkey (hkcu, key_disabletaskmgr, & HK )! = Error_success) regcreatekey (hkcu, key_disabletaskmgr, & HK); If (bdisable) {// disable the Task Manager (disable TM): set policy = 1 DWORD val = 1; regsetvalueex (HK, val_disabletaskmgr, null, REG_DWORD, (byte *) & Val, sizeof (VAL);} else {// enable Task Manager (enable TM) regdeletevalue (HK, val_disabletaskmgr) ;}/// task key (Alt-tab etc) if (dwflags & taskkeys): disabletaskkeys (bdisable, bbeep ); // install the keyboard hook // taskbar if (dwflags & taskbar) {hwnd = Findwindow ("shell_traywnd", null); enablewindow (hwnd ,! Bdisable) ;}} bool ctaskkeymgr: istaskbardisabled () {hwnd = findwindow ("shell_traywnd", null); Return iswindow (hwnd )?! Iswindowenabled (hwnd): true;} bool ctaskkeymgr: istaskmgrdisabled () {hkey HK; If (regopenkey (hkcu, key_disabletaskmgr, & HK )! = Error_success) return false; // without this key, do not disable DWORD val = 0; DWORD Len = 4; return regqueryvalueex (HK, val_disabletaskmgr, null, null, (byte *) & Val, & Len) = error_success & val = 1 ;}

The functions in this class are static. In fact, ctaskkeymgr is completely a namespace. You can use it in your programs as you like. For example, disable the task conversion key and taskbar, but do not disable CTRL + ALT + DEL:

 
Ctaskkeymgr: Disable (ctaskkeymgr: taskkeys | ctaskkeymgr: taskbar, true );
 

In addition, there are several functions used to check what is currently disabled, and you can even beep when you press the disabled key ...... Enjoy Paul's source code!