The Boot Password Authentication module for Windows is typically done by the GINA DLL. Interactive login support in nt/2000 is implemented by the Winlogon call to the GINA DLL, which provides an interactive interface to provide authentication requests for user login.
1.Gina principle
The Winlogon will interact with the Gina DLL, which by default is MSGINA.DLL (in the System32 directory). Microsoft also provided us with an interface, and we could write our own Gina DLL instead of MSGINA.DLL.
3 desktops are created when Winlogon is initialized:
(1) Winlogon desktop: Main display Windows security interface, such as you press Ctrl+alt+del, login interface, etc.
(2) Application desktop: the interface that we usually see that has my computer
(3) Screen saver Desktop: Screen saver display interface.
By default, Gina displays the login dialog box, and the user enters the user name and password. So to get the username and password, you can write a new Gina DLL, which provides an interface to call Msgina.dll's function WlxLoggedOutSAS.
2.Gina DLL Export function
Interactive login support in nt/2000 is implemented by the Winlogon call to the GINA DLL, which provides an interactive interface to provide authentication requests for user login. The GINA DLL is going to output the following functions (Winlogon calls):
(1) Wlxactivateusershell: Activates the user shell.
(2) Wlxdisplaylockednotice: Allows the GINA DLL to display lock information.
(3) Wlxdisplaysasnotice: Winlogon calls this function when no user is logged in.
(4) Wlxdisplaystatusmessage:winlogon calls this function for display with a state message.
(5) Wlxgetstatusmessage:winlogon calls this function to get the current state information.
(6) Wlxinitialize: Gina DLL initialization for the specified window position.
(7) Wlxislockok: Verify that the workstation is locked properly.
(8) Wlxislogoffok: Verify logoff is normal.
(9) WlxLoggedOnSAS: The user is logged in and the workstation is not locked, and if a SAS event is received at this time, Winlogon calls this function.
WlxLoggedOutSAS: No user logged in, Winlogon call this function if a SAS event is received at this time.
(one) Wlxlogoff: Notifies the Gina DLL when a logoff operation is requested.
(wlxnegotiate): Indicates whether the current Winlogon version can use the Gina DLL.
Wlxnetworkproviderload: Winlogon calls this function after the Load Network service provider collects identity and authentication information.
(Wlxremovestatusmessage:winlogon) calls this function to tell the GINA DLL to stop displaying state information.
(wlxscreensavernotify): Allow Gina to interact with screen protection operations.
(Wlxshutdown): Winlogon calls this function before shutting down, allowing Gina to implement any shutdown tasks, such as exiting a smart card from a card reader.
(wlxstartapplication): This function is called when the system needs to start the application in the context of the user.
Wlxwkstalockedsas: Winlogon calls this function when the workstation is locked and if a SAS is received.
We implement the Windows logon authentication of the USB authentication system by rewriting the above 18 basic functions.
USBGina.cpp: Defines an export function for a DLL application. #include "stdafx.h" #define Realgina_path TEXT ("Msgina. DLL ")//Winlogon function Allocation table PWLX_DISPATCH_VERSION_1_0 g_pwinlogon;//DLL address hinstance hdllinstance;//Winlogon handle handle hglobalwlx;//wlx_version_1_0pfwlxnegotiate pfwlxnegotiate; Pfwlxinitialize pfwlxinitialize; Pfwlxdisplaysasnotice Pfwlxdisplaysasnotice; Pfwlxloggedoutsas Pfwlxloggedoutsas; Pfwlxactivateusershell Pfwlxactivateusershell; Pfwlxloggedonsas Pfwlxloggedonsas; Pfwlxdisplaylockednotice Pfwlxdisplaylockednotice; Pfwlxwkstalockedsas Pfwlxwkstalockedsas; Pfwlxislockok Pfwlxislockok; Pfwlxislogoffok Pfwlxislogoffok; Pfwlxlogoff Pfwlxlogoff; Pfwlxshutdown pfwlxshutdown;//wlx_version_1_1pfwlxstartapplication pfwlxstartapplication = NULL; Pfwlxscreensavernotify pfwlxscreensavernotify = null;//wlx_version_1_3pfwlxnetworkproviderload Pfwlxnetworkproviderload = NULL; Pfwlxdisplaystatusmessage pfwlxdisplaystatusmessage = NULL; Pfwlxgetstatusmessage pfwlxgetstatusmessage = NULL; Pfwlxremovestatusmessage PfwlxremovestaTusmessage = null;//DLL Application entry point bool Apientry DllMain (hmodule hmodule, DWORD ul_reason_for_call, LPVoid lpreserved) {SWI TCH (ul_reason_for_call) {case dll_process_attach:hdllinstance = hmodule; Case Dll_thread_attach:case Dll_thread_detach:case Dll_process_detach:break; } return TRUE; System initialization, called in wlxnegotiate bool Myinitialize (hinstance hDLL, DWORD dwwlxversion) {//System initialization, Hook Msgina.dll from Wlx_version The function in _1_0 pfwlxnegotiate = (pfwlxnegotiate) GetProcAddress (hDLL, "wlxnegotiate"); if (!pfwlxnegotiate) {return FALSE; } pfwlxinitialize = (pfwlxinitialize) GetProcAddress (hDLL, "wlxinitialize"); if (!pfwlxinitialize) {return FALSE; } Pfwlxdisplaysasnotice = (pfwlxdisplaysasnotice) GetProcAddress (hDLL, "Wlxdisplaysasnotice"); if (!pfwlxdisplaysasnotice) {return FALSE; } Pfwlxloggedoutsas = (Pfwlxloggedoutsas) GetProcAddress (hDLL, "WlxLoggedOutSAS"); if (!pfwlxloggedoutsas) {return FALSE; } Pfwlxactivateusershell = (Pfwlxactivateusershell) GetProcAddress (hDLL, "Wlxactivateusershell"); if (!pfwlxactivateusershell) {return FALSE; } Pfwlxloggedonsas = (Pfwlxloggedonsas) GetProcAddress (hDLL, "WlxLoggedOnSAS"); if (!pfwlxloggedonsas) {return FALSE; } Pfwlxdisplaylockednotice = (pfwlxdisplaylockednotice) GetProcAddress (hDLL, "Wlxdisplaylockednotice"); if (!pfwlxdisplaylockednotice) {return FALSE; } Pfwlxislockok = (Pfwlxislockok) GetProcAddress (hDLL, "Wlxislockok"); if (!pfwlxislockok) {return FALSE; } Pfwlxwkstalockedsas = (Pfwlxwkstalockedsas) GetProcAddress (hDLL, "Wlxwkstalockedsas"); if (!pfwlxwkstalockedsas) {return FALSE; } Pfwlxislogoffok = (Pfwlxislogoffok) GetProcAddress (hDLL, "Wlxislogoffok"); if (!pfwlxislogoffok) {return FALSE; } Pfwlxlogoff = (Pfwlxlogoff) getprocaDdress (hDLL, "Wlxlogoff"); if (!pfwlxlogoff) {return FALSE; } Pfwlxshutdown = (Pfwlxshutdown) GetProcAddress (hDLL, "Wlxshutdown"); if (!pfwlxshutdown) {return FALSE; }//HOOK wlx_version_1_1 version of the new function. if (Dwwlxversion > Wlx_version_1_0) {pfwlxstartapplication = (pfwlxstartapplication) GetProcAddress (hDLL, "Wlxstartapplication"); if (!pfwlxstartapplication) {return FALSE; } pfwlxscreensavernotify = (pfwlxscreensavernotify) GetProcAddress (hDLL, "wlxscreensavernotify"); if (!pfwlxscreensavernotify) {return FALSE; }}//HOOK wlx_version_1_3 version of the new function if (Dwwlxversion > wlx_version_1_2) {pfwlxnetworkproviderload = ( Pfwlxnetworkproviderload) GetProcAddress (hDLL, "wlxnetworkproviderload"); if (!pfwlxnetworkproviderload) {return FALSE; } Pfwlxdisplaystatusmessage = (pfwlxdisplAystatusmessage) GetProcAddress (hDLL, "wlxdisplaystatusmessage"); if (!pfwlxdisplaystatusmessage) {return FALSE; } pfwlxgetstatusmessage = (pfwlxgetstatusmessage) GetProcAddress (hDLL, "wlxgetstatusmessage"); if (!pfwlxgetstatusmessage) {return FALSE; } pfwlxremovestatusmessage = (pfwlxremovestatusmessage) GetProcAddress (hDLL, "wlxremovestatusmessage"); if (!pfwlxremovestatusmessage) {return FALSE; }}//Hook new version of the function//all hooks are successful return TRUE;} BOOL WINAPI Wlxnegotiate (DWORD dwwinlogonversion, DWORD * pdwdllversion) {hinstance hdll = NULL; if (! ( hDLL = LoadLibrary (Realgina_path))) {return FALSE; } if (Myinitialize (hdll, dwwinlogonversion) = = TRUE) {return pfwlxnegotiate (dwwinlogonversion, pdwdllversion) ; } return FALSE;} BOOL WINAPI wlxinitialize (lpwstr lpwinsta, HANDLE hwlx, PVOID pvreserved, PVOID pwinlogonfunctions, PVOID * pwlxcontext) {G_pwinlogon = (pwlx_dispatch_version_1_0) pwinlogonfunctions; HGLOBALWLX = HWLX; Return Pfwlxinitialize (Lpwinsta, HWLX, pvreserved, Pwinlogonfunctions, Pwlxcontext);} void WINAPI Wlxdisplaysasnotice (PVOID pwlxcontext) {pfwlxdisplaysasnotice (pwlxcontext); G_pwinlogon->wlxdialogboxparam (HGLOBALWLX, Hdllinstance, (LPTSTR) Makeintresource (Idd_logon_dlg), NULL, LOGONDLG Proc, 0);} int WINAPI WlxLoggedOutSAS (PVOID pwlxcontext, DWORD dwsastype, Pluid Pauthenticationid, PSID plogonsid, Pdword pdwoptio NS, Phandle Phtoken, Pwlx_mpr_notify_info pmprnotifyinfo, PVOID * pprofile) {//log in with standard Windows password return pfwlxlog Gedoutsas (Pwlxcontext, Dwsastype, Pauthenticationid, Plogonsid, Pdwoptions, Phtoken, pMprNotifyInfo, pProfile);} BOOL WINAPI Wlxactivateusershell (PVOID pwlxcontext, Pwstr pszdesktopname, Pwstr pszmprlogonscript, PVOID penvironment) {//Login with standard Windows password, call function in MSGINA.DLL return PfwlxactivatEusershell (Pwlxcontext, Pszdesktopname, Pszmprlogonscript, penvironment);} int WINAPI WlxLoggedOnSAS (PVOID pwlxcontext, DWORD dwsastype, PVOID preserved) {return Pfwlxloggedonsas (Pwlxcontext, D Wsastype, preserved);} void WINAPI Wlxdisplaylockednotice (PVOID pwlxcontext) {pfwlxdisplaylockednotice (pwlxcontext); wcscpy (Account.strusername, TEXT ("")); wcscpy (Account.strpassword, TEXT ("")); Account.blogonstatus = FALSE; G_pwinlogon->wlxdialogboxparam (HGLOBALWLX, Hdllinstance, (LPTSTR) Makeintresource (Idd_logon_dlg), NULL, LOGONDLG Proc, 0);} BOOL WINAPI Wlxislockok (PVOID pwlxcontext) {return Pfwlxislockok (pwlxcontext);} int WINAPI Wlxwkstalockedsas (PVOID pwlxcontext, DWORD dwsastype) {return Pfwlxwkstalockedsas (Pwlxcontext, dwsastype);} BOOL WINAPI Wlxislogoffok (PVOID pwlxcontext) {return Pfwlxislogoffok (pwlxcontext);} void WINAPI Wlxlogoff (PVOID pwlxcontext) {Pfwlxlogoff (pwlxcontext);} void WINAPI Wlxshutdown (PVOID pwlxcontext, DWORD shutdowntype) { Pfwlxshutdown (Pwlxcontext, shutdowntype);} Version wlx_version_1_1 BOOL WINAPI wlxscreensavernotify (PVOID pwlxcontext, BOOL * psecure) {return pfwlxscreensavernotify (p Wlxcontext, psecure);} BOOL WINAPI wlxstartapplication (PVOID pwlxcontext, Pwstr pszdesktopname, PVOID penvironment, Pwstr pszcmdline) {Retu RN pfwlxstartapplication (Pwlxcontext, Pszdesktopname, Penvironment, pszcmdline);} Version wlx_version_1_3 bool WINAPI wlxnetworkproviderload (PVOID pwlxcontext, Pwlx_mpr_notify_info pnprnotifyinfo) {retur N Pfwlxnetworkproviderload (Pwlxcontext, pnprnotifyinfo);} BOOL WINAPI wlxdisplaystatusmessage (PVOID pwlxcontext, Hdesk hdesktop, DWORD dwoptions, Pwstr ptitle, Pwstr pMessage) { Return Pfwlxdisplaystatusmessage (Pwlxcontext, Hdesktop, dwoptions, Ptitle, pMessage);} BOOL WINAPI wlxgetstatusmessage (PVOID pwlxcontext, DWORD * pdwoptions, Pwstr PMessage, DWORD dwbuffersize) {return P Fwlxgetstatusmessage (Pwlxcontext, Pdwoptions, PMessage, dwbuffersize);} BOOL WINAPI WlxremovestatuSmessage (PVOID pwlxcontext) {return pfwlxremovestatusmessage (pwlxcontext);}
4. Gina DLL Installation
(1) Add the registration form
(2) Key name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Nt\
(3) currentversion\winlogon\
(4) Variable name: GinaDLL
(5) Variable type: [REG_SZ]
(6) Content: Yourname.dll
(7) Copy the Gina DLL (Yourname.dll) to the System directory (system32).
(8) The Gina DLL (Yourname.dll) will run when the computer restarts.
5. Conclusion
Above, the Gina DLL is complete and can be seen after a reboot, although the prototype calls the function inside the Windows Msgina.dll, but in fact all of the functions have been caught by us and must pass through our functions before invoking the system functions. The following information is relevant to this topic:
(1) WlxLoggedOnSAS can be used to block Ctrl+alt+del under the Windows operating system.
(2) User name and password can be intercepted in WlxLoggedOutSAS for user login.
(3) Through this prototype, you can achieve a number of personalized boot authentication, including using fingerprints (such as ThinkPad laptop), as well as specific USB to login and so on.
Windows Boot login authentication with Gina DLL
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
