Solved

LOCKDOWN PROGRAM

Posted on 2004-03-20
33
526 Views
Last Modified: 2011-10-03
hey every1...

im considering making a lockdown program that could be used for timeouts (in windows)

(i.e. if they enter a password wrong 3 time in a row then they either have to turn of the power of the computer and restart, or wait 5 minutes)

btw i have absolutely no idea how ppl do this, so if there is an easier or better way then pls let me know.

>> in theory, if the mouse and keyboard are both completly disabled, then the system is locked down

>> i am comfortable with global mouse and keyboard hooks

>> i have heard that it is possible (using hooks), to make the OS ignore keypress and mouse events

so all i need to know in order to make the program, is how to make the OS ignore keypress and mouse events



if any1 knows how to do this, then pls let me know

thanks in advance, suma


0
Comment
Question by:suma_ds
  • 17
  • 10
  • 3
  • +1
33 Comments
 
LVL 22

Expert Comment

by:cookre
ID: 10642411
The easiest thing to do is to have real passwords and the screen saver password turned on by a policy.  If you have a program that decides the box needs to be protected, just activate the screen saver.
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10642544
although this does sound easier, i will not be able to have a window telling the user how long they have to wait (and more importantly that this lockdown program was made by me!)

i was surfing and i found this program made by some guy that ignores mouse events, it was quite a nice program which shows the position of the mouse, and "captured" it if it was moved close to a picture of a cat on the form. u then had to right click, to get the cat to release the mouse.

im thinking that it cant be that hard to get the OS to ignore every event

do u know how to do this?

btw i will try to find this program again (he was giving out the source code aswell) and ill post a link here if i find it

0
 
LVL 22

Expert Comment

by:cookre
ID: 10642688
In the callbacks for the various events you hook, the normal procedure is to call CallNextHookEx() to pass the event along after you're done with it.  Not calling CallNextHookEx keeps the event from being processed normally.  For Windows messages, you use WH_CALLWNDPROC to get the messages before anyone else.
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10642744
Hi,
This is not a good idea.
Having computers shutdown etc whilst in the midst of things is a recipe for disaster. Train users to logout etc. NEVER force a disconnection because you never know what they may be processing  - your pay check.
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10642832
cookre:

ok i will give this a try and see how it turns out (i really like the sound of this, nice and easy)

parkerig:

hmmm u deffinately have a point, but im not trying to shut them down, just effect a "pause" for a certain amount of time

consider a high-security app.

if the user can try password after password, it will only be a matter of time before the correct password is found and the security is severly comprimised

but with my app:

if the user gets the password wrong 3 times in a row, the high-security app makes a call to my lockdown dll, which makes the puter completly non-responsive until the high-security app has decided enough time has passed, makes another call and my lockdown dll removes the system-wide lock.

what the user is doing at the time, and how much warning the user gets depends completly on the high-security app. if used correctly, my lockdown app can be very useful.

futhermore, if they are processing something, it can still continue during the lockdown, only there can be no user interaction with the computer.




0
 
LVL 1

Author Comment

by:suma_ds
ID: 10642898
no luck... it dosnt work.

i set all three hooks to use one hook proc which looks like

LRESULT CALLBACK HookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    return 0;
}

but the system did not get locked down.

i was not sure if it was working or not until i changed it to log every HookProc event and then i got a 500kb log file so its deffinately working.

im thinking that this is only going to affect applications that use hooks. other apps will work fine because windows will notifiy them from their WndProc

i need to call something like ReleaseCapture on the event but i dont know how to do this
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10642927
Hi,
Try
http://www.planet-source-code.com
Search for
(1) Screen saver
(2) Keyboard lockdown
(3) Disable CTRL-ALT-DEL

I'm sure there will be enough code to get exactly what you want.

Ian
0
 
LVL 22

Expert Comment

by:cookre
ID: 10642940
CTRL-ALT-DEL is no longer trappable on Windows.

Suma, did you also hook with WH_CALLWNDPROC to block messages?
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10643022
4 sho :)

but i did hook them all into 1 HookProc. i cant see how that would matter but maybe it does.

the mouse was movable, the keyboard was working, and the windows were responding.... i.e. nothing worked


pakerig:

i went to that site and did the searches:

(1) download a matrix screen saver - i liked the first movie but the revolutions sucked :P
(2) absolutely nothing
(3) some code that i had already tried from another place and didnt work


0
 
LVL 1

Author Comment

by:suma_ds
ID: 10643037
new approach:

there is a function that lets u set the position of the mouse (im not sure what it is but i know it exists)
(1) for every mouse event, set the position of the mouse to (0,0) or some place off the screen

(2) for every keyboard event, create a new array and set every variable in it to 0, call SetKeyboardState with the new array

(3) what should i do for every WndProc event and will (1) and (2) work??
0
 
LVL 22

Expert Comment

by:cookre
ID: 10643137
You're right, not calling CallNextHookEx just blocks other hook, and when CallWndProc returns, the message is passed on.

However, I wonder what would happen if CallWndProc never returned, but was terminated instead?  To wit, the WH_CALLWNDPROC hook is set in a child thread by the main program.  When it gets something to be blocked, it sets a flag being monitored by the spawning thread which, in turn, kills the child thread which can then never return.  A new thread is then spawned to set the hook again.  Now you wouldn't be able to block every message since the box would probably lock up from never being able to keep up with all the messages that are sent, but judicious blocking just might work.  

One fly in that ointment, however, is what the long term effect of never returning from all thos CallWndProcs would have on the OS.  I suspect the box would eventually run out of RAM or handles from all of the OS threads waiting for returns.


Perhaps just opening your own desktop and keeping focus there would suffice.
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10643222
rather then keeping the focus on the desktop, i would like to keep the focus on a window which i will be creating.

what do u think about:

1) making my window appear as maximized (i.e. over the whole screen)

2) on every WH_CALLWNDPROC event, repaint my window

would this work?
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10643245
everything so far works (i havnt yet tried the repaint the window thing)

they can still open the taskmgr using CTRL+ALT+DEL but (and this is the funny part) they caint do nuttin wit it!!

microsoft went to ALL that effort so that nobody can block CTRL+ALT+DEL, and for what?? how exactly do u end a process if your mouse and keyboard is completly disabled!!

provided i get the window painting thing to work, this could be the first program ive ever made that is actually useful      :)

0
 
LVL 22

Expert Comment

by:cookre
ID: 10643469
Doing that on EVERY time your CallWndProc is triggered might be a bit much - afterall, they get their message AFTER you (unless you use WH_CALLWNDPROCRET (which is what you may want to do)).  In any case, messages like mouse moves don't effect focus, so you needn't worry about them.
0
 
LVL 10

Expert Comment

by:effx
ID: 10644614
I have tried many things to do the same sort of things, one of which was to open the task manager hidden so, when the CTRL + ALT + DEL keys are pressed no taskmanager appears tell me what you think
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:suma_ds
ID: 10646523
well ive given it a bit of thought and:

if i can get a full-screen window which is *always on top* then my problem will be solved.

i have filtered my CallWndProc for WM_PAINT messages, but i need to filter it more so that it will be called ONLY if something wants to become the active window

then it woulc be a simple matter to fix it so that:

if the HWND is my HWND, then no action is taken

otherwise, my hwnd becomes the active window (repaints itself)

so how can improve the filter of CallWndProc?
0
 
LVL 22

Expert Comment

by:cookre
ID: 10646579
WM_PAINT per se is OK since that doesn't cause a window to come to  the top.
WM_SETFOCUS and WM_ACTIVATE should definately get caught.

In your compiler's help index, bring up WM_ and look for likely candidates to catch.
(I'm being lazy right now 'cause I've been working outside most of the day and am ready to crash - back tomorrow night...)
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10646868
ok thanks i was wondering why WM_PAINT didnt seem to do anything

well i filtered the CallWndProc to WM_SETFOCUS || WM_ACTIVATE, started the program, gave another window the focus, then gave the original window the focus, and that resulted in 500kB of logs.

i need some way to filter to ONLY when the window gets activated, otherwise im going to waste some serious processing power.

i will try also filtering nCode to HC_ACTION and see if this helps
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10646877
- filtered nCode to HC_ACTION and absolutely nothing got logged
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10646906
ahhh thats better... i had the wrong type of hook and was hooking the keyboard!!!!

i changed it to WH_CALLWNDPROCRET, resulting with the nCode filter working, and a mere 100kB log file.

im thinking that there must be a wParam filter or something that i dont know about
0
 
LVL 22

Expert Comment

by:cookre
ID: 10647818
The description of each WM_ message includes, if applicable, whatever is in wParam and lParam.
Here's a link to the the first WM_ message in the MSDN.  The left frame lists all of the WM_ messages.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/userinput/keyboardinput/keyboardinputreference/keyboardinputmessages/wm_activate.asp?frame=true
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10647990
ive managed everything using CBT hooking - it's the IDEAL way to do these things.

its about 11pm here, and i have to be up in the morning for school, so ill post again with the details some time tomorrow avo

later
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10655903
ok heres the deal:

=======================================================================================

a hook CAN make the OS ignore events.

to make the OS ignore the event, make the HookProc return TRUE
to allow the OS to continue the event, make the HookProc return FALSE (however if another HookProc returns TRUE, the event will be ignored)

returning CallNextHookEx() is a more compact way of returning FALSE (it minimizes 2 lines of code into 1)

=======================================================================================

CBT hooks are very useful for hooking when a window becomes the active one

=======================================================================================

currently, i have an app that blocks all windows from becoming the active one, this works, however if i click on another app, my app loses "the focus" even though the other app does NOT gain "the focus". This makes it impossible to imput a password to "unlock" the computer.

i will be doing some more work on this soon (i can either create put an IF statment in my hook, or block all mouse events)... ill post here if i have any problems

=======================================================================================

0
 
LVL 1

Author Comment

by:suma_ds
ID: 10730461
dam... everything worked fine until i tried out the program on windows 2000, where it lost the power to block the taskmgr

any ideas how to overcome this?
0
 
LVL 22

Expert Comment

by:cookre
ID: 10732770
It may be that the task manager is coming up in the logon desktop and not the default desktop.
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10735166
Hi,
You can disable the task manager at the registry

http://www.winguides.com/registry/display.php/163/

Cheers
Ian
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10736800
cookre: i am logged on when i run the program, if thats what u mean.

pakerig: no luck, i am planning to use this program on the computers at my school. i have a hack which enables me to load up any exe file, but unfortunately they have completly blocked registry editing :(

0
 
LVL 22

Accepted Solution

by:
cookre earned 500 total points
ID: 10736991
Have you noticed your desktop icons and windows disappear when you do CTRL-ALT-DEL?

That's because they belong to the interactive user desktop under Windows Station 'WinSta0'.  The logon dialog and the dialog you get from a CTRL-ALT-DEL don't go to the interactive user desktop, rather they belong to the logon desktop under Windows Station 'Service-0x0-3e7'.

Take an hour or so to create a routine in your service to:

call EnumWindowStations().
In its callback, log the station name, then, for each station returned, do an EnumDesktops().

In the desktop callback, log the desktop name then do EnumDesktopWindows() to log all the windows on each desktop.

Do all of that in OnStart().

Start the service while you're logged on (so the log file shows you what's there when a user is on) then reboot (I presume the service is AUTOMATIC). When the service starts at boot, it'll log the windows stations and desktops present befor a logon.

It's worth the time to see what's going on.
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10738406
this program is not a service... i got bored with that because all the user has to do is unselect "allow this service to interact with the desktop" and no windows or anything can be created.

and seeingz as my program is about taking power away from the user, not giving them more, i do not want that weakness

is there another way to get that "always on top" window effect
0
 
LVL 22

Expert Comment

by:cookre
ID: 10742975
All that enumerate stuff applies even outside of a service.  Your 'always on top' program probably was on top - in its desktop that was covered by the logon desktop.
0
 
LVL 1

Author Comment

by:suma_ds
ID: 10746670
oh i get it now... that explains why it works in XP and not in 2000 (in 2000 CTRL-ATL-DEL logs u off, but in XP it does not.

this makes my job a LOT harder.

is it possible to block the logon desktop (or any other desktop for that matter) covering the desktop which i have taken control over?



0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now