Hi All,
How do I trap keystrokes like the CTRL+Alt+DEL key sequence or ALT+TAB
and block task manager from coming up and prevent the user from
switching applications? I have a testing application where if a user
is allowed to break out of the test, it would invalidate the results.
Thanks,
Steve
> How do I trap keystrokes like the CTRL+Alt+DEL key sequence or ALT+TAB
for CTRL+ALT+DEL the only way to do it (on NT, Vista and XP) is to write an
upper level keyboard filter driver. You need to obtain the Windows Driver
Development Kit which has the libraries and compilers to do this with. It
also has code examples for doing it using the Windows Driver Model (WDM) on
NT/2K/XP and the new Kernel Mode Driver Framework (KDMF) used on Vista.
You can use the kbfiltr example that comes with the DDK. You will need to
strip out the PS2 hardware specific stuff (easy to do and since you are
writing an upper level driver you don't need that code anyway).
Filter drivers work almost identically to keyboard sniffers. They are
simpler to implemnt (since you are merely changing the scan code before
passing it to the OS rather than recording it) however they do need to track
and store (in memory) the states of the keys you are monitoring.
Once you have the DDK the next thing you will want to obtain is a book
called Rootkits by Greg Hoglund and James Butler. It's about $40 from Amzon
and worth every penny. Although it primarily deals with the WDM driver
model of NT/2K/XP the chapter on writing a keylogger is a good place to
start and provides a thorough understanding of filter drivers and where they
fit in to the grand scheme of things. Moving form WDM to KDMF on Vista is
relatively easy for this particular task as the sample code in there
respective DDK examples is very similar.
When I had to do something similar it only took me about a week to figure it
out and get it done. Most of that time was spent figuring out how to access
the registry (since your driver runs in the kernel space the Win32 API calls
we all know and love from user mode aren't available and you have to make do
with whatever is exported from HAL dll's).
Good luck and have fun (I certainly did).
Nigel.
"Steve" wrote in message
news:fa25o31f67tlqeo0orbeg2l5du4oi3ji6h@4ax.com...
> Hi All,
>
> How do I trap keystrokes like the CTRL+Alt+DEL key sequence or ALT+TAB
> and block task manager from coming up and prevent the user from
> switching applications? I have a testing application where if a user
> is allowed to break out of the test, it would invalidate the results.
>
> Thanks,
> Steve
"Steve"
> Therefore their client (the potential criminal) has
> unrestricted access to their computer during the test.
Remove CTRL key from the keyboard. :)
On Wed, 9 Jan 2008 01:34:03 +0200, "Farshad"
wrote:
>"Warrick Wilson" .
>> Can you provide an example of how he's supposed to advise his customers to
>> use software as they should and prevent potential cheating in his test
>> program environment? I don't understand this comment at all.
>
>Why should I care about a customer who hacks his own system? Then probably
>customer can press the reset button even if you lock the ctrl-alt-del or
>even he can unplug the PC! If his customer is cheating somehow then his
>program can easily detect it and he can do something about it! He can beat
>his customer or sue him I don't know!!
>
>Anyway, maybe he has some good reason to disable ctrl-alt-del, that's ok. I
>simply recommended him it's not the best way of doing this as it prevents
>admin access to the system when there is a problem.
>
Actually, our customers aren't the ones taking our tests. It's
usually their clients which are often criminals that are being
evaluated by court order. To preserve the validity of the test, the
test administrator can't be in the room to supervise the test being
taken. Therefore their client (the potential criminal) has
unrestricted access to their computer during the test.
On Wed, 09 Jan 2008 12:08:38 +1100, harrie
wrote:
>Steve wrote:
> > These look interesting and we're using something similar now.
>
>Steve, out of interest what have you been using to block Ctrl+Alt+Del etc ?
>
>Cheers, harrie.
I don't fully understand it but the previous programmer was using a
combination of a GINA stub and a DLL with keyboard hooks.
"Warrick Wilson" .
> Can you provide an example of how he's supposed to advise his customers to
> use software as they should and prevent potential cheating in his test
> program environment? I don't understand this comment at all.
Why should I care about a customer who hacks his own system? Then probably
customer can press the reset button even if you lock the ctrl-alt-del or
even he can unplug the PC! If his customer is cheating somehow then his
program can easily detect it and he can do something about it! He can beat
his customer or sue him I don't know!!
Anyway, maybe he has some good reason to disable ctrl-alt-del, that's ok. I
simply recommended him it's not the best way of doing this as it prevents
admin access to the system when there is a problem.
> The way I read it, I should tell people not to write viruses or spam and
> certainly not to send them to me, so that I don't need to run firewalls,
> anti-virus and spam killer software, and thus I get some performance back
> out of my PC since I'm not running those background tasks.
Totally irrelevant. We're not talking about outside intruders here.
"Farshad" wrote in message
news:47839acf$1@newsgroups.borland.com...
>
> IMO, it's better to advice your customers to use software as they should.
> Disabling Ctrl-Alt-Del is not a good idea. If somehow your software
> freezes the whole OS will be locked and you'll need to hard-reset your PC.
Can you provide an example of how he's supposed to advise his customers to
use software as they should and prevent potential cheating in his test
program environment? I don't understand this comment at all.
The way I read it, I should tell people not to write viruses or spam and
certainly not to send them to me, so that I don't need to run firewalls,
anti-virus and spam killer software, and thus I get some performance back
out of my PC since I'm not running those background tasks.
"Steve"
> These look interesting and we're using something similar now. The
> problem we're having is that our existing solution doesn't work under
> Vista. I was hoping to find something that would work regardless of
> the version of Windows. I'll look at these.
Access to Vista's OS core is much more secure compared with its ancestors. I
don't think Vista will allow you installing such low-level hooks even if you
have admin access. Maybe in future a workaround will be found for Vista but
for now I think it's better to go with XP.
IMO, it's better to advice your customers to use software as they should.
Disabling Ctrl-Alt-Del is not a good idea. If somehow your software freezes
the whole OS will be locked and you'll need to hard-reset your PC.
On Tue, 08 Jan 2008 10:59:15 +1100, harrie
wrote:
>Steve wrote:
>> Hi All,
>>
>> How do I trap keystrokes like the CTRL+Alt+DEL key sequence or ALT+TAB
>> and block task manager from coming up and prevent the user from
>> switching applications? I have a testing application where if a user
>> is allowed to break out of the test, it would invalidate the results.
>>
>> Thanks,
>> Steve
>
>I've implemented this kind of functionality for public kiosk
>applications. The kiosks are operating in a Tech University in the USA
>and haven't had any security breaches yet ;)
>
>I use the Bitlogic's TCPKeyBlockHook to trap most keystrokes and then
>use António Feijão's WinLockDll to Disable the Task Manager and
>Ctrl+Alt+Del. Both these components make the task of locking down a PC
>easy as it doesn't require any GINA replacement, system reboot etc.
>Note, I've only implemented this on WinXP.
>
>The only problem I've found so far is that keyboard hook does not
>operate via VNC so the keystroke escape sequence to close a kiosk does
>not work under VNC.
>
>Bitlogic's components are commercial but source code is available and
>the WinLockDll is open source :)
>
>The components can be found here:
>
>http://bitlogic.bravehost.com/products_borland_tcpkeyblockhook.htm
>http://www.codeproject.com/KB/winsdk/AntonioWinLock.aspx
>
>Another good option is dWinlock - http://www.dwinlock.kassl.de, but this
>uses a GINA replacement to block Ctrl+Alt+Del which is why I preferred
>the WinLockDll. Nonetheless, it looks like a good component and it
>offers all the above functionality in one component and a little extra
>as well.
These look interesting and we're using something similar now. The
problem we're having is that our existing solution doesn't work under
Vista. I was hoping to find something that would work regardless of
the version of Windows. I'll look at these.
Thanks,
Steve
On Mon, 7 Jan 2008 13:50:28 -0800, "Remy Lebeau \(TeamB\)"
wrote:
>
>"Steve" wrote in message
>news:fa25o31f67tlqeo0orbeg2l5du4oi3ji6h@4ax.com...
>
>> How do I trap keystrokes like the CTRL+Alt+DEL key
>> sequence or ALT+TAB and block task manager from
>> coming up and prevent the user from switching applications?
>
>The short answer is you don't. Such low-level sequences are reserved by the
>OS and cannot be overwritten in application code. A low-level keyboard hook
>or a replacement GINA DLL may do what you are asking for, but those are not
>trivial to implement properly.
>
>> I have a testing application where if a user is allowed to
>> break out of the test, it would invalidate the results.
>
>What about using Windows Policies to control things like that instead of
>code?
>
I'm not sure that policies would be a good choice for us. We need
something that we can turn on & off from within our software. To
change policies on our customer's computers might be too intrusive. On
the other hand, I may not understand what you're suggesting.
Steve