Results 1 to 1 of 1

Thread: msgina.dll

  1. #1

    Thread Starter
    Fanatic Member TTn's Avatar
    Join Date
    Jul 2004
    Posts
    708

    msgina.dll

    VB Code:
    1. Imports System.Drawing
    2. Imports System.Threading
    3. Imports System.Reflection
    4. Imports System.Runtime.InteropServices
    5. Friend Class Form1
    6.     Inherits System.Windows.Forms.Form
    7. #Region " Windows Form Designer generated code "
    8.  
    9.     Public Sub New()
    10.         MyBase.New()
    11.  
    12.         'This call is required by the Windows Form Designer.
    13.         InitializeComponent()
    14.  
    15.         'Add any initialization after the InitializeComponent() call
    16.  
    17.     End Sub
    18.  
    19.     'Form overrides dispose to clean up the component list.
    20.     Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
    21.         If disposing Then
    22.             If Not (components Is Nothing) Then
    23.                 components.Dispose()
    24.             End If
    25.         End If
    26.         MyBase.Dispose(disposing)
    27.     End Sub
    28.  
    29.     'Required by the Windows Form Designer
    30.     Private components As System.ComponentModel.IContainer
    31.  
    32.     'NOTE: The following procedure is required by the Windows Form Designer
    33.     'It can be modified using the Windows Form Designer.
    34.     'Do not modify it using the code editor.
    35.     Friend WithEvents Button1 As System.Windows.Forms.Button
    36.     Friend WithEvents Button2 As System.Windows.Forms.Button
    37.  
    38.     <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
    39.         Me.Button1 = New System.Windows.Forms.Button
    40.         Me.Button2 = New System.Windows.Forms.Button
    41.         Me.SuspendLayout()
    42.         '
    43.         'Button1
    44.         '
    45.         Me.Button1.Location = New System.Drawing.Point(88, 72)
    46.         Me.Button1.Name = "Button1"
    47.         Me.Button1.Size = New System.Drawing.Size(128, 24)
    48.         Me.Button1.TabIndex = 1
    49.         Me.Button1.Text = "Disable task manager."
    50.         '
    51.         'Button2
    52.         '
    53.         Me.Button2.Location = New System.Drawing.Point(88, 112)
    54.         Me.Button2.Name = "Button2"
    55.         Me.Button2.Size = New System.Drawing.Size(128, 24)
    56.         Me.Button2.TabIndex = 2
    57.         Me.Button2.Text = "Enable Task manager"
    58.         '
    59.         'Form1
    60.         '
    61.         Me.AutoScaleBaseSize = New System.Drawing.Size(5, 13)
    62.         Me.ClientSize = New System.Drawing.Size(292, 266)
    63.         Me.Controls.Add(Me.Button2)
    64.         Me.Controls.Add(Me.Button1)
    65.         Me.Name = "Form1"
    66.         Me.Text = "                 Ctrl + Alt + Delete"
    67.         Me.ResumeLayout(False)
    68.  
    69.     End Sub
    70.  
    71. #End Region
    72.  
    73.     Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Integer) As Integer
    74.     Public Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Integer) As Integer
    75.     Private Declare Sub keybd_event Lib "user32.dll" (ByVal bVk As Byte, ByVal bScan As Byte, ByVal dwFlags As Integer, ByVal dwExtraInfo As Integer)
    76.     Private Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Integer, ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As KBDLLHOOKSTRUCT) As Integer
    77.     Public Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal idHook As Integer, ByVal lpfn As KeyboardHookDelegate, ByVal hmod As Integer, ByVal dwThreadId As Integer) As Integer
    78.  
    79.     Public Structure KBDLLHOOKSTRUCT
    80.         Public vkCode As Integer
    81.         Public scanCode As Integer
    82.         Public flags As Integer
    83.         Public time As Integer
    84.         Public dwExtraInfo As Integer
    85.     End Structure
    86.  
    87.     Public Delegate Function KeyboardHookDelegate(ByVal Code As Integer, ByVal wParam As Integer, ByRef lParam As KBDLLHOOKSTRUCT) As Integer
    88.     <MarshalAs(UnmanagedType.FunctionPtr)> Private callback As KeyboardHookDelegate
    89.     Public KeyboardHandle As Integer
    90.  
    91.     ' Low-Level Keyboard Constant
    92.     Const HC_ACTION As Integer = 0
    93.  
    94.     ' Virtual Keys
    95.     Const KEYEVENTF_KEYUP As Short = &H2
    96.     Const VK_SHIFT As Integer = &H10
    97.     Const VK_CONTROL = &H11
    98.     Const VK_DELETE = &H2E
    99.     Const VK_MENU = &H12
    100.     Const VK_ESCAPE As Integer = &H1B
    101.     Const WH_KEYBOARD_LL As Integer = 13&
    102.     Dim clt() As Process = Process.GetProcessesByName("taskmgr")
    103.     'This function allows keys to be detected and dealt with.
    104.     Public Function IsHooked(ByRef Hookstruct As KBDLLHOOKSTRUCT) As Boolean
    105.         On Error Resume Next
    106.  
    107.         ' ctrl alt delete, can be detected here. The task manager is closed.
    108.         If (Hookstruct.vkCode = VK_DELETE) And CBool(GetAsyncKeyState(VK_MENU) And &H8000) And CBool(GetAsyncKeyState(VK_CONTROL) And &H8000) Then
    109.             Do
    110.                 Application.DoEvents()
    111.                 Dim clt() As Process = Process.GetProcessesByName("taskmgr")
    112.                 For Each p As Process In clt
    113.  
    114.                     'kill task manager and rip from memory
    115.                     p.Kill()
    116.  
    117.                     'Thanks to Dan Appleman, who doesn't know why either.
    118.                     Application.DoEvents()
    119.  
    120.  
    121.                     'Return Task Manager function here, to replace memory.
    122.                     'Simulate Ctrl Shift Esc to call task managers back to duty.
    123.                     keybd_event(VK_CONTROL, 0, 0, 0)
    124.                     keybd_event(VK_SHIFT, 0, 0, 0)
    125.                     keybd_event(VK_ESCAPE, 0, 0, 0)
    126.                     keybd_event(VK_ESCAPE, 0, KEYEVENTF_KEYUP, 0)
    127.                     keybd_event(VK_SHIFT, 0, KEYEVENTF_KEYUP, 0)
    128.                     keybd_event(VK_CONTROL, 0, KEYEVENTF_KEYUP, 0)
    129.                     'END--Ctrl Alt Delete has been essentially blocked here from bringing up the task manager.
    130.                     'If you want to personalize your own application's task manager.
    131.                     'Call MyTaskMangerReplacement(1)
    132.                     Application.DoEvents()
    133.                     Exit Do
    134.                 Next
    135.                 Application.DoEvents()
    136.                 Me.Refresh
    137.             Loop
    138.         End If
    139.  
    140.         'disable task manager for, control shift esc.
    141.         If (Hookstruct.vkCode = VK_ESCAPE) And CBool(GetAsyncKeyState(VK_CONTROL) And &H8000) And CBool(GetAsyncKeyState(VK_SHIFT) And &H8000) Then
    142.             Return True
    143.         End If
    144.  
    145.         Return False
    146.     End Function
    147.  
    148.     'Call this to hook keyboard
    149.     Public Sub HookKeyboard()
    150.         callback = New KeyboardHookDelegate(AddressOf KeyboardCallback)
    151.         KeyboardHandle = SetWindowsHookEx(WH_KEYBOARD_LL, callback, Marshal.GetHINSTANCE([Assembly].GetExecutingAssembly.GetModules()(0)).ToInt32, 0)
    152.     End Sub
    153.  
    154.     ' UnhookKeyboard is very important to include in the form's unload.
    155.     Public Sub UnhookKeyboard()
    156.         If (Hooked()) Then
    157.             Call UnhookWindowsHookEx(KeyboardHandle)
    158.         End If
    159.     End Sub
    160.  
    161.     'Indicates hook success.
    162.     Private Function Hooked()
    163.         Hooked = KeyboardHandle <> 0
    164.     End Function
    165.  
    166.     Public Function KeyboardCallback(ByVal Code As Integer, ByVal wParam As Integer, ByRef lParam As KBDLLHOOKSTRUCT) As Integer
    167.         If (Code = HC_ACTION) Then
    168.             If (IsHooked(lParam)) Then
    169.                 Return 1
    170.             End If
    171.         End If
    172.         Return CallNextHookEx(KeyboardHandle, Code, wParam, lParam)
    173.     End Function
    174.  
    175.     Private Sub Form1_Closed(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.Closed
    176.         On Error Resume Next
    177.  
    178.         'unhook keyboard control
    179.         UnhookKeyboard()
    180.     End Sub
    181.  
    182.     Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
    183.         HookKeyboard()
    184.     End Sub
    185.  
    186.     Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
    187.         Dim i As Integer
    188.         On Error Resume Next
    189.         UnhookKeyboard()
    190.         Application.DoEvents()
    191.             System.Threading.Thread.Sleep(10)
    192.             Application.DoEvents()
    193.             keybd_event(VK_CONTROL, 0, 0, 0)
    194.             keybd_event(VK_SHIFT, 0, 0, 0)
    195.             keybd_event(VK_ESCAPE, 0, 0, 0)
    196.             keybd_event(VK_ESCAPE, 0, KEYEVENTF_KEYUP, 0)
    197.             keybd_event(VK_SHIFT, 0, KEYEVENTF_KEYUP, 0)
    198.             keybd_event(VK_CONTROL, 0, KEYEVENTF_KEYUP, 0)
    199.             Application.DoEvents()
    200.     End Sub
    201. End Class




    RobDog888I may be wrong, but I have not seen any code that can do that yet. Its protected and it deals with the security dll - msgina.dll
    The above code detects the key press though cannot block that combination.


    Jools
    If you wanted to trap ctrl-alt-delete you would have to use msgina.dll, and you need to be able to use pointers properly (like in c++) - so you can't do it in c# or vb.net.
    In the code above, the task is killed(ripped out of memory) and then the new memory is replaced, via Ctrl Shift Escape. Essentially never happening.
    Last edited by TTn; Sep 6th, 2005 at 08:08 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width