Key words
Windows2000, VC , C Bulider, Visual Basic, HOOK, DLL
introduction
In some applications, such as the development of industrial control software based on Windows2000 (hereinafter referred to as Win2K), in order to enhance system security, you need to monitor and block the keyboard event. Meet the safety requirements of control system. As a Win2K background monitoring software, you need to pay attention to the following points: hook (keyboard hook function), DLL, MSGINA.DLL, Shell_Notifyicon (tray function). In order to improve software writing efficiency, a mixed programming method can be used, ie, written the DLL file with VC / C Bulider 6.0, and write client programs with Visual Basic.
1 Hook and DLL Introduction
1) Hook
Hook is a reverse adjustment function. It is a Windows system to provide applications with a class interrupt program for monitoring system various event messages. Mount the user-defined message processing hook (hook) in the system message mechanism to achieve filtering of the message. The Windows system itself provides several hook functions to shield the keyboard in the Win2K / NT platform, and use the low-level keyboard hook, whisk wh_keyboard_ll. This hook function can block Ctrl Esc, Alt Tab, and Alt ESC, etc., are supported in the operating system after Winnt SP3. Setting hook You need to use the setWindowsHooKex () function. After you exit, you must unload your hook with the unHookWindowsHooKex () function.
2) DLL and msgina.dll
DLL (dynamic link library) is one of the most important components of Microsoft Windows. Most of the Windows related procedures, not program module group mode, is dynamic link library mode. To achieve monitoring of all keyboard events, the Hook function must be placed in the DLL file.
Windows itself is composed of many DLLs, and all of its library modules are also designed as a DLL. In Win2k, you must understand Msgina.dll in order to shield the Ctrl Alt Del combination key. In the Win2K system, Microsoft provides interactive login support with Winlogon and Gina-Graphical Identification and Authentication. After the login is successful, press the CTRL Alt DEL key button to call the msgina.dll internal function WLXLoggedonsas via Winlogon. So to block the Ctrl Alt Del combination key, you can write a new Gina.dll where the interface calls Msgina.dll to achieve shielding.
3) Shell_Notifyicon
The client program should run in the background, so it can minimize it in the system tray. Use the shell_notifyicon API function to add, delete, and change the icon of the Taskbar Status Area.
2 program implementation
In this article, VC 6 is used. Development System Gina DLL, C Bulider 6.0 development low-level HOOK DLL, VB6.0 development client program, implement hybrid programming.
1) Customize GINA Writing
Because the custom Gina is more written, this article is just a brief introduction. Custom GINA can be developed using VC 6.0. The internal function table of the Windows2000's MSGINA is given below. The functions in the table will be imported in custom GINA. Function Name Description WlxActivateUserShell activate user shell WlxDisPlayLockedNotice allow GINA dll with lock information WlxDisPlaySASNotice when no user is logged, winlogon call this function WlxDisPlayStatusMessage Winlogon calls this function information display trust WlxGetConsoleSwitchCredentials Winlogon calls this function to read the current logged-in user with a status message And transparently transmit them to the target session WLXGETSTATUSMESSAGE WINLOGON Call this function Get the current status information WLXINTIALIZE for the specified window location Gina DLL initialization WLXISLOCKOK Verification Workstation Normal Lock WLXLOGOFFOK Verification Logout Normal WLXLoggedonSas User Login and workstation is not locked, if At this time, the SAS event is received, and WINLOGON calls this function WLXLoggedoutSAS no user login. If the SAS event is received, Winlogon calls this function WLXLOGFF request to log off the operation Notification Gina DLL WLXNEGOTIATE indicates whether the current WINLON version can use Gina DLL WLXNetworkProviderLoad After loading the network service provider, Winlogon calls this function WLXRemoveStatusMessage WINLOGON Call this function tells the Gina DLL to stop display status information WLXSCREENSAVERNOTIFY allows Gina to call this function to call this function before Winlogon before turning off, allowing Gina implementation Any shut-off task, such as exiting the smart card from the card reader WLXStartApplication When the system needs to start the application in the user's context, call this function WLXWKSTALOCKEDSAS when the workstation is locked, if a SAS is received, Winlogon calls this function.
We need to pay attention to the WLXLoggedonSAS function. Shielding Ctrl Alt DEL Combined Key Code will be added when the function is called. We use the read registry key value to determine whether to shield, and the key value will be operated in the client program.
// When the system is successful, the SAS event is received when the SAS is not locked, and then the function Int WinAPI WLXLoggedonsas (PVOID PWLXCONTEXT, DWORD DWSASTYPE, PVOID PRESERVED) {HKEY HKEY; DWORD DWTYPE = REG_DWORD; / / Definition Read data type: Double byte char content [4]; // The content of the query registry key value DWORD dwlength = 4; // Open the registry key if (regopenkeyex (hkey_local_machine, "software // fpskblock // kbconfig" , 0, KEY_READ, & hKey) == ERROR_SUCCESS) {// read CtrlAltDel key if (RegQueryValueEx (hKey, "CtrlAltDel", NULL, & dwType, (unsigned char *) content, & dwLength) == ERROR_SUCCESS) {if (* Content == 1) Return WLX_SAS_Action_NONE; / / Directly return to desktop programs, implement masking}} returnid theapp.mywlxloggedonsas (PWLXCONTEXT, DWSASTYPE, PRESERVED);} The development completed custom Gina.dll is placed in the Wint / System32 folder. And modify the registry:
Key name / hkey_local_machine / Software / Microsoft / WindowsNT / CURRENTVERSION / WINLOGON sub-key name MYGINA (any name) sub-key type [REG_SZ] sub-key value Mygina (Custom Gina name)
If GinAdll does not exist, it can be created.
After restarting the computer, Mygina is used for the system.
2) Global HOOK, DLL write
Write the DLL file that installs the global HOOK with Borland C Bulider 6.0 (hereinafter referred to as BCB). BCB is an excellent C / C language development tool that quickly develops high quality Windows programs. The following introduction brief steps:
I. Use the BCB New Wizard to create a DLL project. In this DLL we will place both hooks. A thermal key for capturing system functional keys and masks, another activation hotkey used as a client program;
II. Add the following code in the CPP:
This code is used to declare global variables and export functions. Because this DLL file will be called by the client program written by VB, the statement Extern "C" needs to be placed at the statement when the export function is declared. In addition, the default calls in the BCB are contemplated as __cdecl, and the convention in the VB is called __stdcall.
Pragma argsused // The following variable is used for hook.cpp static hhook Holdhook = 0; / * Record a registered keyboard hook * / static hHOOK HOLDHOK2 = 0; / * Record a registered keyboard hook * / static hwnd hprocwnd = 0 ; / * Record the form of the client * / static handle hinstance = 0; / * DLL handle * / / / Export setKey Extern "C" __declspec (dllexport) char _stdcall ActivateKey (HWND HWND, Bool Ncode, Bool BWHICH); INT WinAPI DLLENTRYPOINT (Hinstance Hinst, unsigned) {// Save this DLL's handle hinstance = hinst; return 1;} Because the client program is running as a background, we need to place it Active hotkey so that the user calls out through the hotkey in any case. So you must place a global HOOK via the DLL file for activation hot keys. When the user presses the activation hotkey, the DLL will intercept the message and send an activation message to the specified client program.
// Client program hot key ------------------------------------------- ------------------------------ Lresult Callback HotkeyProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM) {BOOL FeatkeyStroke = FALSE ; // PKBDLLHOOKSTRUCT p = NULL; if (nCode == HC_ACTION) {switch (wParam) {case WM_KEYDOWN: case WM_SYSKEYDOWN: case WM_KEYUP: case WM_SYSKEYUP: PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) lParam; fEatKeystroke = ((p-> flags & LLKHF_ALTDOWN)! = 0) && (p-> vkcode == vk_f12); // Custom activation / / hotkey: Alt F12 Break;} if (featKeystroke) SendMessage (HPROCWND, WM_USER 200, 2000, 0); // Used to activate custom messages of the client} RETURN (FeatKeystroke? 1: CallNexThookex (Null, Ncode, WPARAM, LPARAM);}
Here is the callback function of capture, shield the system function hotkey, and the user can add a button that needs to be masked as needed.
// Shield Ctrl ESC / Alt Tab / Win / F1 / Alt ESC and other function buttons --------------------------- ------------------------------------- Lresult Callback ShieldKeyProc (int Ncode, WPARAM WPARAM, LPARAM LPARAM) {bool fEatKeystroke = FALSE; // PKBDLLHOOKSTRUCT p = NULL; if (nCode == HC_ACTION) {switch (wParam) {case WM_KEYDOWN: case WM_SYSKEYDOWN: case WM_KEYUP: case WM_SYSKEYUP: PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) lParam; fEatKeystroke = (p -> vkcode == vk_f1) || // f1 ((p-> vkcode == vk_tab) && ((p-> flags & llkhf_altdown)! = 0)) || // Alt Tab ((P-> vkcode == vk_escape) && ((p-> flags & llkhf_altdown)! = 0)) || // Alt ESC ((p-> vkcode == vk_escape) && ((getKeyState (vk_control) & 0x8000)! = 0) ) || // Ctrl ESC ((getKeyState (VK_Control) & 0x8000)! = 0) && (p-> vkcode == vk_space)) || // Ctrl Space ((GetKeyState (VK_Control) & 0x8000)! = 0) && ((getKeyState (vk_shift) & 0x8000)! = 0)); Break;}} Return (FeatKeystroke} Return (FEATKEYSTROKEX (NULL, NCODE) , wparam, lparam);} This function is responsible for registering the system based on the client call, logout hook. Hook must uninstall it when you don't want it!
// hwnd hwnd: The handle of the client program calls the form, Bool Ncode: Hang or not hook flag, Bool BWHICH: Which hook sign char _stdcall ActivateKey (HWND HWND, BOOL NCODE, BOOL BWHICH) {IF (BWHICH) ) {If (ncode) // Place the underlying hook {hprocwnd = hwnd; // Record this DLL is Holdhook = setWindowsHooKex (wh_keyboard_ll, (hookproc) shieldkeyproc, hinstance, 0); // record The last DLL is called Return (HoldHook! = NULL? 1: 0);} else // Remove Hook UnHookWindowsHookex (HoldHook);} else {if (ncode) // Place HOTHOOK {hprocwnd = hwnd; // Record this DLL is Holdhook2 = setWindowsHooKex (wh_keyboard_ll, (hookProc) HotKeyProc, Hinstance, 0); // Record the next DLL Return (HoldHook2! = Null ? 1: 0);} else // Remove the hook unhookwindowshookex (Holdhook2);} returnit; III. Compiles save in Release mode.
IV. About DLL debugging can see the relevant documentation.
3) Client program
Microsoft's Visual Basic has become the first choice for our development client program because it writes the convenience of Windows interface programs. We develop using the Visual Basic 6.0 Chinese Enterprise Edition (hereinafter referred to as VB). The VB itself does not directly support the development of the DLL file, but provides the call function of the DLL. As a client program, it is to implement the user's operation and program call DLL, the API function conversion. The following introduction brief steps:
I. Establishment
New three forms. Named: Form1, FRMLogin, Dialog. Form1 as the main window body interface arrangement as shown in Figure <1>:
<1>
The first use API function shields the task bar;
The second item implements the shielding Ctrl Alt Del combination by operating the registry;
The third term implements the mask of the function key by calling the underlying keyboard Hook DLL developed.
The password setting item is used to activate the client program.
FRMLogin is used as a user to set a password, reactivate the login form, as shown in Figure <2>:
<2>
Dialog as a "Password Setting" form, as shown in Figure <3>:
<3>
Ii. Code Process:
This article gives a main flowchart. Description:
i. Because the software is based on a Windows2000 platform, the system platform must first be determined after startup; II. Consider system security, the program is to check if there is a long way to go;
Iii. Because to accept the activation message sent by the DLL file, you can add a custom message filtering function to the VB message sequence in the VB message sequence in the formal event.
SetWindowlong Syntax:
SetWindowlong (HWND, GWL_WNDPROC, Addressof SysmenuProc) hWnd: Current Form Handle
GWL_WNDPROC: Set the address of a new window message processing process
Addressof SysmenuProc: Repair new window message processing name
The return value represents the front form message processing process.
The SYSMENUPROC function is a callback function. It must be declared in the standard module.
IV. Program minimizes system tray area programming utilizes the shell_notifyicon function.
The shell_notifyicon syntax can see Microsoft's MSDN. Add the system tray icon subroutine in the resize event of the form. The icon must be deleted when the program is exited.
