#1
|
|||
|
|||
CTRL + ALT + DEL Disable
Hi everyone,
long time no post, but going from university to work has been hard. Today I'm asking some hints to solve a problem with an application I am currently developing: I am actually working on an application that will be installed in a museum environment. This program will run on a machine that is not an embedded machine, but has to work like a normal PC, with keyboard and mouse. When the application is started, by personnel intervention, the application runs full-screen and will be used by visitors. This requires some security measures, like disabling with all means, the possibility that the user could use the pc other than the application itself. I have thus disabled with hooking code all special OS codes that could let user exit or minimize the program and use the pc. (ALT+F4, ALT+TAB, WIN KEY, CTRL+SHIFT+ESC etc etc). This works great EXCEPT for CTRL+ALT+DEL. Doing some internet researches pointed that CTRL+ALT+DEL is a SAS sequence and can't be trapped by programs since it is a security feature and so it can't be disabled. In Windows, CTRL+ALT+DEL wakes up the login screen, giving the user the possibility to reboot, shut-down, start the task manager (Killing the application) and so on... The problem is mainly that the PC needs to have a keyboard connected to it so anyone can hit the SAS sequence and go into the PC. So here is the question: how can I disable CTRL+ALT+CANC only when the application is run and restore the normal behaviour when the pc is used as a normal PC by the personnel? Is really the only option left to write a filter driver that checks if Application.exe is running and filters silently any CTRL+ALT+DEL requests? Thanks in advance. |
#2
|
|||
|
|||
point ctrl+alt+delete directly to task manager and disable task manager using windows management window (gpedit.msc)
edit: about personnel, just add a secret hotkey that pops up a little window with password http://support.microsoft.com/kb/555480 Last edited by mr.exodia; 08-26-2013 at 05:19. Reason: read whole question |
#3
|
|||
|
|||
If I understood you, Try this, works on X86, for X64 you need make chages in the code.
|
#4
|
|||
|
|||
If you want to enable/disable what you see in the screen after pressing ctrl+alt+del only when your application is running then you'll need to make changes in registry similar to what the policy editor would do.
So basically you'd update the registry when your app starts and reset those values back when your app is closing. For example if you want to disable task manager from CAD screen then you application can change this registry value HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = 1 DisableLockWorkstation = 1 in the same location will disable lock screen DisableChangePassword = 1 will disable users from changing password There are other registry values you can change to remove "switch user", "log off" and so on. Search for the utility "Tweak Ctrl+Alt+Del Options Tool v1.0". The registry keys are encrypted in that app but you can probably figure that out. If you can't find that utility then let me know. |
#5
|
|||
|
|||
Wilson,
I tried the one you posted, it disables task manager only from the list and you also need to run the exe as an admin. This could be a good place for Tmc to add more registry keys if he need to do that in vb6. Regards, athapa |
#6
|
|||
|
|||
The simple method illustrated at the link below disables keyboard scancodes in the Registry
_http://www.northcode.com/blog.php/2007/07/25/Securing-Windows-For-Use-As-A-Kiosk The admin can take over the PC via mstsc /consol (Remote Desktop Protocol), or can restore the original Registry key. Another option is to tweak msgina.dll that handles login/logout etc. |
#7
|
|||
|
|||
Thanks for the replies.
I have read that in Windows 7 embedded, the keyboard filter can be enabled, but in Windows 7 plain version this service does not exist. Some time ago, I read some tutorials to enable or disable some Windows hidden features, copying some lines from the embedded edition to the desired edition cat/ini files. Do you believe that it is possibile to do that with Windows 7? |
#8
|
|||
|
|||
I actually don't think there is an OS portable version of code that disabled CTRL+ALT+DEL, you might be able to write a system driver that hooks the code that calls the logon screen though.
Microsoft provides windows features to disable CTRL+ALT+DEL, what's so bad about that? |
#9
|
|||
|
|||
Absolutely nothing, the only concern I have is that pointing ctrl+alt+del to task manager and disabling task manager, raises a Messagebox saying "task manager has been disabled by system administrator".
Doing that, my application loses focus and i fear that in this case ALT+TAB might work. |
#10
|
|||
|
|||
hmm, that's indeed a problem...
you could point ctrl+alt+del to the task manager and from there hook CreateProcess to kill it even before it started. Another way would be to simply rename taskmgr to taskmgr_ or something like that. This could be done every time your museum shell is started... Even another solution would be to inject a custom DLL into every process (using this registry trick you see in some malware) that just checks if a mutex or something similar exists and then kills taskmgr when your museum shell does not give the green light. Hope there is an idea you like.. |
#11
|
|||
|
|||
Maybe also creating a dedicated user so UAC intervenes? However if users can get full control, I am not sure, but you can hit the inappriopiate person that knows to bypass UAC itself.
So far, creating a limited account and using the Administrator account to disable all of these should do the job. Don't know however, how you can not popup to not loose focus. If it was a touchscreen like these PoS systems we see, would have been easier, however, in this case, some Malwares as already stated may provide a clue how to disable it, the only problem is the popup maybe. The rest is complicated/complex and writing a driver (as suggested) for W$ can crash the whole system if is not written properly. |
#12
|
|||
|
|||
Quote:
One option I am actually considering is to write a custom touch-screen keyboard, leaving the actual hardware keyboard in a locker. This would solve the keyboard problem but it would complicate a bit the program usability. I think I should accurately think about advantages or disadvantages and chose the less worse option. |
#13
|
|||
|
|||
I found a solution that is clean and only requires modification of a few registry keys on program installation to work... The solution that works on my pc (after binding CTRL+ALT+DEL to taskmgr.exe) is this:
Just add the DLL to your AppInit_DLLs and task manager will only open if you created the mutex named "green_light" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs for 32 bit taskmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs for 64 bit taskmgr.exe Attached source + dlls, fully tested and working on Win7 Ultimate x64. edit: you might wanna read some topics about AppInit_DLLs if you're planning to run your software on Windows 8. Here it requires you to set some other registry keys as well. also added a small mutex tool so you can test it without writing much stuff Last edited by mr.exodia; 08-31-2013 at 20:00. Reason: added attachment |
The Following User Says Thank You to mr.exodia For This Useful Post: | ||
niculaita (07-04-2021) |
#14
|
|||
|
|||
TmC: On WinXP you can disable ctrl+alt+del keys with hooking SAS/MSGINA, i was done it success in delphi. But on OS above XP, there is no more SAS Window and i still looking for a proper way to disable the keys without using "scancode" by editing registry. Btw, what language your code with?
[sorry my English] |
#15
|
|||
|
|||
Private Type NOTIFYICONDATA
cbSize As Long hWnd As Long uId As Long uFlags As Long ucallbackMessage As Long hIcon As Long szTip As String * 64 End Type Private Const NIM_DELETE = &H2 Private Declare Function Shell_NotifyIcon Lib "shell32" Alias "Shell_NotifyIconA" (ByVal dwMessage As Long, pnid As NOTIFYICONDATA) As Boolean Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Private Sub Form_Load() Dim tskWin As Long Dim t As NOTIFYICONDATA Shell "taskmgr.exe", vbHide Do Until tskWin <> 0 tskWin = FindWindow("#32770", "the name of window of takmager.exe in your language") Loop t.hWnd = tskWin Shell_NotifyIcon NIM_DELETE, t End Sub Create an .dll file with this code, call it by inserting a code in the code cave of your app, work in all the files that I develope to sell when I need to lock the sequence crtl+alt+del. *you don't need admin previlegies to run it **translate this code to the language that you used in your app BR |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to disable VM detection? | te$ter | General Discussion | 3 | 05-16-2015 17:06 |
Origins of Ctrl-Alt-Del | Anticode | General Discussion | 0 | 04-17-2005 20:16 |
Why?the kb is disable | 3boy | General Discussion | 1 | 09-03-2003 20:22 |