preface In the WINDOWS 9X environment we can use SystemParametersInfo (SPI_SCREENSAVERRUNNING, 1, NULL, 0); to shield CTRL + ALT + DEL, but in the NT /2000 environment It doesn't work, so the low-level keyboard hook using WH_KEYBOARD_LL can't be intercepted! By replacing the GINA DLL, the author has well implemented the function of masking CTRL+ALT+DEL under NT/2000. Download Source Code 6K I. Principle The interactive login support in NT/2000 is implemented by WinLogon calling GINA DLL. GINA DLL provides an interactive interface to provide authentication request for user login. When WinLogon is initialized, the CTRL+ALT+DEL message is intercepted from the system registration, so other programs cannot get the CTRL+ALT+DEL message. WinLogon will interact with the GINA DLL. The default is MSGINA.DLL (in the System32 directory). Microsoft also provides us with an interface to edit GINA DLL instead of MSGINA.DLL. WinLogon will create 3 desktops when initialized: (1), winlogon desktop: mainly display window security and other interfaces, such as you press CTRL+ALT+DEL, login interface, etc. (2), application desktop: we usually see The interface with my computer (3), screen saver desktop: screen saver display interface. After the user logs in, when you press CTRL+ALT+DEL, WinLogon calls the output function of GINA DLL: WlxLoggedOnSAS. At this time, it is on the winlogon desktop. We just need to directly redirect him to the application desktop, the system will not display Windows. The safe interface, in other words, is that the user does not play any role after pressing CTRL+ALT+DEL. When we switch the desktop, the screen will flash! Second, the program achieved GINA DLL to output the following functions (winlogon calls) WlxActivateUserShell WlxDisplayLockedNotice WlxDisplaySASNotice WlxDisplayStatusMessage WlxGetStatusMessage WlxInitialize WlxIsLockOk WlxIsLogoffOk WlxLoggedOnSAS WlxLoggedOutSAS WlxLogoff WlxNegotiate WlxNetworkProviderLoad WlxRemoveStatusMessage WlxScreenSaverNotify WlxShutdown WlxStartApplication WlxWkstaLockedSAS to simplify the programming, we obtain the dynamic function from MSGINA.DLL appeal, the self The function of MSGINA.DLL can be called directly in the defined DLL (hereinafter referred to as NoReboot.DLL). Now we have to deal with the WlxLoggedOnSAS function: int WINAPI WlxLoggedOnSAS ( PVOID pWlxContext, DWORD dwSasType, PVOID pReserved) { HANDLE hMutex; WriteInfo ("WlxLoggedOnSAS \
\ "); //used to record information if (dwSasType == WLX_SAS_TYPE_CTRL_ALT_DEL ) { /Shield CTRL_ALT_DEL, you can also decide whether to shield according to specific conditions //I used Mutex to control whether to shield, (Note: use unicode) hMutex = OpenMutex (MUTEX_ALL_ACCESS, FALSE, L"_ac952_z_cn_CTRL_ALT_DEL"); if (hMutex){ CloseHandle(hMutex); WriteInfo("disble CTRL+ALT+DEL \
\ "); return WLX_SAS_ACTION_NONE; //Switch the screen to the application desktop, mask CTRL+ALT+DEL } else WriteInfo( "not disble CTRL+ALT+DEL \
\ "); } return prcWlxLoggedOnSAS ( //This is the function I got from MSGINA.DLL. pWlxContext, dwSasType, pReserved); } We want to call in our own program hMutex = CreateMutex(NULL, FALSE, "_ac952_z_cn_CTRL_ALT_DEL"); CTRL+ALT+DEL can be masked. Third, the installation and considerations Note in writing GIAN DLL, GINA DLL uses unicode. GINA DLL installation: Key name: \\HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon Variable name: GinaDLL Variable type: [REG_SZ] Content: "Your GINA DLL name" eg: "NoReboot.DLL : Copy your GINA DLL (NoReboot.dll) to the system directory (system32), restart the machine, and your GINA DLL (NoReboot.dll) will run. If you can't enter your system, then after you enter DOS, copy msgina.dll into your GINA DLL (NoReboot.dll) to enter, or enter safe mode and delete the key.