I'm working on an app (Written in C#) that have a setting to run on KIOSK mode. I've just an challenge here which is disabling Ctrl+Alt+Del combination Event.
There is no right answer in the similar past posts. Please let me know about the right action.
Considering, my code is working with registry keys to disable/enable options, if you know any registry key,it will be more helpful.
CTRL+ALT+DEL is the secure attention sequence of Windows NT (and its derivatives like Win7). It is the one key combination that is guaranteed to get the OS's attention. The whole point of the SAS is that it can't be intercepted or stopped by user programs.
One security issue it addresses is that of a false login screen: consider a screen that looks exactly like the normal Windows login screen. There's no way to tell that it's a fake just by looking at it. But, if you're in the habit of always pressing CTRL+ALT+DEL before logging in (there is an option to always require it for the legitimate screen), pressing the SAS on a false login screen will bring up task manager or the secure attention screen (with the log off, change password, etc options). The real login screen doesn't do that; it just stays there on the screen. As long as the OS itself isn't replaced or compromised, CTRL+ALT+DEL will protect you from false login screens. If a user program could intercept the SAS, it wouldn't be worth anything.
The SAS was baked into the Windows NT design right from the beginning (it was in the first release in 1993), so getting around it won't be easy. I'm sure there are keyboard filter drivers-- or something to intercept that sequence-- that are designed for kiosk use.
It is not possible to capture CTRL+ALT+DEL, it is so by design in all Windows systems. This is a security issue, if the user hits CTRL+ALT+DEL, he or she should be certain that it is the operating system and not some application (possibly a password-catching trojan) that responds to it.
I guess to capture CTRL+ALT+DEL you would need to write a device driver of some sorts.
Edit: Also see This answer. I did not try it, but the question is fairly similar.
Although it is sort of possible, it is not an easy task and not something that can be done in C#. This Article will show you how to disable CTRL+ALT+DEL using group policy editor. To permanently disable the combination though, you will either need to write your own keyboard driver or write your own GINA stub (Graphical Identification and Authentication).
It is possible to pick up the CTRL+ALT+DEL combination, but not to disable it.
I tried to disable it with SetWindowsHookEx and WH_KEYBOARD_LL and you can successfully get notified when CTRL+ALT+DEL is pressed, but you cannot do anything about it.
It is possible to block CTRL+ALT+DEL combination. However, you can't really disable it. As far as I know, there are two possible methods.
Remapping the keyboard layout. There is a registry binary key that allows you to remap keyboard layout:
HKLM\System\CurrentControlSet\Control\Keyboard Layout\Scancode Map
Please check this out: Disabling Windows Hot Keys
This method can be dangerous, but I haven't noticed any side effects this method can cause. The CTRL+ALT+DEL combination is handled by winlogon.exe. If your process has administrative privilege, you can suspend winlogon.exe. Hence, it cannot process the hotkey and nothing will happen if the user presses CTRL+ALT+DEL.
Please check this out: C++ code to disable CTRL+ALT+DEL.
You will need to do some P/Invoke, in user32.dll, there's a method called SystemParametersInfo, check out these resources for more info
http://pinvoke.net/search.aspx?search=SystemParametersInfo&namespace=[All]
http://msdn.microsoft.com/en-us/library/windows/desktop/ms724947%28v=vs.85%29.aspx
I did something similar a long while back, but no longer have the code, though I did find this (it's in vb6), but it shouldn't be too hard to get the idea and translate to .NET
http://www.developerfusion.com/code/1021/how-to-disable-ctrlaltdel/
Related
Say I have started application on Windows (created in WPF for .NET in case that would help), that opens some windows/panels and just runs in a background. User don't want to interact with it constantly, however once in a while needs to urgently execute some actions in it.
Is it possible to bind some key shortcut e.g. alt+key to running application, so on hitting it app gets focus? It doesn't necessarily need to be brought to front, altough that would be nice as well.
"a hotkey that works out of your application" is this what you want?
if so, you need global hotkey that i can reference to!
(Sorry i didn't have enough reputation for commenting!)
I think I found sort of semi-solution, that doesn't need any coding or changing any system settings, but only:
1) keyboard with Windows key
2) possibly forcing user to re-arrange icons on his task bar (or pin my application as one of first 9 applications on his taskbar)
pressing WinKey+digit brings up digit'th application from the taskbar. Pressing it again hides it.
This works for Windows 7.
Obiously doing this way is a bit lame and not customizable at all, but it's always something... Still happy to find better way if there exists such.
Is it possible to write a service program that would catch an event of someone trying to take a screen capture? Not that of pressing a printscreen button or any other key combination, though, but of the event itself, even if it is done by some external tool?
You can't realistically, because anyone could write a simple application that can take a screenshot.
The command being, GetDC(NULL) (msdn GetDC).
Hooking this function also wouldn't work since apps can make use of this for legitimate reasons so you'd have to try and filter out false positives.
Also, you've only prevented one class of problem, what if the user emails the file to someone? What if the user copies the text rather than uses a screen shot? What if the user takes a photo using their mobile phone?
If you have sensitive information that must be protected the only real option is to educate users and/or restrict their access. E.g. machines with sensitive information are not connected to a public network, USB drives are disabled and user's are not allowed to bring anything with a camera or data storage near the machines.
If it's just to avoid silly mistakes, then you could hook the keyboard and look for the print screen key. This however will not detect applications (such as Snipping Tool).
This could be done via a clentscript and using AJAX to send a message back to your servers, however you cannot guarantee the user wont have javascript turned off, or the user gets around this by running through a proxy or vm environment.
In short you could do this but there is no way to 100% guarantee its effectiveness.
i want to do a application which works in background and read all keys pressed by user and save it in file.
i start to write it in Win forms and use keys Pressed event but it works when form is focused:/
It is another way to do it? i hear about Windows Service, but i never use it :/
You can do it with help of these:
DirectX look into MDX
KeyLogger Application for C#
Creating a simple keylogger in C#
I don't know your reasons, but I just hope they are "good".
After doing a lot of research looking for a good code to use to achieve this, I've decided to create my own C# Keylogger API. It's very simple and clean:
api.CreateKeyboardHook((character) => { Console.Write(character); });
You just need to pass a callback and the API will return the key pressed by the user, among other things like: the screen the user was in that moment. Obviously, it works in background.
More details here: https://github.com/fabriciorissetto/KeystrokeAPI
I'm assuming you want to intercept all key events to all windows:
I wouldn't recommend C# for this. You'll need to drop to the Win32/64 API, which can be done, but you'd be better off using Visual C++ / something without training wheels.
There are several ways to do this. The easiest, by far, is to register a hook for keyboard events. Implement a basic service and handle the key-press events in your main loop / event handler. You can also just brute-force the keyboard state in a tight polling loop, but this will make the CPU cry.
There's 1,000,001 ways to install your own keyboard driver without admin privileges, but you're going to need to find one yourself, assuming you go down that road.
I seriously doubt that anyone on stackoverflow will help you create a key logger. You're going to need to dive into the bowels of the Win32 API and, likely, figure it out yourself. It isn't difficult if you have a solid C background. Windows "security" is little more than smoke & mirrors.
Boring background:
I have been working with UltraVNC to control some PC's at work and it does the job great but in order to simplify things I created a program that interfaces with it in C#. Basically I take advantage of the commands the viewer offers to connect, control, watch or transmit to each PC.
Problem is anyone can access the PC's since it has one main account (no domain controller). I need everyone to sign for the PC before they can use it, so to make my job easier I open each PC and block the inputs + blank the screen that way there obligated to sign before use.
Opening each pc and press the block button can be hassle especial when you’re helping someone and a user leaves, others come (btw I work at an electronic library). UltraVNC doesn’t have a command for this; it’s been requested but I don’t think it’s much of a priority for them and the code seems very intimidating for a novice like me so I thought I could try a hack to get what I want.
Problem: I want to “click” a button in a program I use, from an application that I am building in c#. I can currently use the process class to get the handle and identify the specific window I want to use but I have no way to find the button handle which I read is what I need. I found stuff about using findwindow and sendkeys for this but I don’t see how that’ll work unless the button had a keystroke assigned to it which it doesn’t.
So can anyone point me in the right direction?
Why not use something like Eficium Cybercafe SurfShop to achieve what you want? After teh user finished you log the session out, and before someone can log in, they have to sign in.
Okay I've spent the afternoon researching and haven't had much luck finding the answer to this. I am trying to prevent an application from launching via some sort of dll or background application. It is to be used in monitoring application usage and licenses at my institution. I have found leads here regarding WqlEventQuery and also FileSystemWatcher. Neither of these solutions appear to work for me because:
With WqlEventQuery I was only able to handle an event after the process was created. Using notepad as a test, notepad was visible and accessible to me before my logic closed it. I attempted to Suspend/Resume the thread (I know this is unsafe but I was testing/playing) but this just hung the window until my logic finished.
With FileSystemWatcher I was not able to get any events from launching a .exe, only creating, renaming and deleting files.
The goal here is to not let the application launch at all unless my logic allows it to launch. Is this possible? The next best solution I came up with was forcing some type of modal dialog which does not allow the user to interact with anything, once the dialog is closed the application is killed. My concern here is killing the application nicely and handling applications with high overhead when they load such as Photoshop or something. This would also interfere with a feature I was hoping to have where the user could enter a queue until a license is available. Is this my best route? Any other suggestions?
Thanks
edit: To clarify this is not a virus or anything malicious. It's not about preventing access to a blacklist or allowing access through a whitelist. The idea is to check a database on a case by case basis for certain applications and see if there is a license available for use. If there is, let the app launch, if not display a dialog letting the user know. We also will use this for monitoring and keeping track if we have enough licenses to meet demand, etc. An example of one of these apps is SPSS which have very expensive licenses but a very limited pool of people using it.
Could you use
System.Diagnostics.Process.GetProcessesByName
in a loop to look for the process?
It might work if you don't use too aggressive a polling rate.
You are indeed close, take a look at the WMI Management Events. http://msdn.microsoft.com/en-us/library/ms186151%28VS.80%29.aspx
Sample code from Microsoft: http://msdn.microsoft.com/en-us/library/ms257355(VS.80).aspx
Subscribing to the appropriate event will provide your application with the appropriate information to perform what you described.
Not sure if this is a GOOD solution but you could do something like pass a key into main so that if the key is not present or valid the application shuts down. Then when you open the application in your code, just pass the key in. Someone would then have to know the key in order to start the application.
This is assuming you have access to the application in question's source code, which upon reading your question again, I'm not so sure of.
I assume you don't have source for the application you want to prevent from loading...
Have you considered using a system policy? That would be the best-supported way to prevent a user from launching a program.
You could have a service running that force-kills any app that isn't "whitelisted", but I can't say how well that would work.
I wonder if you are taking the wrong approach. Back in the day there was a Mac app that would prevent access to the desktop and had buttons to launch a set list of applications.
IDEA
What if you had a wrapper for the approved apps then only allow your wrapper to run on the computer?
I would expect there is some way of hooking an application launch, but can't help directly on that front.
You may be able to improve your current approach by detecting the application's window opening and hiding it (move it offscreen) so that the user can't attempt to interact with it while you are trying to shut it down.
However, another approach that may be possible (depending on your circumstances) would be to write an application launcher. This simply is a replacement for the shortcut to the application that checks your licencing conditions, and then does a Process.Start to launch the real .exe at that point. This would work well for any application. (I used a system like this for starting up applications with specialised environment settings and it works beautifully)
You could combine this with your current approach as a fall-back for "clever" users who manage to circumvent your launcher.
If my understanding is right you want to create an application what will prevent the computer user to start any other process except ones for a white-list.
If this is the case, monitor the process list of processes (in a while loop) using System.Diagnostics.Process (the GetProcesses method gives the list of all running ones)
Just kill the process when it starts.
Or if your machines have Windows 7 (Windows 2008??) you can use AppLocker. http://www.microsoft.com/windows/enterprise/products/windows-7/features.aspx#applocker Just let Windows prevent the startup.
You might want to look at this product: http://www.sassafras.com/licensing.html Personally I can't stand it, but that's because it does what you describe. Might save you some coding.
You could actually edit the registry so when you click a psd, your launcher gets called instead of photoshop. Your launcher then checks for licenses and if there is one starts photoshop with the path of the file.
This is a long shot but you may find it helpful.
Perceived Types and Application Registration
http://msdn.microsoft.com/en-us/library/cc144150(VS.85).aspx