Everhart, Glenn
From:	Johannes Rath [JohannesR@DiamondMM.com]
Sent:	Friday, June 19, 1998 4:56 AM
To:	'ntdev@atria.com'
Subject:	RE: [ntdev] watch keyboard stroke befor user logon
> 	Johannes,
> 
> 		If what you're saying that hooks work for WinLogon
> desktop as well, then it would be possible to capture keyboard
> characters even before and during user
> 	logon.  In my existing code, the only ones that are lacking are
> to install itself as a Win32 service (doable on my side) and write the
> code that will locate the ID of the WinLogon desktop.  Any ideas on
the
> latter task?
 Edgar,
	you have to do something like this:
      // Get the default desktop on winsta0
      //
      hdesk = OpenDesktop("Winlogon", 0, FALSE,
                            DESKTOP_CREATEMENU |
                  DESKTOP_CREATEWINDOW |
                            DESKTOP_ENUMERATE    |
                            DESKTOP_HOOKCONTROL  |
                            DESKTOP_JOURNALPLAYBACK |
                            DESKTOP_JOURNALRECORD |
                            DESKTOP_READOBJECTS |
                            DESKTOP_SWITCHDESKTOP |
                            DESKTOP_WRITEOBJECTS);
   if (hdesk == NULL)
           return FALSE;

   //
   // Set the desktop to be "winlogon"
   //
   if (!SetThreadDesktop(hdesk))
           return FALSE;
	For more information read my previous messages in this thread.
When writing your service you must make sure that your service
gets loaded before the user can do anything. I achieve this by putting
the service into the video load group. This means the service will be
loaded
at the same stage as the display driver. It works but I dont know about
any side effects. Anyone who knows more about the loading sequence at
boot time?
> 
> 		BTW, don't you think NT has made an exception here so as
> not to compromise security during user logon, e.g., Trojan horses or a
> program that masquerades as a WinLogon?  If this exception is correct,
> then, there's no way to capture keyboard messages by hooks alone --
you
> need to go as low as to the level of the keyboard device driver -- way
> up front of NT OS.
	I think there is some confusion between the winlogon
desktop and the winlogon process. I was just talking
about the winlogon desktop. I managed to set a hook there
( to manipulate the window positions ). So I suppose it
should be possible to get any keyboard input as well.
Regards
Johannes 
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[ To unsubscribe, send email to ntdev-request@atria.com with body
UNSUBSCRIBE (the subject is ignored). ]