locked
UnlockWindowStation RRS feed

  • Question

  • Hello everyone,
    I'm working on modifying a program that "unlocks" windows remotely. It works by injecting a dll into winlogon that switches from the winlogon desktop to the default desktop. Since the program only switches the desktop, CTRL ALT DELETE, shutdown, restart, logoff, etc... don't work. I used softice and it appears that when you unlock your computer, winlogon switches the desktops and then calls UnlockWindowstation, which enables CTRL ALT DELETE and that stuff (But I hardly know ____ about assembly so I am not sure). The problem is, I tried calling UnlockWindowStation with the handle to the current window station but CTRL ALT DELETE and that stuff still doesn't work. Here's the code to the dll injected into winlogon:

    include "stdafx.h"



    HMODULE g_hModule = 0; // The handle to this DLL



    DWORD WINAPI ThreadProc(LPVOID lpParameter)

    {

    HANDLE hRelockEvent = 0;

    HANDLE hSuccessEvent = 0;

    HDESK hNewDesktop = 0;

    HDESK hOriginalDesktop = 0;

    __try

    {

    // Open the event that RemoteUnlockService created to let us know when it's stopping

    hRelockEvent = OpenEvent(GENERIC_READ | SYNCHRONIZE, FALSE, L"31D75C35-89A7-47ad-B28F-2A8B9F02B879");

    if (!hRelockEvent)

    {

    OutputDebugStringW(L"OpenEvent failed (hRelockEvent)");

    __leave;

    }



    // Now open the event that we'll use to signal RemoteUnlockService that we've switched

    // desktops successfully

    hSuccessEvent = OpenEvent(GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE, FALSE, L"3BC12D0B-F71C-4e35-B1B1-3E6CE9EE189A");

    if (!hSuccessEvent)

    {

    OutputDebugStringW(L"OpenEvent failed (hSuccessEvent)");

    __leave;




    }
    //MYCODE START

    HWINSTA wdesk = 0;

    wdesk = GetProcessWindowStation();

    HINSTANCE hGetProcIDDLL = LoadLibraryA("user32.dll");

    FARPROC lpfnGetProcessID = GetProcAddress(HMODULE (hGetProcIDDLL),"UnlockWindowStation");

    typedef int (__stdcall * pICFUNC)(HWINSTA winSta);

    pICFUNC UnlockWindows;

    UnlockWindows = pICFUNC(lpfnGetProcessID);

    UnlockWindows(wdesk);

    FreeLibrary(hGetProcIDDLL);

    //MYCODE END

    // Tell RemoteUnlockService we've switched desktops and are waiting for it

    // to tell us to switch back

    SetEvent(hSuccessEvent);

    WaitForSingleObject(hRelockEvent, INFINITE);

    SwitchDesktop(hOriginalDesktop);

    }

    __finally

    {

    //close handles

    }



    // Unload this module and terminate this thread

    FreeLibraryAndExitThread(g_hModule, 0);

    return 0;

    }
    The only code that is mine is between the MYCODE START and MYCODE END comments. This code does compile and run without any errors or crashes but like I said, the UnlockWindowStation part doesn't seem to work or I'm not using it right. If you need the rest of the project just ask or you can get it at http://www.codeproject.com/KB/system/RemoteUnlock.aspx . Thanks for the help! (And if any of you MS employees are willing to give me some more info on how the windows unlock process works that would make very happy :)
    Wednesday, July 29, 2009 2:28 AM