Hi, I'm doing an Online Quiz project in C#. The test client is a Windows Desktop Application running on Windows XP. I need to block the control+alt+delete key combination to prevent students from minimizing/closing the application. I know this question has been asked a million times, but I'm simply unable to find a working solution. Using PInvoke is okay for me. Could you please provide some info/links to info about this? I know this is definitely possible because I've seen 3 applications doing this,but they're all proprietary, so I have no way of knowing how it was done. Thanks Evans
+2
A:
What do you really want to do ? Disable the task manager ?
Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1 disable
But the user can still close your app with a third party task manager.
The proprietary application might "disable Ctrl+Alt+Del" using this registry key :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe, Debugger, Hotkey Disabled
Guillaume
2009-11-02 09:02:18
"Image File Execution Options" is evil(well... not really). Good idea! The only drawback I can see is that if the application gets terminated in an unusual way than taskmgr will still be disabled (because the application won't have a chance to remove that key).
Kalmi
2009-11-02 10:35:08
hmm... Your solution also has the same problem as mine... If the Welcome Screen is disabled than instead of taskmgr the Windows Security window opens when one presses Ctrl-Alt-Del. Which is not blocked by this.
Kalmi
2009-11-02 10:47:37
I can't do any permanent changes such as changing the registry, because 1. I can't really assume that my program will have administrator privileges - actually admin privileges would be the exception. 2. If my program crashes for some reason, it'll be additional troubleshooting work for the college staff
Evans
2009-11-05 18:21:19
The computer might also be part of a domain, so blocking the taskmanager alone will not help. Actually, blocking the taskmanger wouldn't be so much trouble - I could search for the Window Title n close it or follow some of the described Hackish methods.
Evans
2009-11-05 18:23:53
+2
A:
There're three ways of doing it (registry, administrative templates and hooks) described in this article.
The code is in C++, but it will be easy to port it to C# with P/Invoke.
elder_george
2009-11-02 09:07:30
I've seen the page before. I've downloaded the sample, but even that doesn't work. All the other options except Control+Alt+Del work, but checking "Block Control+Alt+Del" option crashes the application. - I was running the already compiled Binary, so it wasn't a problem with compilation etc.
Evans
2009-11-03 13:28:36
+16
A:
I found a very ugly way of doing this (which works well). If I open taskmgr.exe exclusively, than nothing happens when the user presses Ctrl+Alt+Del.
FileStream fs = new FileStream(System.IO.Path.Combine(Environment.SystemDirectory, "taskmgr.exe"), FileMode.Open, FileAccess.ReadWrite, FileShare.None);
What I like the most about this solution that it has no permanent effects. For example if the application gets killed than Ctrl+Alt+Del will just work again.
Drawback: One must have the Welcome screen enabled or Windows Security will popup instead of Windows trying to open taskmgr and silently failing. (→ It also won't work if the machine is in a domain, because being in a domain disables the Welcome screen.)
(Of course this won't work on Vista and W7.)
Kalmi
2009-11-02 09:14:13
Dude...I'm amazed and shocked of that solution at the same time. ;) Nice one.
Bobby
2009-11-02 09:17:28
Just a suggestion, you might also want to block the functionality of Ctrl+Shift+Esc.
Ric Coles
2009-11-02 10:57:41
It's a bit crazy that this works, but I guess TaskMgr is just a regular .exe.
Matt Warren
2009-11-02 11:07:14
+11
A:
For Windows XP, the correct way to do this is to create your own Graphical Identification and Authentication Dynamic Link Library, or gina.dll for short. Here's an MSDN article about it. This DLL exports a set of functions that interact with the Winlogon process and provides the user interface to logon requests - the Secure Action Sequence event. The main logon request is the ctrl-alt-delete response. The standard gina.dll invokes the logon screen or the task manager/logoff dialog. It's not too difficult to create your own gina but it does require C/C++ coding and not C# and it is quite easy to make the system fail to boot. This does not stop people from pressing F8 at boot up and selecting the Safe Boot option, which won't load the custom gina.dll.
EDIT: I should also say that you don't need to implement all the functions the gina is required to implement, you can dynamically load the previous gina.dll and pass all the calls you're not interested in to the old gina.dll.
EDIT 2: This does not work with Vista/Win7 as they changed the architecture of the logon process. It is still possible to disable ctrl-alt-delete in Vista/Win7 but it requires a different mechanism - there are MSDN articles about it somewhere.
EDIT 3: Here's a ZIP file containing the source code to make a gina.dll It was built using DevStudio 2005. The file GinaInterface.cpp details the steps needed to install the new gina.dll library. This will disable the "Welcome" screen and replace it with the 'press crtl-alt-del' to login dialog. As it stands, there is no difference between this and a standard gina.dll, all the gina related calls are passed through to the original gina.dll file (called msgina.dll in the Windows\System32 folder). To disable the ctrl-alt-del key press, update the function WlxLoggedOnSAS in GinaInterface.cpp. To stop ctrl-alt-del whilst your application is running, you could create a named mutex (CreateMutex) and test for its presence in the gina.dll, stopping ctrl-alt-del if the mutex exists.
Skizz
2009-11-02 09:20:57
I don't want to actually replace any dll - basically,I don't want to make any permanent changes - even the worst of crashes should be fixed by a restart.
Evans
2009-11-05 18:26:43
I read the article, but it kinda goes over my head. Could you provide some more help on that? A link to a working sample perhaps? Thanks.
Evans
2009-11-05 18:27:46
A working sample? That's not a quick thing to do! I do have the source to a gina.dll replacement to hand, but it's too large to post directly here and it needs a bit of editing to strip it down to what you need. I'll see what I can do.
Skizz
2009-11-06 11:36:16
+2
A:
According to the Windows Internal book (4th edition), Ctrl-Alt-Del sequence cannot be intercepted by non-privileged applications. Also, it is said that this particular sequence cannot be intercepted and that the Winlogon process will always receive it (page 529).
I never tried to do this, however, but I would trust the book :)
Philippe
2009-11-02 09:23:44
My application will be downloaded by students onto their own laptops, so I don't really want to mess with the registry.
Evans
2009-11-03 13:27:29
+1
A:
Alternate solution:
Make the app so you never need to use the alt or ctrl key.
Then, take out the Ctrl (or alt) key and put paper on the contacts.
Tada!
(just use another keyboard for maintenance)
moogs
2009-11-02 10:52:41
Did you try it? I tried in my system before commenting this. Can't Ctrl-Alt-Del using the OSK or a combination of OSK and the actual keyboard.Or is my system borked?
moogs
2009-11-05 08:40:14
A:
A very dumb solution (which assumes that the machine is dedicated your software) is to remap the Alt key (to nothing).
Drawbacks:
- Permanent effect
- Requires a restart/logoff to activate
Works on xp, Vista, W7.
You can use SharpKeys to remap/disable any key.
For info on what registry key SharpKey changes see this. One can also remap on a per user basis.
Warning: If you disable the Alt key and login requires you to press Ctrl+Alt+Del than you won't be able to login. :)
Kalmi
2009-11-03 17:21:52
+2
A:
I achieved a similar goal, but with a different tactic in a Time Tracker tool I whipped up. This will give you a form which takes over the screen - doesn't allow windows to appear on top of it and will shoot down task manager if it is started.
- Set your form TopMost = True.
override the Form.OnLoad method like so:
protected override void OnLoad(EventArgs e) { base.OnLoad(e); this.Location = SystemInformation.VirtualScreen.Location; this.Size = SystemInformation.VirtualScreen.Size; }Create a timer, with a 500 millisecond interval, which looks for, and kills "taskmgr.exe" and "procexp.exe".
Override the Form.OnFormClosing:
protected override void OnFormClosing(FormClosingEventArgs e) { if (e.CloseReason == CloseReason.UserClosing || e.CloseReason == CloseReason.FormOwnerClosing) { MessageBox.Show("Nice try, but I don't think so..."); e.Cancel = true; return; } base.OnFormClosing(e); }Override OnSizeChanged:
protected override void OnSizeChanged(EventArgs e) { base.OnSizeChanged(e); this.WindowState = FormWindowState.Normal; this.Location = SystemInformation.VirtualScreen.Location; this.Size = SystemInformation.VirtualScreen.Size; this.BringToFront(); }
Philip Wallace
2009-11-03 17:32:33
Thanks. My code already contains everything you've said (Except the taskmanager killing). The computer could be on a domain in which case the taskmanager wouldn't even appear. Any idea on what I could do for that?
Evans
2009-11-05 18:25:09
Why is that ability to open Windows Security a problem? All they can do their is "lock computer", "log off", "shut down", "change password" and open "task manager"(which this code prevents from functioning properly)...
Kalmi
2009-11-05 19:05:43
It's a working solution, but nothing stops a student that has renamed `taskmgr.exe` to `1337taskmgr.exe` and executes that before the app :) If this for computer science students, then the OP will have a hard time hardening his app either way.
voyager
2009-11-28 16:26:29
A:
You'll also want to block alt+F4 with something like this:
private void form_KeyDown(object sender, KeyEventArgs e) {
if (e.KeyCode == Keys.F4 && e.Modifiers == Keys.Alt)
e.Handled = true;
base.OnKeyDown(e);
}
Dinah
2009-11-03 17:35:37
You can also just set Cancel to true if CloseReason is CloseReason.UserClosing or CloseReason.FormOwnerClosing in the OnFormClosing event.
Philip Wallace
2009-11-03 17:47:22
I already have a solution which blocks all the keys..except the almight Control+alt+del.
Evans
2009-11-05 18:19:47
A:
I wonder if you could install a filter on the keyboard driver?
I know on USB interfaces, you can install an upper or lower filter to the USB data to intercept it as it arrives on the computer, and perhaps a similar approach could be taken. Essentially, you would modify the key combinations coming from the keyboard as long as your testing application is running.
I did find an 'UpperFilters' registry key defined for my keyboard...
This USB sniffer comes with source code that implement a filter. It may be usable in the context of a keyboard sniffer / modifying filter. (Download link)
Kieveli
2009-11-03 17:48:57
A:
I would suggest other way to disable Task Manager, works well with Windows 7 yet it just affects task manager option. The solution is to set following registry key to irrelevant value, like "C:\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger
You can also use this hack to start your own task manager, just by setting Debugger key to full path of your application. I have discovered this by analysing how ProcessExplorer replaces TaskMgr.
too
2010-07-07 11:46:43
+1
A:
As pointed out in the other answers, there is no secure way of accomplishing this without checking each student's computers, because they could always run a VM.
As an alternative, have you considered burning your app to a LiveCD and requiring students to boot the LiveCD?
That way, you control their OS as long as they are running your app. Once done, they can reboot and everything's back to normal.
Of course, students could reboot their laptops inbetween, but that would probably take long enough to be noticed by the supervisors.
The VM solution would still trick this, so you'd need to make sure everyone really boots from the CD; otherwise I cannot think of any way around this.
As a bonus, you'll be isolated from any weird OS problems on the student's laptops (maybe some installed Linux or OS X ;-) ) .
sleske
2010-10-19 23:29:38
Thanks. This is the solution I have arrived at - as the only reasonably fool proof one. When I trying to block keys, most Antiviruses don't like it :(
Evans
2010-10-21 18:26:19