Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I suspect that's why Windows has you do a Ctrl+Alt+Del before logging in.


That's more or less exactly it. Ctrl+Alt+Del causes a switch from the interactive desktop (WinSta0\Default) to the Winlogon desktop, which no other process has access to. Windows code also contains a special rule for interrupting the Ctrl+Alt+Del combination to prevent other applications from hooking into it and overriding the default functionality.

Technically it is possible to get other processes to run in the Winlogon window, but that requires messing around with security tokens, among other barriers.


I think either VirtualBox or VMware Workstation can detect Ctrl-Alt-Delete - it then asks you if you meant to send that to the guest VM. Any idea how that works if there's protection on Ctrl-Alt-Delete?


Vmware detects it, but doesn't stop it dumping you to the lock screen. The result is you hit control Ctrl-alt-del, lock screen pops upp, you get out of the lock screen, and there is a vmware popup saying "hey! You probably meant to use Ctrl-Alt-Insert instead!"


Ctrl-Alt-Del fires an IRQ. As such, it can't usually be fired remotely - although some utils work around it by making API calls at the client end to trigger the behavior, depending on context.

Some flavors of VMware hooked the IRQ on the host machine and responded to that (not sure about VirtualBox, never thought to check that.) They can send it to the virtual machine easily, as they are also providing the a virtual bios/hardware layer.


Back when my high school switched from Win 98 to one of the NTs, and Ctrl-Alt-Del started being used to log in, I thought about making an application that looked like the login UI itself, as if someone else had pressed Ctrl-Alt-Del but then got distracted before actually logging in. But I didn't have the skills to do it.

The best I got was finding out how to launch cmd.exe on NT, when the system had been locked down to disallow right clicks on the desktop, no desktop icons, and only approved programs in the start menu. I think it involved navigating the help system to a certain page that had a link to Explorer. Then I explored the network until I found an unused share somewhere, where I put gcc and started teaching myself C.

The command prompt also let me use the "net send" command to send messages to other computers, which was fun.


Exactly. Only the windows login process can hook into that keystroke.


it might be my imagination, but i've heard of hacked winlogon.exe's, wikipedia says 'vundo'?


That isn't hooking Ctrl-Alt-Del, though--it's replacing the winlogon desktop that Ctrl-Alt-Del is hardcoded to switch you to.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: