原文:
C# 屏蔽Ctrl Alt Del 快捷键方法+屏蔽所有输入
Win32.cs
/* * * FileCreate By Bluefire * Used To Import WindowsApi * */ using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; namespace Bluefire.LockKeyBoard { internal static class Win32 { public const string ATOM_FLAG = "HookSysKey"; public const string SHELL_FALG = "Winlogon"; public const short SHELL_CODE_DWORDLEN = 318;//注入代码所占的双字数 public const short SHELL_CODE_LENGTH = (SHELL_CODE_DWORDLEN * 4);// '字节数 public const short SHELL_FUNCOFFSET = 0x8;// '注入代码线程函数偏移量 public const UInt32 STANDARD_RIGHTS_REQUIRED = 0x000F0000; public const UInt32 STANDARD_RIGHTS_READ = 0x00020000; public const UInt32 TOKEN_ASSIGN_PRIMARY = 0x0001; public const UInt32 TOKEN_DUPLICATE = 0x0002; public const UInt32 TOKEN_IMPERSONATE = 0x0004; public const UInt32 TOKEN_QUERY = 0x0008; public const UInt32 TOKEN_QUERY_SOURCE = 0x0010; public const UInt32 TOKEN_ADJUST_PRIVILEGES = 0x0020; public const UInt32 TOKEN_ADJUST_GROUPS = 0x0040; public const UInt32 TOKEN_ADJUST_DEFAULT = 0x0080; public const UInt32 TOKEN_ADJUST_SESSIONID = 0x0100; public const UInt32 TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY); public const UInt32 TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID); public const UInt32 SE_PRIVILEGE_ENABLED = 0x00000002; public const string SE_DEBUG_NAME = "SeDebugPrivilege"; public const int TH32CS_SNAPPROCESS = 2; [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool ReadProcessMemory( IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead ); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, uint[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] public static extern ushort GlobalAddAtom(string lpString); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] public static extern ushort GlobalDeleteAtom(ushort nAtom); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto, EntryPoint = "GlobalFindAtomW")] public static extern ushort GlobalFindAtom(string lpString); [DllImport("kernel32.dll", SetLastError = true)] public static extern IntPtr CreateToolhelp32Snapshot(SnapshotFlags dwFlags, uint th32ProcessID); [DllImport("kernel32.dll")] public static extern bool Process32First(IntPtr hSnapshot, ref PROCESSENTRY32 lppe); [DllImport("kernel32.dll")] public static extern bool Process32Next(IntPtr hSnapshot, ref PROCESSENTRY32 lppe); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public static extern int lstrcmpi(string lpString1, string lpString2); [DllImport("kernel32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CloseHandle(IntPtr hObject); [DllImport("kernel32.dll")] public static extern IntPtr GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out LUID lpLuid); // Use this signature if you want the previous state information returned [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AdjustTokenPrivileges(IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)]bool DisableAllPrivileges, ref TOKEN_PRIVILEGES NewState, UInt32 BufferLengthInBytes, ref TOKEN_PRIVILEGES PreviousState, out UInt32 ReturnLengthInBytes); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public static extern IntPtr GetModuleHandle(string lpModuleName); [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] public static extern UIntPtr GetProcAddress(IntPtr hModule, string procName); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, AllocationType flAllocationType, MemoryProtection flProtect); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, FreeType dwFreeType); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] public static unsafe extern bool VirtualFreeEx( IntPtr hProcess, byte* pAddress, int size, FreeType freeType); [DllImport("kernel32.dll")] public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, int lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, out IntPtr lpThreadId); [DllImport("kernel32.dll", SetLastError = true)] public static extern UInt32 WaitForSingleObject(IntPtr hHandle, Int32 dwMilliseconds); [DllImport("kernel32.dll")] public static extern bool GetExitCodeThread(IntPtr hThread, out int lpExitCode); [DllImport("user32.dll", SetLastError = true)] public static extern IntPtr SetWindowsHookEx(HookType hookType, HookProc lpfn, IntPtr hMod, uint dwThreadId); [DllImport("user32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool UnhookWindowsHookEx(IntPtr hhk); [DllImport("user32.dll")] public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, WM wParam, [In]KBDLLHOOKSTRUCT lParam); [DllImport("user32.dll")] public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, int wParam, int lParam); [DllImport("Kernel32.dll", EntryPoint = "RtlMoveMemory", SetLastError = false)] public static extern void MoveMemory(object dest, IntPtr src, int size); [DllImport("user32.dll")] public static extern bool BlockInput(bool fBlockIt); } internal delegate int HookProc(int code, IntPtr wParam, IntPtr lParam); internal delegate int ThreadProc(IntPtr param); internal enum HookType : int { WH_JOURNALRECORD = 0, WH_JOURNALPLAYBACK = 1, WH_KEYBOARD = 2, WH_GETMESSAGE = 3, WH_CALLWNDPROC = 4, WH_CBT = 5, WH_SYSMSGFILTER = 6, WH_MOUSE = 7, WH_HARDWARE = 8, WH_DEBUG = 9, WH_SHELL = 10, WH_FOREGROUNDIDLE = 11, WH_CALLWNDPROCRET = 12, WH_KEYBOARD_LL = 13, WH_MOUSE_LL = 14 } [StructLayout(LayoutKind.Sequential)] internal class KBDLLHOOKSTRUCT { public uint vkCode; public uint scanCode; public KBDLLHOOKSTRUCTFlags flags; public uint time; public UIntPtr dwExtraInfo; } [Flags()] internal enum KBDLLHOOKSTRUCTFlags : uint { LLKHF_EXTENDED = 0x01, LLKHF_INJECTED = 0x10, LLKHF_ALTDOWN = 0x20, LLKHF_UP = 0x80, } [StructLayout(LayoutKind.Sequential)] internal struct PROCESSENTRY32 { public uint dwSize; public uint cntUsage; public uint th32ProcessID; public IntPtr th32DefaultHeapID; public uint th32ModuleID; public uint cntThreads; public uint th32ParentProcessID; public int pcPriClassBase; public uint dwFlags; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] public string szExeFile; }; [Flags] internal enum FreeType { Decommit = 0x4000, Release = 0x8000, } [Flags] internal enum SnapshotFlags : uint { HeapList = 0x00000001, Process = 0x00000002, Thread = 0x00000004, Module = 0x00000008, Module32 = 0x00000010, Inherit = 0x80000000, All = 0x0000001F } [Flags] internal enum AllocationType { Commit = 0x1000, Reserve = 0x2000, Decommit = 0x4000, Release = 0x8000, Reset = 0x80000, Physical = 0x400000, TopDown = 0x100000, WriteWatch = 0x200000, LargePages = 0x20000000 } [Flags] internal enum MemoryProtection { Execute = 0x10, ExecuteRead = 0x20, ExecuteReadWrite = 0x40, ExecuteWriteCopy = 0x80, NoAccess = 0x01,x02, ReadWrite = 0x04, WriteCopy = 0x08, GuardModifierflag = 0x100, NoCacheModifierflag = 0x200, WriteCombineModifierflag = 0x400 } [Flags] internal enum ProcessAccessFlags : uint { All = 0x001F0FFF, Terminate = 0x00000001, CreateThread = 0x00000002, VMOperation = 0x00000008, VMRead = 0x00000010, VMWrite = 0x00000020, DupHandle = 0x00000040, SetInformation = 0x00000200, QueryInformation = 0x00000400, Synchronize = 0x00100000 } [StructLayout(LayoutKind.Sequential)] internal struct LUID { public long lowpart; public long highpart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID pLuid; public long Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public long PrivilegeCount; public LUID_AND_ATTRIBUTES Privileges; } [StructLayout(LayoutKind.Sequential)] internal struct PROCESSENTRY32W { public long dwSize; public long cntUsage; public long h32ProcessID; public long th32DefaultHeapID; public long h32ModuleID; public long cntThreads; public long th32ParentProcessID; public long pcPriClassBase; public long dwFlags; public int[] szExeFile; } /// <summary> /// Windows Messages /// Defined in winuser.h from Windows SDK v6.1 /// Documentation pulled from MSDN. /// </summary> internal enum WM : uint { /// <summary> /// The WM_NULL message performs no operation. An application sends the WM_NULL message if it wants to post a message that the recipient window will ignore. /// </summary> NULL = 0x0000, /// <summary> /// The WM_CREATE message is sent when an application requests that a window be created by calling the CreateWindowEx or CreateWindow function. (The message is sent before the function returns.) The window procedure of the new window receives this message after the window is created, but before the window becomes visible. /// </summary> CREATE = 0x0001, /// <summary> /// The WM_DESTROY message is sent when a window is being destroyed. It is sent to the window procedure of the window being destroyed after the window is removed from the screen. /// This message is sent first to the window being destroyed and then to the child windows (if any) as they are destroyed. During the processing of the message, it can be assumed that all child windows still exist. /// /// </summary> DESTROY = 0x0002, /// <summary> /// The WM_MOVE message is sent after a window has been moved. /// </summary> MOVE = 0x0003, /// <summary> /// The WM_SIZE message is sent to a window after its size has changed. /// </summary> SIZE = 0x0005, /// <summary> /// The WM_ACTIVATE message is sent to both the window being activated and the window being deactivated. If the windows use the same input queue, the message is sent synchronously, first to the window procedure of the top-level window being deactivated, then to the window procedure of the top-level window being activated. If the windows use different input queues, the message is sent asynchronously, so the window is activated immediately. /// </summary> ACTIVATE = 0x0006, /// <summary> /// The WM_SETFOCUS message is sent to a window after it has gained the keyboard focus. /// </summary> SETFOCUS = 0x0007, /// <summary> /// The WM_KILLFOCUS message is sent to a window immediately before it loses the keyboard focus. /// </summary> KILLFOCUS = 0x0008, /// <summary> /// The WM_ENABLE message is sent when an application changes the enabled state of a window. It is sent to the window whose enabled state is changing. This message is sent before the EnableWindow function returns, but after the enabled state (WS_DISABLED style bit) of the window has changed. /// </summary> ENABLE = 0x000A, /// <summary> /// An application sends the WM_SETREDRAW message to a window to allow changes in that window to be redrawn or to prevent changes in that window from being redrawn. /// </summary> SETREDRAW = 0x000B, /// <summary> /// An application sends a WM_SETTEXT message to set the text of a window. /// </summary> SETTEXT = 0x000C, /// <summary> /// An application sends a WM_GETTEXT message to copy the text that corresponds to a window into a buffer provided by the caller. /// </summary> GETTEXT = 0x000D, /// <summary> /// An application sends a WM_GETTEXTLENGTH message to determine the length, in characters, of the text associated with a window. /// </summary> GETTEXTLENGTH = 0x000E, /// <summary> /// The WM_PAINT message is sent when the system or another application makes a request to paint a portion of an application's window. The message is sent when the UpdateWindow or RedrawWindow function is called, or by the DispatchMessage function when the application obtains a WM_PAINT message by using the GetMessage or PeekMessage function. /// </summary> PAINT = 0x000F, /// <summary> /// The WM_CLOSE message is sent as a signal that a window or an application should terminate. /// </summary> CLOSE = 0x0010, /// <summary> /// The WM_QUERYENDSESSION message is sent when the user chooses to end the session or when an application calls one of the system shutdown functions. If any application returns zero, the session is not ended. The system stops sending WM_QUERYENDSESSION messages as soon as one application returns zero. /// After processing this message, the system sends the WM_ENDSESSION message with the wParam parameter set to the results of the WM_QUERYENDSESSION message. /// </summary> QUERYENDSESSION = 0x0011, /// <summary> /// The WM_QUERYOPEN message is sent to an icon when the user requests that the window be restored to its previous size and position. /// </summary> QUERYOPEN = 0x0013, /// <summary> /// The WM_ENDSESSION message is sent to an application after the system processes the results of the WM_QUERYENDSESSION message. The WM_ENDSESSION message informs the application whether the session is ending. /// </summary> ENDSESSION = 0x0016, /// <summary> /// The WM_QUIT message indicates a request to terminate an application and is generated when the application calls the PostQuitMessage function. It causes the GetMessage function to return zero. /// </summary> QUIT = 0x0012, /// <summary> /// The WM_ERASEBKGND message is sent when the window background must be erased (for example, when a window is resized). The message is sent to prepare an invalidated portion of a window for painting. /// </summary> ERASEBKGND = 0x0014, /// <summary> /// This message is sent to all top-level windows when a change is made to a system color setting. /// </summary> SYSCOLORCHANGE = 0x0015, /// <summary> /// The WM_SHOWWINDOW message is sent to a window when the window is about to be hidden or shown. /// </summary> SHOWWINDOW = 0x0018, /// <summary> /// An application sends the WM_WININICHANGE message to all top-level windows after making a change to the WIN.INI file. The SystemParametersInfo function sends this message after an application uses the function to change a setting in WIN.INI. /// Note The WM_WININICHANGE message is provided only for compatibility with earlier versions of the system. Applications should use the WM_SETTINGCHANGE message. /// </summary> WININICHANGE = 0x001A, /// <summary> /// An application sends the WM_WININICHANGE message to all top-level windows after making a change to the WIN.INI file. The SystemParametersInfo function sends this message after an application uses the function to change a setting in WIN.INI. /// Note The WM_WININICHANGE message is provided only for compatibility with earlier versions of the system. Applications should use the WM_SETTINGCHANGE message. /// </summary> SETTINGCHANGE = WM.WININICHANGE, /// <summary> /// The WM_DEVMODECHANGE message is sent to all top-level windows whenever the user changes device-mode settings. /// </summary> DEVMODECHANGE = 0x001B, /// <summary> /// The WM_ACTIVATEAPP message is sent when a window belonging to a different application than the active window is about to be activated. The message is sent to the application whose window is being activated and to the application whose window is being deactivated. /// </summary> ACTIVATEAPP = 0x001C, /// <summary> /// An application sends the WM_FONTCHANGE message to all top-level windows in the system after changing the pool of font resources. /// </summary> FONTCHANGE = 0x001D, /// <summary> /// A message that is sent whenever there is a change in the system time. /// </summary> TIMECHANGE = 0x001E, /// <summary> /// The WM_CANCELMODE message is sent to cancel certain modes, such as mouse capture. For example, the system sends this message to the active window when a dialog box or message box is displayed. Certain functions also send this message explicitly to the specified window regardless of whether it is the active window. For example, the EnableWindow function sends this message when disabling the specified window. /// </summary> CANCELMODE = 0x001F, /// <summary> /// The WM_SETCURSOR message is sent to a window if the mouse causes the cursor to move within a window and mouse input is not captured. /// </summary> SETCURSOR = 0x0020, /// <summary> /// The WM_MOUSEACTIVATE message is sent when the cursor is in an inactive window and the user presses a mouse button. The parent window receives this message only if the child window passes it to the DefWindowProc function. /// </summary> MOUSEACTIVATE = 0x0021, /// <summary> /// The WM_CHILDACTIVATE message is sent to a child window when the user clicks the window's title bar or when the window is activated, moved, or sized. /// </summary> CHILDACTIVATE = 0x0022, /// <summary> /// The WM_QUEUESYNC message is sent by a computer-based training (CBT) application to separate user-input messages from other messages sent through the WH_JOURNALPLAYBACK Hook procedure. /// </summary> QUEUESYNC = 0x0023, /// <summary> /// The WM_GETMINMAXINFO message is sent to a window when the size or position of the window is about to change. An application can use this message to override the window's default maximized size and position, or its default minimum or maximum tracking size. /// </summary> GETMINMAXINFO = 0x0024, /// <summary> /// Windows NT 3.51 and earlier: The WM_PAINTICON message is sent to a minimized window when the icon is to be painted. This message is not sent by newer versions of Microsoft Windows, except in unusual circumstances explained in the Remarks. /// </summary> PAINTICON = 0x0026, /// <summary> /// Windows NT 3.51 and earlier: The WM_ICONERASEBKGND message is sent to a minimized window when the background of the icon must be filled before painting the icon. A window receives this message only if a class icon is defined for the window; otherwise, WM_ERASEBKGND is sent. This message is not sent by newer versions of Windows. /// </summary> ICONERASEBKGND = 0x0027, /// <summary> /// The WM_NEXTDLGCTL message is sent to a dialog box procedure to set the keyboard focus to a different control in the dialog box. /// </summary> NEXTDLGCTL = 0x0028, /// <summary> /// The WM_SPOOLERSTATUS message is sent from Print Manager whenever a job is added to or removed from the Print Manager queue. /// </summary> SPOOLERSTATUS = 0x002A, /// <summary> /// The WM_DRAWITEM message is sent to the parent window of an owner-drawn button, combo box, list box, or menu when a visual aspect of the button, combo box, list box, or menu has changed. /// </summary> DRAWITEM = 0x002B, /// <summary> /// The WM_MEASUREITEM message is sent to the owner window of a combo box, list box, list view control, or menu item when the control or menu is created. /// </summary> MEASUREITEM = 0x002C, /// <summary> /// Sent to the owner of a list box or combo box when the list box or combo box is destroyed or when items are removed by the LB_DELETESTRING, LB_RESETCONTENT, CB_DELETESTRING, or CB_RESETCONTENT message. The system sends a WM_DELETEITEM message for each deleted item. The system sends the WM_DELETEITEM message for any deleted list box or combo box item with nonzero item data. /// </summary> DELETEITEM = 0x002D, /// <summary> /// Sent by a list box with the LBS_WANTKEYBOARDINPUT style to its owner in response to a WM_KEYDOWN message. /// </summary> VKEYTOITEM = 0x002E, /// <summary> /// Sent by a list box with the LBS_WANTKEYBOARDINPUT style to its owner in response to a WM_CHAR message. /// </summary> CHARTOITEM = 0x002F, /// <summary> /// An application sends a WM_SETFONT message to specify the font that a control is to use when drawing text. /// </summary> SETFONT = 0x0030, /// <summary> /// An application sends a WM_GETFONT message to a control to retrieve the font with which the control is currently drawing its text. /// </summary> GETFONT = 0x0031, /// <summary> /// An application sends a WM_SETHOTKEY message to a window to associate a hot key with the window. When the user presses the hot key, the system activates the window. /// </summary> SETHOTKEY = 0x0032, /// <summary> /// An application sends a WM_GETHOTKEY message to determine the hot key associated with a window. /// </summary> GETHOTKEY = 0x0033, /// <summary> /// The WM_QUERYDRAGICON message is sent to a minimized (iconic) window. The window is about to be dragged by the user but does not have an icon defined for its class. An application can return a handle to an icon or cursor. The system displays this cursor or icon while the user drags the icon. /// </summary> QUERYDRAGICON = 0x0037, /// <summary> /// The system sends the WM_COMPAREITEM message to determine the relative position of a new item in the sorted list of an owner-drawn combo box or list box. Whenever the application adds a new item, the system sends this message to the owner of a combo box or list box created with the CBS_SORT or LBS_SORT style. /// </summary> COMPAREITEM = 0x0039, /// <summary> /// Active Accessibility sends the WM_GETOBJECT message to obtain information about an accessible object contained in a server application. /// Applications never send this message directly. It is sent only by Active Accessibility in response to calls to AccessibleObjectFromPoint, AccessibleObjectFromEvent, or AccessibleObjectFromWindow. However, server applications handle this message. /// </summary> GETOBJECT = 0x003D, /// <summary> /// The WM_COMPACTING message is sent to all top-level windows when the system detects more than 12.5 percent of system time over a 30- to 60-second interval is being spent compacting memory. This indicates that system memory is low. /// </summary> COMPACTING = 0x0041, /// <summary> /// WM_COMMNOTIFY is Obsolete for Win32-Based Applications /// </summary> [Obsolete] COMMNOTIFY = 0x0044, /// <summary> /// The WM_WINDOWPOSCHANGING message is sent to a window whose size, position, or place in the Z order is about to change as a result of a call to the SetWindowPos function or another window-management function. /// </summary> WINDOWPOSCHANGING = 0x0046, /// <summary> /// The WM_WINDOWPOSCHANGED message is sent to a window whose size, position, or place in the Z order has changed as a result of a call to the SetWindowPos function or another window-management function. /// </summary> WINDOWPOSCHANGED = 0x0047, /// <summary> /// Notifies applications that the system, typically a battery-powered personal computer, is about to enter a suspended mode. /// Use: POWERBROADCAST /// </summary> [Obsolete] POWER = 0x0048, /// <summary> /// An application sends the WM_COPYDATA message to pass data to another application. /// </summary> COPYDATA = 0x004A, /// <summary> /// The WM_CANCELJOURNAL message is posted to an application when a user cancels the application's journaling activities. The message is posted with a NULL window handle. /// </summary> CANCELJOURNAL = 0x004B, /// <summary> /// Sent by a common control to its parent window when an event has occurred or the control requires some information. /// </summary> NOTIFY = 0x004E, /// <summary> /// The WM_INPUTLANGCHANGEREQUEST message is posted to the window with the focus when the user chooses a new input language, either with the hotkey (specified in the Keyboard control panel application) or from the indicator on the system taskbar. An application can accept the change by passing the message to the DefWindowProc function or reject the change (and prevent it from taking place) by returning immediately. /// </summary> INPUTLANGCHANGEREQUEST = 0x0050, /// <summary> /// The WM_INPUTLANGCHANGE message is sent to the topmost affected window after an application's input language has been changed. You should make any application-specific settings and pass the message to the DefWindowProc function, which passes the message to all first-level child windows. These child windows can pass the message to DefWindowProc to have it pass the message to their child windows, and so on. /// </summary> INPUTLANGCHANGE = 0x0051, /// <summary> /// Sent to an application that has initiated a training card with Microsoft Windows Help. The message informs the application when the user clicks an authorable button. An application initiates a training card by specifying the HELP_TCARD command in a call to the WinHelp function. /// </summary> TCARD = 0x0052, /// <summary> /// Indicates that the user pressed the F1 key. If a menu is active when F1 is pressed, WM_HELP is sent to the window associated with the menu; otherwise, WM_HELP is sent to the window that has the keyboard focus. If no window has the keyboard focus, WM_HELP is sent to the currently active window. /// </summary> HELP = 0x0053, /// <summary> /// The WM_USERCHANGED message is sent to all windows after the user has logged on or off. When the user logs on or off, the system updates the user-specific settings. The system sends this message immediately after updating the settings. /// </summary> USERCHANGED = 0x0054, /// <summary> /// Determines if a window accepts ANSI or Unicode structures in the WM_NOTIFY notification message. WM_NOTIFYFORMAT messages are sent from a common control to its parent window and from the parent window to the common control. /// </summary> NOTIFYFORMAT = 0x0055, /// <summary> /// The WM_CONTEXTMENU message notifies a window that the user clicked the right mouse button (right-clicked) in the window. /// </summary> CONTEXTMENU = 0x007B, /// <summary> /// The WM_STYLECHANGING message is sent to a window when the SetWindowLong function is about to change one or more of the window's styles. /// </summary> STYLECHANGING = 0x007C, /// <summary> /// The WM_STYLECHANGED message is sent to a window after the SetWindowLong function has changed one or more of the window's styles /// </summary> STYLECHANGED = 0x007D, /// <summary> /// The WM_DISPLAYCHANGE message is sent to all windows when the display resolution has changed. /// </summary> DISPLAYCHANGE = 0x007E, /// <summary> /// The WM_GETICON message is sent to a window to retrieve a handle to the large or small icon associated with a window. The system displays the large icon in the ALT+TAB dialog, and the small icon in the window caption. /// </summary> GETICON = 0x007F, /// <summary> /// An application sends the WM_SETICON message to associate a new large or small icon with a window. The system displays the large icon in the ALT+TAB dialog box, and the small icon in the window caption. /// </summary> SETICON = 0x0080, /// <summary> /// The WM_NCCREATE message is sent prior to the WM_CREATE message when a window is first created. /// </summary> NCCREATE = 0x0081, /// <summary> /// The WM_NCDESTROY message informs a window that its nonclient area is being destroyed. The DestroyWindow function sends the WM_NCDESTROY message to the window following the WM_DESTROY message. WM_DESTROY is used to free the allocated memory object associated with the window. /// The WM_NCDESTROY message is sent after the child windows have been destroyed. In contrast, WM_DESTROY is sent before the child windows are destroyed. /// </summary> NCDESTROY = 0x0082, /// <summary> /// The WM_NCCALCSIZE message is sent when the size and position of a window's client area must be calculated. By processing this message, an application can control the content of the window's client area when the size or position of the window changes. /// </summary> NCCALCSIZE = 0x0083, /// <summary> /// The WM_NCHITTEST message is sent to a window when the cursor moves, or when a mouse button is pressed or released. If the mouse is not captured, the message is sent to the window beneath the cursor. Otherwise, the message is sent to the window that has captured the mouse. /// </summary> NCHITTEST = 0x0084, /// <summary> /// The WM_NCPAINT message is sent to a window when its frame must be painted. /// </summary> NCPAINT = 0x0085, /// <summary> /// The WM_NCACTIVATE message is sent to a window when its nonclient area needs to be changed to indicate an active or inactive state. /// </summary> NCACTIVATE = 0x0086, /// <summary> /// The WM_GETDLGCODE message is sent to the window procedure associated with a control. By default, the system handles all keyboard input to the control; the system interprets certain types of keyboard input as dialog box navigation keys. To override this default behavior, the control can respond to the WM_GETDLGCODE message to indicate the types of input it wants to process itself. /// </summary> GETDLGCODE = 0x0087, /// <summary> /// The WM_SYNCPAINT message is used to synchronize painting while avoiding linking independent GUI threads. /// </summary> SYNCPAINT = 0x0088, /// <summary> /// The WM_NCMOUSEMOVE message is posted to a window when the cursor is moved within the nonclient area of the window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCMOUSEMOVE = 0x00A0, /// <summary> /// The WM_NCLBUTTONDOWN message is posted when the user presses the left mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCLBUTTONDOWN = 0x00A1, /// <summary> /// The WM_NCLBUTTONUP message is posted when the user releases the left mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCLBUTTONUP = 0x00A2, /// <summary> /// The WM_NCLBUTTONDBLCLK message is posted when the user double-clicks the left mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCLBUTTONDBLCLK = 0x00A3, /// <summary> /// The WM_NCRBUTTONDOWN message is posted when the user presses the right mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCRBUTTONDOWN = 0x00A4, /// <summary> /// The WM_NCRBUTTONUP message is posted when the user releases the right mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCRBUTTONUP = 0x00A5, /// <summary> /// The WM_NCRBUTTONDBLCLK message is posted when the user double-clicks the right mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCRBUTTONDBLCLK = 0x00A6, /// <summary> /// The WM_NCMBUTTONDOWN message is posted when the user presses the middle mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCMBUTTONDOWN = 0x00A7, /// <summary> /// The WM_NCMBUTTONUP message is posted when the user releases the middle mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCMBUTTONUP = 0x00A8, /// <summary> /// The WM_NCMBUTTONDBLCLK message is posted when the user double-clicks the middle mouse button while the cursor is within the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCMBUTTONDBLCLK = 0x00A9, /// <summary> /// The WM_NCXBUTTONDOWN message is posted when the user presses the first or second X button while the cursor is in the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCXBUTTONDOWN = 0x00AB, /// <summary> /// The WM_NCXBUTTONUP message is posted when the user releases the first or second X button while the cursor is in the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCXBUTTONUP = 0x00AC, /// <summary> /// The WM_NCXBUTTONDBLCLK message is posted when the user double-clicks the first or second X button while the cursor is in the nonclient area of a window. This message is posted to the window that contains the cursor. If a window has captured the mouse, this message is not posted. /// </summary> NCXBUTTONDBLCLK = 0x00AD, /// <summary> /// The WM_INPUT_DEVICE_CHANGE message is sent to the window that registered to receive raw input. A window receives this message through its WindowProc function. /// </summary> INPUT_DEVICE_CHANGE = 0x00FE, /// <summary> /// The WM_INPUT message is sent to the window that is getting raw input. /// </summary> INPUT = 0x00FF, /// <summary> /// This message filters for keyboard messages. /// </summary> KEYFIRST = 0x0100, /// <summary> /// The WM_KEYDOWN message is posted to the window with the keyboard focus when a nonsystem key is pressed. A nonsystem key is a key that is pressed when the ALT key is not pressed. /// </summary> KEYDOWN = 0x0100, /// <summary> /// The WM_KEYUP message is posted to the window with the keyboard focus when a nonsystem key is released. A nonsystem key is a key that is pressed when the ALT key is not pressed, or a keyboard key that is pressed when a window has the keyboard focus. /// </summary> KEYUP = 0x0101, /// <summary> /// The WM_CHAR message is posted to the window with the keyboard focus when a WM_KEYDOWN message is translated by the TranslateMessage function. The WM_CHAR message contains the character code of the key that was pressed. /// </summary> CHAR = 0x0102, /// <summary> /// The WM_DEADCHAR message is posted to the window with the keyboard focus when a WM_KEYUP message is translated by the TranslateMessage function. WM_DEADCHAR specifies a character code generated by a dead key. A dead key is a key that generates a character, such as the umlaut (double-dot), that is combined with another character to form a composite character. For example, the umlaut-O character (Ö) is generated by typing the dead key for the umlaut character, and then typing the O key. /// </summary> DEADCHAR = 0x0103, /// <summary> /// The WM_SYSKEYDOWN message is posted to the window with the keyboard focus when the user presses the F10 key (which activates the menu bar) or holds down the ALT key and then presses another key. It also occurs when no window currently has the keyboard focus; in this case, the WM_SYSKEYDOWN message is sent to the active window. The window that receives the message can distinguish between these two contexts by checking the context code in the lParam parameter. /// </summary> SYSKEYDOWN = 0x0104, /// <summary> /// The WM_SYSKEYUP message is posted to the window with the keyboard focus when the user releases a key that was pressed while the ALT key was held down. It also occurs when no window currently has the keyboard focus; in this case, the WM_SYSKEYUP message is sent to the active window. The window that receives the message can distinguish between these two contexts by checking the context code in the lParam parameter. /// </summary> SYSKEYUP = 0x0105, /// <summary> /// The WM_SYSCHAR message is posted to the window with the keyboard focus when a WM_SYSKEYDOWN message is translated by the TranslateMessage function. It specifies the character code of a system character key — that is, a character key that is pressed while the ALT key is down. /// </summary> SYSCHAR = 0x0106, /// <summary> /// The WM_SYSDEADCHAR message is sent to the window with the keyboard focus when a WM_SYSKEYDOWN message is translated by the TranslateMessage function. WM_SYSDEADCHAR specifies the character code of a system dead key — that is, a dead key that is pressed while holding down the ALT key. /// </summary> SYSDEADCHAR = 0x0107, /// <summary> /// The WM_UNICHAR message is posted to the window with the keyboard focus when a WM_KEYDOWN message is translated by the TranslateMessage function. The WM_UNICHAR message contains the character code of the key that was pressed. /// The WM_UNICHAR message is equivalent to WM_CHAR, but it uses Unicode Transformation Format (UTF)-32, whereas WM_CHAR uses UTF-16. It is designed to send or post Unicode characters to ANSI windows and it can can handle Unicode Supplementary Plane characters. /// </summary> UNICHAR = 0x0109, /// <summary> /// This message filters for keyboard messages. /// </summary> KEYLAST = 0x0109, /// <summary> /// Sent immediately before the IME generates the composition string as a result of a keystroke. A window receives this message through its WindowProc function. /// </summary> IME_STARTCOMPOSITION = 0x010D, /// <summary> /// Sent to an application when the IME ends composition. A window receives this message through its WindowProc function. /// </summary> IME_ENDCOMPOSITION = 0x010E, /// <summary> /// Sent to an application when the IME changes composition status as a result of a keystroke. A window receives this message through its WindowProc function. /// </summary> IME_COMPOSITION = 0x010F, IME_KEYLAST = 0x010F, /// <summary> /// The WM_INITDIALOG message is sent to the dialog box procedure immediately before a dialog box is displayed. Dialog box procedures typically use this message to initialize controls and carry out any other initialization tasks that affect the appearance of the dialog box. /// </summary> INITDIALOG = 0x0110, /// <summary> /// The WM_COMMAND message is sent when the user selects a command item from a menu, when a control sends a notification message to its parent window, or when an accelerator keystroke is translated. /// </summary> COMMAND = 0x0111, /// <summary> /// A window receives this message when the user chooses a command from the Window menu, clicks the maximize button, minimize button, restore button, close button, or moves the form. You can stop the form from moving by filtering this out. /// </summary> SYSCOMMAND = 0x0112, /// <summary> /// The WM_TIMER message is posted to the installing thread's message queue when a timer expires. The message is posted by the GetMessage or PeekMessage function. /// </summary> TIMER = 0x0113, /// <summary> /// The WM_HSCROLL message is sent to a window when a scroll event occurs in the window's standard horizontal scroll bar. This message is also sent to the owner of a horizontal scroll bar control when a scroll event occurs in the control. /// </summary> HSCROLL = 0x0114, /// <summary> /// The WM_VSCROLL message is sent to a window when a scroll event occurs in the window's standard vertical scroll bar. This message is also sent to the owner of a vertical scroll bar control when a scroll event occurs in the control. /// </summary> VSCROLL = 0x0115, /// <summary> /// The WM_INITMENU message is sent when a menu is about to become active. It occurs when the user clicks an item on the menu bar or presses a menu key. This allows the application to modify the menu before it is displayed. /// </summary> INITMENU = 0x0116, /// <summary> /// The WM_INITMENUPOPUP message is sent when a drop-down menu or submenu is about to become active. This allows an application to modify the menu before it is displayed, without changing the entire menu. /// </summary> INITMENUPOPUP = 0x0117, /// <summary> /// The WM_MENUSELECT message is sent to a menu's owner window when the user selects a menu item. /// </summary> MENUSELECT = 0x011F, /// <summary> /// The WM_MENUCHAR message is sent when a menu is active and the user presses a key that does not correspond to any mnemonic or accelerator key. This message is sent to the window that owns the menu. /// </summary> MENUCHAR = 0x0120, /// <summary> /// The WM_ENTERIDLE message is sent to the owner window of a modal dialog box or menu that is entering an idle state. A modal dialog box or menu enters an idle state when no messages are waiting in its queue after it has processed one or more previous messages. /// </summary> ENTERIDLE = 0x0121, /// <summary> /// The WM_MENURBUTTONUP message is sent when the user releases the right mouse button while the cursor is on a menu item. /// </summary> MENURBUTTONUP = 0x0122, /// <summary> /// The WM_MENUDRAG message is sent to the owner of a drag-and-drop menu when the user drags a menu item. /// </summary> MENUDRAG = 0x0123, /// <summary> /// The WM_MENUGETOBJECT message is sent to the owner of a drag-and-drop menu when the mouse cursor enters a menu item or moves from the center of the item to the top or bottom of the item. /// </summary> MENUGETOBJECT = 0x0124, /// <summary> /// The WM_UNINITMENUPOPUP message is sent when a drop-down menu or submenu has been destroyed. /// </summary> UNINITMENUPOPUP = 0x0125, /// <summary> /// The WM_MENUCOMMAND message is sent when the user makes a selection from a menu. /// </summary> MENUCOMMAND = 0x0126, /// <summary> /// An application sends the WM_CHANGEUISTATE message to indicate that the user interface (UI) state should be changed. /// </summary> CHANGEUISTATE = 0x0127, /// <summary> /// An application sends the WM_UPDATEUISTATE message to change the user interface (UI) state for the specified window and all its child windows. /// </summary> UPDATEUISTATE = 0x0128, /// <summary> /// An application sends the WM_QUERYUISTATE message to retrieve the user interface (UI) state for a window. /// </summary> QUERYUISTATE = 0x0129, /// <summary> /// The WM_CTLCOLORMSGBOX message is sent to the owner window of a message box before Windows draws the message box. By responding to this message, the owner window can set the text and background colors of the message box by using the given display device context handle. /// </summary> CTLCOLORMSGBOX = 0x0132, /// <summary> /// An edit control that is not read-only or disabled sends the WM_CTLCOLOREDIT message to its parent window when the control is about to be drawn. By responding to this message, the parent window can use the specified device context handle to set the text and background colors of the edit control. /// </summary> CTLCOLOREDIT = 0x0133, /// <summary> /// Sent to the parent window of a list box before the system draws the list box. By responding to this message, the parent window can set the text and background colors of the list box by using the specified display device context handle. /// </summary> CTLCOLORLISTBOX = 0x0134, /// <summary> /// The WM_CTLCOLORBTN message is sent to the parent window of a button before drawing the button. The parent window can change the button's text and background colors. However, only owner-drawn buttons respond to the parent window processing this message. /// </summary> CTLCOLORBTN = 0x0135, /// <summary> /// The WM_CTLCOLORDLG message is sent to a dialog box before the system draws the dialog box. By responding to this message, the dialog box can set its text and background colors using the specified display device context handle. /// </summary> CTLCOLORDLG = 0x0136, /// <summary> /// The WM_CTLCOLORSCROLLBAR message is sent to the parent window of a scroll bar control when the control is about to be drawn. By responding to this message, the parent window can use the display context handle to set the background color of the scroll bar control. /// </summary> CTLCOLORSCROLLBAR = 0x0137, /// <summary> /// A static control, or an edit control that is read-only or disabled, sends the WM_CTLCOLORSTATIC message to its parent window when the control is about to be drawn. By responding to this message, the parent window can use the specified device context handle to set the text and background colors of the static control. /// </summary> CTLCOLORSTATIC = 0x0138, /// <summary> /// Use WM_MOUSEFIRST to specify the first mouse message. Use the PeekMessage() Function. /// </summary> MOUSEFIRST = 0x0200, /// <summary> /// The WM_MOUSEMOVE message is posted to a window when the cursor moves. If the mouse is not captured, the message is posted to the window that contains the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> MOUSEMOVE = 0x0200, /// <summary> /// The WM_LBUTTONDOWN message is posted when the user presses the left mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> LBUTTONDOWN = 0x0201, /// <summary> /// The WM_LBUTTONUP message is posted when the user releases the left mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> LBUTTONUP = 0x0202, /// <summary> /// The WM_LBUTTONDBLCLK message is posted when the user double-clicks the left mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> LBUTTONDBLCLK = 0x0203, /// <summary> /// The WM_RBUTTONDOWN message is posted when the user presses the right mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> RBUTTONDOWN = 0x0204, /// <summary> /// The WM_RBUTTONUP message is posted when the user releases the right mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> RBUTTONUP = 0x0205, /// <summary> /// The WM_RBUTTONDBLCLK message is posted when the user double-clicks the right mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> RBUTTONDBLCLK = 0x0206, /// <summary> /// The WM_MBUTTONDOWN message is posted when the user presses the middle mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> MBUTTONDOWN = 0x0207, /// <summary> /// The WM_MBUTTONUP message is posted when the user releases the middle mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> MBUTTONUP = 0x0208, /// <summary> /// The WM_MBUTTONDBLCLK message is posted when the user double-clicks the middle mouse button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> MBUTTONDBLCLK = 0x0209, /// <summary> /// The WM_MOUSEWHEEL message is sent to the focus window when the mouse wheel is rotated. The DefWindowProc function propagates the message to the window's parent. There should be no internal forwarding of the message, since DefWindowProc propagates it up the parent chain until it finds a window that processes it. /// </summary> MOUSEWHEEL = 0x020A, /// <summary> /// The WM_XBUTTONDOWN message is posted when the user presses the first or second X button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> XBUTTONDOWN = 0x020B, /// <summary> /// The WM_XBUTTONUP message is posted when the user releases the first or second X button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> XBUTTONUP = 0x020C, /// <summary> /// The WM_XBUTTONDBLCLK message is posted when the user double-clicks the first or second X button while the cursor is in the client area of a window. If the mouse is not captured, the message is posted to the window beneath the cursor. Otherwise, the message is posted to the window that has captured the mouse. /// </summary> XBUTTONDBLCLK = 0x020D, /// <summary> /// The WM_MOUSEHWHEEL message is sent to the focus window when the mouse's horizontal scroll wheel is tilted or rotated. The DefWindowProc function propagates the message to the window's parent. There should be no internal forwarding of the message, since DefWindowProc propagates it up the parent chain until it finds a window that processes it. /// </summary> MOUSEHWHEEL = 0x020E, /// <summary> /// Use WM_MOUSELAST to specify the last mouse message. Used with PeekMessage() Function. /// </summary> MOUSELAST = 0x020E, /// <summary> /// The WM_PARENTNOTIFY message is sent to the parent of a child window when the child window is created or destroyed, or when the user clicks a mouse button while the cursor is over the child window. When the child window is being created, the system sends WM_PARENTNOTIFY just before the CreateWindow or CreateWindowEx function that creates the window returns. When the child window is being destroyed, the system sends the message before any processing to destroy the window takes place. /// </summary> PARENTNOTIFY = 0x0210, /// <summary> /// The WM_ENTERMENULOOP message informs an application's main window procedure that a menu modal loop has been entered. /// </summary> ENTERMENULOOP = 0x0211, /// <summary> /// The WM_EXITMENULOOP message informs an application's main window procedure that a menu modal loop has been exited. /// </summary> EXITMENULOOP = 0x0212, /// <summary> /// The WM_NEXTMENU message is sent to an application when the right or left arrow key is used to switch between the menu bar and the system menu. /// </summary> NEXTMENU = 0x0213, /// <summary> /// The WM_SIZING message is sent to a window that the user is resizing. By processing this message, an application can monitor the size and position of the drag rectangle and, if needed, change its size or position. /// </summary> SIZING = 0x0214, /// <summary> /// The WM_CAPTURECHANGED message is sent to the window that is losing the mouse capture. /// </summary> CAPTURECHANGED = 0x0215, /// <summary> /// The WM_MOVING message is sent to a window that the user is moving. By processing this message, an application can monitor the position of the drag rectangle and, if needed, change its position. /// </summary> MOVING = 0x0216, /// <summary> /// Notifies applications that a power-management event has occurred. /// </summary> POWERBROADCAST = 0x0218, /// <summary> /// Notifies an application of a change to the hardware configuration of a device or the computer. /// </summary> DEVICECHANGE = 0x0219, /// <summary> /// An application sends the WM_MDICREATE message to a multiple-document interface (MDI) client window to create an MDI child window. /// </summary> MDICREATE = 0x0220, /// <summary> /// An application sends the WM_MDIDESTROY message to a multiple-document interface (MDI) client window to close an MDI child window. /// </summary> MDIDESTROY = 0x0221, /// <summary> /// An application sends the WM_MDIACTIVATE message to a multiple-document interface (MDI) client window to instruct the client window to activate a different MDI child window. /// </summary> MDIACTIVATE = 0x0222, /// <summary> /// An application sends the WM_MDIRESTORE message to a multiple-document interface (MDI) client window to restore an MDI child window from maximized or minimized size. /// </summary> MDIRESTORE = 0x0223, /// <summary> /// An application sends the WM_MDINEXT message to a multiple-document interface (MDI) client window to activate the next or previous child window. /// </summary> MDINEXT = 0x0224, /// <summary> /// An application sends the WM_MDIMAXIMIZE message to a multiple-document interface (MDI) client window to maximize an MDI child window. The system resizes the child window to make its client area fill the client window. The system places the child window's window menu icon in the rightmost position of the frame window's menu bar, and places the child window's restore icon in the leftmost position. The system also appends the title bar text of the child window to that of the frame window. /// </summary> MDIMAXIMIZE = 0x0225, /// <summary> /// An application sends the WM_MDITILE message to a multiple-document interface (MDI) client window to arrange all of its MDI child windows in a tile format. /// </summary> MDITILE = 0x0226, /// <summary> /// An application sends the WM_MDICASCADE message to a multiple-document interface (MDI) client window to arrange all its child windows in a cascade format. /// </summary> MDICASCADE = 0x0227, /// <summary> /// An application sends the WM_MDIICONARRANGE message to a multiple-document interface (MDI) client window to arrange all minimized MDI child windows. It does not affect child windows that are not minimized. /// </summary> MDIICONARRANGE = 0x0228, /// <summary> /// An application sends the WM_MDIGETACTIVE message to a multiple-document interface (MDI) client window to retrieve the handle to the active MDI child window. /// </summary> MDIGETACTIVE = 0x0229, /// <summary> /// An application sends the WM_MDISETMENU message to a multiple-document interface (MDI) client window to replace the entire menu of an MDI frame window, to replace the window menu of the frame window, or both. /// </summary> MDISETMENU = 0x0230, /// <summary> /// The WM_ENTERSIZEMOVE message is sent one time to a window after it enters the moving or sizing modal loop. The window enters the moving or sizing modal loop when the user clicks the window's title bar or sizing border, or when the window passes the WM_SYSCOMMAND message to the DefWindowProc function and the wParam parameter of the message specifies the SC_MOVE or SC_SIZE value. The operation is complete when DefWindowProc returns. /// The system sends the WM_ENTERSIZEMOVE message regardless of whether the dragging of full windows is enabled. /// </summary> ENTERSIZEMOVE = 0x0231, /// <summary> /// The WM_EXITSIZEMOVE message is sent one time to a window, after it has exited the moving or sizing modal loop. The window enters the moving or sizing modal loop when the user clicks the window's title bar or sizing border, or when the window passes the WM_SYSCOMMAND message to the DefWindowProc function and the wParam parameter of the message specifies the SC_MOVE or SC_SIZE value. The operation is complete when DefWindowProc returns. /// </summary> EXITSIZEMOVE = 0x0232, /// <summary> /// Sent when the user drops a file on the window of an application that has registered itself as a recipient of dropped files. /// </summary> DROPFILES = 0x0233, /// <summary> /// An application sends the WM_MDIREFRESHMENU message to a multiple-document interface (MDI) client window to refresh the window menu of the MDI frame window. /// </summary> MDIREFRESHMENU = 0x0234, /// <summary> /// Sent to an application when a window is activated. A window receives this message through its WindowProc function. /// </summary> IME_SETCONTEXT = 0x0281, /// <summary> /// Sent to an application to notify it of changes to the IME window. A window receives this message through its WindowProc function. /// </summary> IME_NOTIFY = 0x0282, /// <summary> /// Sent by an application to direct the IME window to carry out the requested command. The application uses this message to control the IME window that it has created. To send this message, the application calls the SendMessage function with the following parameters. /// </summary> IME_CONTROL = 0x0283, /// <summary> /// Sent to an application when the IME window finds no space to extend the area for the composition window. A window receives this message through its WindowProc function. /// </summary> IME_COMPOSITIONFULL = 0x0284, /// <summary> /// Sent to an application when the operating system is about to change the current IME. A window receives this message through its WindowProc function. /// </summary> IME_SELECT = 0x0285, /// <summary> /// Sent to an application when the IME gets a character of the conversion result. A window receives this message through its WindowProc function. /// </summary> IME_CHAR = 0x0286, /// <summary> /// Sent to an application to provide commands and request information. A window receives this message through its WindowProc function. /// </summary> IME_REQUEST = 0x0288, /// <summary> /// Sent to an application by the IME to notify the application of a key press and to keep message order. A window receives this message through its WindowProc function. /// </summary> IME_KEYDOWN = 0x0290, /// <summary> /// Sent to an application by the IME to notify the application of a key release and to keep message order. A window receives this message through its WindowProc function. /// </summary> IME_KEYUP = 0x0291, /// <summary> /// The WM_MOUSEHOVER message is posted to a window when the cursor hovers over the client area of the window for the period of time specified in a prior call to TrackMouseEvent. /// </summary> MOUSEHOVER = 0x02A1, /// <summary> /// The WM_MOUSELEAVE message is posted to a window when the cursor leaves the client area of the window specified in a prior call to TrackMouseEvent. /// </summary> MOUSELEAVE = 0x02A3, /// <summary> /// The WM_NCMOUSEHOVER message is posted to a window when the cursor hovers over the nonclient area of the window for the period of time specified in a prior call to TrackMouseEvent. /// </summary> NCMOUSEHOVER = 0x02A0, /// <summary> /// The WM_NCMOUSELEAVE message is posted to a window when the cursor leaves the nonclient area of the window specified in a prior call to TrackMouseEvent. /// </summary> NCMOUSELEAVE = 0x02A2, /// <summary> /// The WM_WTSSESSION_CHANGE message notifies applications of changes in session state. /// </summary> WTSSESSION_CHANGE = 0x02B1, TABLET_FIRST = 0x02c0, TABLET_LAST = 0x02df, /// <summary> /// An application sends a WM_CUT message to an edit control or combo box to delete (cut) the current selection, if any, in the edit control and copy the deleted text to the clipboard in CF_TEXT format. /// </summary> CUT = 0x0300, /// <summary> /// An application sends the WM_COPY message to an edit control or combo box to copy the current selection to the clipboard in CF_TEXT format. /// </summary> COPY = 0x0301, /// <summary> /// An application sends a WM_PASTE message to an edit control or combo box to copy the current content of the clipboard to the edit control at the current caret position. Data is inserted only if the clipboard contains data in CF_TEXT format. /// </summary> PASTE = 0x0302, /// <summary> /// An application sends a WM_CLEAR message to an edit control or combo box to delete (clear) the current selection, if any, from the edit control. /// </summary> CLEAR = 0x0303, /// <summary> /// An application sends a WM_UNDO message to an edit control to undo the last operation. When this message is sent to an edit control, the previously deleted text is restored or the previously added text is deleted. /// </summary> UNDO = 0x0304, /// <summary> /// The WM_RENDERFORMAT message is sent to the clipboard owner if it has delayed rendering a specific clipboard format and if an application has requested data in that format. The clipboard owner must render data in the specified format and place it on the clipboard by calling the SetClipboardData function. /// </summary> RENDERFORMAT = 0x0305, /// <summary> /// The WM_RENDERALLFORMATS message is sent to the clipboard owner before it is destroyed, if the clipboard owner has delayed rendering one or more clipboard formats. For the content of the clipboard to remain available to other applications, the clipboard owner must render data in all the formats it is capable of generating, and place the data on the clipboard by calling the SetClipboardData function. /// </summary> RENDERALLFORMATS = 0x0306, /// <summary> /// The WM_DESTROYCLIPBOARD message is sent to the clipboard owner when a call to the EmptyClipboard function empties the clipboard. /// </summary> DESTROYCLIPBOARD = 0x0307, /// <summary> /// The WM_DRAWCLIPBOARD message is sent to the first window in the clipboard viewer chain when the content of the clipboard changes. This enables a clipboard viewer window to display the new content of the clipboard. /// </summary> DRAWCLIPBOARD = 0x0308, /// <summary> /// The WM_PAINTCLIPBOARD message is sent to the clipboard owner by a clipboard viewer window when the clipboard contains data in the CF_OWNERDISPLAY format and the clipboard viewer's client area needs repainting. /// </summary> PAINTCLIPBOARD = 0x0309, /// <summary> /// The WM_VSCROLLCLIPBOARD message is sent to the clipboard owner by a clipboard viewer window when the clipboard contains data in the CF_OWNERDISPLAY format and an event occurs in the clipboard viewer's vertical scroll bar. The owner should scroll the clipboard image and update the scroll bar values. /// </summary> VSCROLLCLIPBOARD = 0x030A, /// <summary> /// The WM_SIZECLIPBOARD message is sent to the clipboard owner by a clipboard viewer window when the clipboard contains data in the CF_OWNERDISPLAY format and the clipboard viewer's client area has changed size. /// </summary> SIZECLIPBOARD = 0x030B, /// <summary> /// The WM_ASKCBFORMATNAME message is sent to the clipboard owner by a clipboard viewer window to request the name of a CF_OWNERDISPLAY clipboard format. /// </summary> ASKCBFORMATNAME = 0x030C, /// <summary> /// The WM_CHANGECBCHAIN message is sent to the first window in the clipboard viewer chain when a window is being removed from the chain. /// </summary> CHANGECBCHAIN = 0x030D, /// <summary> /// The WM_HSCROLLCLIPBOARD message is sent to the clipboard owner by a clipboard viewer window. This occurs when the clipboard contains data in the CF_OWNERDISPLAY format and an event occurs in the clipboard viewer's horizontal scroll bar. The owner should scroll the clipboard image and update the scroll bar values. /// </summary> HSCROLLCLIPBOARD = 0x030E, /// <summary> /// This message informs a window that it is about to receive the keyboard focus, giving the window the opportunity to realize its logical palette when it receives the focus. /// </summary> QUERYNEWPALETTE = 0x030F, /// <summary> /// The WM_PALETTEISCHANGING message informs applications that an application is going to realize its logical palette. /// </summary> PALETTEISCHANGING = 0x0310, /// <summary> /// This message is sent by the OS to all top-level and overlapped windows after the window with the keyboard focus realizes its logical palette. /// This message enables windows that do not have the keyboard focus to realize their logical palettes and update their client areas. /// </summary> PALETTECHANGED = 0x0311, /// <summary> /// The WM_HOTKEY message is posted when the user presses a hot key registered by the RegisterHotKey function. The message is placed at the top of the message queue associated with the thread that registered the hot key. /// </summary> HOTKEY = 0x0312, /// <summary> /// The WM_PRINT message is sent to a window to request that it draw itself in the specified device context, most commonly in a printer device context. /// </summary> PRINT = 0x0317, /// <summary> /// The WM_PRINTCLIENT message is sent to a window to request that it draw its client area in the specified device context, most commonly in a printer device context. /// </summary> PRINTCLIENT = 0x0318, /// <summary> /// The WM_APPCOMMAND message notifies a window that the user generated an application command event, for example, by clicking an application command button using the mouse or typing an application command key on the keyboard. /// </summary> APPCOMMAND = 0x0319, /// <summary> /// The WM_THEMECHANGED message is broadcast to every window following a theme change event. Examples of theme change events are the activation of a theme, the deactivation of a theme, or a transition from one theme to another. /// </summary> THEMECHANGED = 0x031A, /// <summary> /// Sent when the contents of the clipboard have changed. /// </summary> CLIPBOARDUPDATE = 0x031D, /// <summary> /// The system will send a window the WM_DWMCOMPOSITIONCHANGED message to indicate that the availability of desktop composition has changed. /// </summary> DWMCOMPOSITIONCHANGED = 0x031E, /// <summary> /// WM_DWMNCRENDERINGCHANGED is called when the non-client area rendering status of a window has changed. Only windows that have set the flag DWM_BLURBEHIND.fTransitionOnMaximized to true will get this message. /// </summary> DWMNCRENDERINGCHANGED = 0x031F, /// <summary> /// Sent to all top-level windows when the colorization color has changed. /// </summary> DWMCOLORIZATIONCOLORCHANGED = 0x0320, /// <summary> /// WM_DWMWINDOWMAXIMIZEDCHANGE will let you know when a DWM composed window is maximized. You also have to register for this message as well. You'd have other windowd go opaque when this message is sent. /// </summary> DWMWINDOWMAXIMIZEDCHANGE = 0x0321, /// <summary> /// Sent to request extended title bar information. A window receives this message through its WindowProc function. /// </summary> GETTITLEBARINFOEX = 0x033F, HANDHELDFIRST = 0x0358, HANDHELDLAST = 0x035F, AFXFIRST = 0x0360, AFXLAST = 0x037F, PENWINFIRST = 0x0380, PENWINLAST = 0x038F, /// <summary> /// The WM_APP constant is used by applications to help define private messages, usually of the form WM_APP+X, where X is an integer value. /// </summary> APP = 0x8000, /// <summary> /// The WM_USER constant is used by applications to help define private messages for use by private window classes, usually of the form WM_USER+X, where X is an integer value. /// </summary> USER = 0x0400, /// <summary> /// An application sends the WM_CPL_LAUNCH message to Windows Control Panel to request that a Control Panel application be started. /// </summary> CPL_LAUNCH = USER + 0x1000, /// <summary> /// The WM_CPL_LAUNCHED message is sent when a Control Panel application, started by the WM_CPL_LAUNCH message, has closed. The WM_CPL_LAUNCHED message is sent to the window identified by the wParam parameter of the WM_CPL_LAUNCH message that started the application. /// </summary> CPL_LAUNCHED = USER + 0x1001, /// <summary> /// WM_SYSTIMER is a well-known yet still undocumented message. Windows uses WM_SYSTIMER for internal actions like scrolling. /// </summary> SYSTIMER = 0x118 } }
LockInput.cs
using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; using System.Diagnostics; using System.Reflection; namespace Bluefire.LockKeyBoard { public class LockInput { public IntPtr m_lHookID = IntPtr.Zero; private uint[] mlShellCode = new uint[Win32.SHELL_CODE_DWORDLEN - 1]; public void Lock(Boolean isLock) { int lResualt; ushort iAtom; iAtom = Win32.GlobalFindAtom(Win32.SHELL_FALG); if (iAtom == 0) { lResualt = InsertAsmCode(); } iAtom = Win32.GlobalFindAtom(Win32.ATOM_FLAG); if (isLock) { m_lHookID = Win32.SetWindowsHookEx(HookType.WH_KEYBOARD_LL, new HookProc(LowLevelKeyboardProc), Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]), 0); if (iAtom == 0) { iAtom = Win32.GlobalAddAtom(Win32.ATOM_FLAG); } } else { Win32.UnhookWindowsHookEx(m_lHookID); if (iAtom != 0) { Win32.GlobalDeleteAtom(iAtom); } } Win32.BlockInput(isLock); } private Boolean GetKeyboardState() { Boolean GetKeyboardState = Win32.GlobalFindAtom(Win32.ATOM_FLAG) != 0; return GetKeyboardState; } private int LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam) { KBDLLHOOKSTRUCT KBEvent = new KBDLLHOOKSTRUCT(); if (nCode == 0) { Marshal.StructureToPtr(KBEvent, lParam, true); return 1; } else { return Win32.CallNextHookEx(m_lHookID, nCode, wParam.ToInt32(), lParam.ToInt32()).ToInt32(); } } private int InsertAsmCode() { const string WinLogon = "Winlogon.exe"; IntPtr hProcess; int hPId; bool lResult; TOKEN_PRIVILEGES pToken; IntPtr hToken; IntPtr hRemoteThread, hRemoteThreadID, lRemoteAddr; hPId = GetProcessIdFromName(WinLogon); if (hPId == 0) { return Marshal.GetLastWin32Error(); } lResult = Win32.OpenProcessToken(Win32.GetCurrentProcess(), Win32.TOKEN_ADJUST_PRIVILEGES | Win32.TOKEN_QUERY, out hToken); LUID id; lResult = Win32.LookupPrivilegeValue("", Win32.SE_DEBUG_NAME, out id); pToken.Privileges.pLuid = id; pToken.PrivilegeCount = 1; pToken.Privileges.Attributes = Win32.SE_PRIVILEGE_ENABLED; TOKEN_PRIVILEGES tp = new TOKEN_PRIVILEGES(); uint rect = 0; lResult = Win32.AdjustTokenPrivileges(hToken, false, ref pToken, (uint)Marshal.SizeOf(pToken), ref tp, out rect); hProcess = Win32.OpenProcess(ProcessAccessFlags.All, false, hPId); if (hProcess != IntPtr.Zero) { InitShellCode(); } else { return Marshal.GetLastWin32Error(); } lRemoteAddr = Win32.VirtualAllocEx(hProcess, IntPtr.Zero, (uint)Win32.SHELL_CODE_LENGTH, AllocationType.Commit, MemoryProtection.ExecuteReadWrite); int ret = 0; if (lRemoteAddr != IntPtr.Zero) { int outret; bool rects = Win32.WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode, (uint)Win32.SHELL_CODE_LENGTH, out outret); } else { ret = Marshal.GetLastWin32Error(); return ret; } hRemoteThread = Win32.CreateRemoteThread(hProcess, IntPtr.Zero, 0, lRemoteAddr.ToInt32() + Win32.SHELL_FUNCOFFSET, IntPtr.Zero, 0, out hRemoteThreadID); if (hRemoteThread == IntPtr.Zero) { ret = Marshal.GetLastWin32Error(); return ret; } Win32.WaitForSingleObject(hRemoteThreadID, -1); Win32.GetExitCodeThread(hRemoteThreadID, out ret); Win32.CloseHandle(hRemoteThread); Win32.VirtualFreeEx(hRemoteThread, lRemoteAddr, Win32.SHELL_CODE_LENGTH, FreeType.Decommit); return ret; } private int GetProcessIdFromName(string name) { Process[] ps = Process.GetProcesses(); foreach (Process item in ps) { if (item.ProcessName.ToLower().Replace(".exe", "") == name.ToLower().Replace(".exe", "")) { return item.Id; } } return -1; } private void InitShellCode() { const string kernel32 = "kernel32.dll"; IntPtr hDll; hDll = Win32.GetModuleHandle(kernel32); mlShellCode[0] = Win32.GetProcAddress(hDll, "GetModuleHandleW").ToUInt32(); mlShellCode[1] = Win32.GetProcAddress(hDll, "GetProcAddress").ToUInt32(); mlShellCode[2] = 0xE853; mlShellCode[3] = 0x815B0000; mlShellCode[4] = 0x40100EEB; mlShellCode[5] = 0x238E800; mlShellCode[6] = 0xC00B0000; mlShellCode[7] = 0x838D5075; mlShellCode[8] = 0x4010B0; mlShellCode[9] = 0xD093FF50; mlShellCode[10] = 0xF004013; mlShellCode[11] = 0xC00BC0B7; mlShellCode[12] = 0x683A75; mlShellCode[13] = 0x6A020000; mlShellCode[14] = 0x8D006A00; mlShellCode[15] = 0x4010B083; mlShellCode[16] = 0x93FF5000; mlShellCode[17] = 0x401090; mlShellCode[18] = 0x1874C00B; mlShellCode[19] = 0x10C2938D; mlShellCode[20] = 0x6A0040; mlShellCode[21] = 0x93FF5052; mlShellCode[22] = 0x401094; mlShellCode[23] = 0x474C00B; mlShellCode[24] = 0xAEB0AEB; mlShellCode[25] = 0x108C93FF; mlShellCode[26] = 0x2EB0040; mlShellCode[27] = 0xC25BC033; mlShellCode[28] = 0xFF8B0004; mlShellCode[38] = 0x410053; mlShellCode[39] = 0x200053; mlShellCode[40] = 0x690077; mlShellCode[41] = 0x64006E; mlShellCode[42] = 0x77006F; mlShellCode[43] = 0xFF8B0000; mlShellCode[44] = 0x690057; mlShellCode[45] = 0x6C006E; mlShellCode[46] = 0x67006F; mlShellCode[47] = 0x6E006F; mlShellCode[48] = 0x8B550000; mlShellCode[49] = 0xF0C481EC; mlShellCode[50] = 0x53FFFFFD; mlShellCode[51] = 0xE8; mlShellCode[52] = 0xEB815B00; mlShellCode[53] = 0x4010D1; mlShellCode[54] = 0x10468; mlShellCode[55] = 0xF8858D00; mlShellCode[56] = 0x50FFFFFD; mlShellCode[57] = 0xFF0875FF; mlShellCode[58] = 0x40108093; mlShellCode[59] = 0xF8858D00; mlShellCode[60] = 0x50FFFFFD; mlShellCode[61] = 0x1098838D; mlShellCode[62] = 0xFF500040; mlShellCode[63] = 0x40107C93; mlShellCode[64] = 0x75C00B00; mlShellCode[65] = 0x68406A69; mlShellCode[66] = 0x1000; mlShellCode[67] = 0x7668; mlShellCode[68] = 0xFF006A00; mlShellCode[69] = 0x40107493; mlShellCode[70] = 0x74C00B00; mlShellCode[71] = 0x85896054; mlShellCode[72] = 0xFFFFFDF0; mlShellCode[73] = 0x75FFFC6A; mlShellCode[74] = 0x8493FF08; mlShellCode[75] = 0x8D004010; mlShellCode[76] = 0x4013C893; mlShellCode[77] = 0xFC028900; mlShellCode[78] = 0xFDF0BD8B; mlShellCode[79] = 0x76B9FFFF; mlShellCode[80] = 0x8D000000; mlShellCode[81] = 0x401374B3; mlShellCode[82] = 0x8DA4F300; mlShellCode[83] = 0x4010B083; mlShellCode[84] = 0x93FF5000; mlShellCode[85] = 0x401078; mlShellCode[86] = 0xFDF0B5FF; mlShellCode[87] = 0xFC6AFFFF; mlShellCode[88] = 0xFF0875FF; mlShellCode[89] = 0x40108893; mlShellCode[90] = 0xC0336100; mlShellCode[91] = 0xC03303EB; mlShellCode[92] = 0xC2C95B40; mlShellCode[93] = 0x6B0008; mlShellCode[94] = 0x720065; mlShellCode[95] = 0x65006E; mlShellCode[96] = 0x33006C; mlShellCode[97] = 0x2E0032; mlShellCode[98] = 0x6C0064; mlShellCode[99] = 0x6C; mlShellCode[100] = 0x730075; mlShellCode[101] = 0x720065; mlShellCode[102] = 0x320033; mlShellCode[103] = 0x64002E; mlShellCode[104] = 0x6C006C; mlShellCode[105] = 0x69560000; mlShellCode[106] = 0x61757472; mlShellCode[107] = 0x6572466C; mlShellCode[108] = 0x6C470065; mlShellCode[109] = 0x6C61626F; mlShellCode[110] = 0x646E6946; mlShellCode[111] = 0x6D6F7441; mlShellCode[112] = 0x6C470057; mlShellCode[113] = 0x6C61626F; mlShellCode[114] = 0x41646441; mlShellCode[115] = 0x576D6F74; mlShellCode[116] = 0x74736C00; mlShellCode[117] = 0x706D6372; mlShellCode[118] = 0x4F005769; mlShellCode[119] = 0x446E6570; mlShellCode[120] = 0x746B7365; mlShellCode[121] = 0x57706F; mlShellCode[122] = 0x6D756E45; mlShellCode[123] = 0x6B736544; mlShellCode[124] = 0x57706F74; mlShellCode[125] = 0x6F646E69; mlShellCode[126] = 0x47007377; mlShellCode[127] = 0x69577465; mlShellCode[128] = 0x776F646E; mlShellCode[129] = 0x74786554; mlShellCode[130] = 0x65470057; mlShellCode[131] = 0x6E695774; mlShellCode[132] = 0x4C776F64; mlShellCode[133] = 0x57676E6F; mlShellCode[134] = 0x74655300; mlShellCode[135] = 0x646E6957; mlShellCode[136] = 0x6F4C776F; mlShellCode[137] = 0x57676E; mlShellCode[138] = 0x6C6C6143; mlShellCode[139] = 0x646E6957; mlShellCode[140] = 0x7250776F; mlShellCode[141] = 0x57636F; mlShellCode[142] = 0x4C746547; mlShellCode[143] = 0x45747361; mlShellCode[144] = 0x726F7272; mlShellCode[145] = 0x72695600; mlShellCode[146] = 0x6C617574; mlShellCode[147] = 0x6F6C6C41; mlShellCode[148] = 0x8B550063; mlShellCode[149] = 0xFCC483EC; mlShellCode[150] = 0x48C03360; mlShellCode[151] = 0x8DFC4589; mlShellCode[152] = 0x40117683; mlShellCode[153] = 0x93FF5000; mlShellCode[154] = 0x401000; mlShellCode[155] = 0x840FC00B; mlShellCode[156] = 0xFA; mlShellCode[157] = 0x838DF88B; mlShellCode[158] = 0x401190; mlShellCode[159] = 0x93FF50; mlShellCode[160] = 0xB004010; mlShellCode[161] = 0xE3840FC0; mlShellCode[162] = 0x8B000000; mlShellCode[163] = 0x45838DF0; mlShellCode[164] = 0x50004012; mlShellCode[165] = 0x493FF57; mlShellCode[166] = 0x89004010; mlShellCode[167] = 0x40107483; mlShellCode[168] = 0x38838D00; mlShellCode[169] = 0x50004012; mlShellCode[170] = 0x493FF57; mlShellCode[171] = 0x89004010; mlShellCode[172] = 0x40108C83; mlShellCode[173] = 0xC2838D00; mlShellCode[174] = 0x50004011; mlShellCode[175] = 0x493FF57; mlShellCode[176] = 0x89004010; mlShellCode[177] = 0x40107883; mlShellCode[178] = 0xB2838D00; mlShellCode[179] = 0x50004011; mlShellCode[180] = 0x493FF57; mlShellCode[181] = 0x89004010; mlShellCode[182] = 0x4013D083; mlShellCode[183] = 0xD1838D00; mlShellCode[184] = 0x50004011; mlShellCode[185] = 0x493FF57; mlShellCode[186] = 0x89004010; mlShellCode[187] = 0x40107C83; mlShellCode[188] = 0xDB838D00; mlShellCode[189] = 0x50004011; mlShellCode[190] = 0x493FF56; mlShellCode[191] = 0x89004010; mlShellCode[192] = 0x40109083; mlShellCode[193] = 0xE8838D00; mlShellCode[194] = 0x50004011; mlShellCode[195] = 0x493FF56; mlShellCode[196] = 0x89004010; mlShellCode[197] = 0x40109483; mlShellCode[198] = 0xFB838D00; mlShellCode[199] = 0x50004011; mlShellCode[200] = 0x493FF56; mlShellCode[201] = 0x89004010; mlShellCode[202] = 0x40108083; mlShellCode[203] = 0xA838D00; mlShellCode[204] = 0x50004012; mlShellCode[205] = 0x493FF56; mlShellCode[206] = 0x89004010; mlShellCode[207] = 0x40108483; mlShellCode[208] = 0x19838D00; mlShellCode[209] = 0x50004012; mlShellCode[210] = 0x493FF56; mlShellCode[211] = 0x89004010; mlShellCode[212] = 0x40108883; mlShellCode[213] = 0x28838D00; mlShellCode[214] = 0x50004012; mlShellCode[215] = 0x493FF56; mlShellCode[216] = 0x89004010; mlShellCode[217] = 0x4013CC83; mlShellCode[218] = 0x89C03300; mlShellCode[219] = 0x8B61FC45; mlShellCode[220] = 0xC3C9FC45; mlShellCode[221] = 0x53EC8B55; mlShellCode[222] = 0xE8; mlShellCode[223] = 0xEB815B00; mlShellCode[224] = 0x40137D; mlShellCode[225] = 0x120C7D81; mlShellCode[226] = 0x75000003; mlShellCode[227] = 0xD4838D1C; mlShellCode[228] = 0x50004013; mlShellCode[229] = 0x13D093FF; mlShellCode[230] = 0xB70F0040; mlShellCode[231] = 0x74C00BC0; mlShellCode[232] = 0x40C03308; mlShellCode[233] = 0x10C2C95B; mlShellCode[234] = 0x1475FF00; mlShellCode[235] = 0xFF1075FF; mlShellCode[236] = 0x75FF0C75; mlShellCode[237] = 0xC8B3FF08; mlShellCode[238] = 0xFF004013; mlShellCode[239] = 0x4013CC93; mlShellCode[240] = 0xC2C95B00; mlShellCode[241] = 0xFF8B0010; mlShellCode[245] = 0x6F0048; mlShellCode[246] = 0x6B006F; mlShellCode[247] = 0x790053; mlShellCode[248] = 0x4B0073; mlShellCode[249] = 0x790065; mlShellCode[250] = 0x8B550000; mlShellCode[251] = 0xD8C481EC; mlShellCode[252] = 0xE8FFFFFD; mlShellCode[253] = 0x226; mlShellCode[254] = 0x8DE84589; mlShellCode[255] = 0x6A50EC45; mlShellCode[256] = 0xE875FF28; mlShellCode[257] = 0x24BE8; mlShellCode[258] = 0xFC00B00; mlShellCode[259] = 0x11584; mlShellCode[260] = 0xF4458D00; mlShellCode[261] = 0x20606850; mlShellCode[262] = 0x6A0040; mlShellCode[263] = 0x22DE8; mlShellCode[264] = 0x74C00B00; mlShellCode[265] = 0xF045C722; mlShellCode[266] = 0x1; mlShellCode[267] = 0x2FC45C7; mlShellCode[268] = 0x6A000000; mlShellCode[269] = 0x6A006A00; mlShellCode[270] = 0xF0458D00; mlShellCode[271] = 0xFF006A50; mlShellCode[272] = 0x1E8EC75; mlShellCode[273] = 0xFF000002; mlShellCode[274] = 0x6A0875; mlShellCode[275] = 0x1F0FFF68; mlShellCode[276] = 0x1CEE800; mlShellCode[277] = 0x45890000; mlShellCode[278] = 0x68046AE8; mlShellCode[279] = 0x1000; mlShellCode[280] = 0x4F268; mlShellCode[281] = 0xFF006A00; mlShellCode[282] = 0xC1E8E875; mlShellCode[283] = 0x89000001; mlShellCode[284] = 0x6AE445; mlShellCode[285] = 0x4F268; mlShellCode[286] = 0x10006800; mlShellCode[287] = 0x75FF0040; mlShellCode[288] = 0xE875FFE4; mlShellCode[289] = 0x1B9E8; mlShellCode[290] = 0x30186800; mlShellCode[291] = 0x86A0040; mlShellCode[292] = 0x40300068; mlShellCode[293] = 0xE475FF00; mlShellCode[294] = 0xE8E875FF; mlShellCode[295] = 0x1A2; mlShellCode[296] = 0x81E4558B; mlShellCode[297] = 0x8C2; mlShellCode[298] = 0x6A006A00; mlShellCode[299] = 0x52006A00; mlShellCode[300] = 0x6A006A; mlShellCode[301] = 0xE8E875FF; mlShellCode[302] = 0x156; mlShellCode[303] = 0x144E850; mlShellCode[304] = 0x18680000; mlShellCode[305] = 0x6A004030; mlShellCode[306] = 0x30006808; mlShellCode[307] = 0x75FF0040; mlShellCode[308] = 0xE875FFE4; mlShellCode[309] = 0x151E8; mlShellCode[310] = 0x58D00; mlShellCode[311] = 0x8B004030; mlShellCode[312] = 0x4408B10; mlShellCode[313] = 0xCB685250; mlShellCode[314] = 0x8D004020; mlShellCode[315] = 0xFFFDD885; mlShellCode[316] = 0x909050FF; } } }
经过仔细对Windows按下Ctrl Alt Del 的消息跟踪,发现实际处理这个消息函数的是WinLogon.exe 也就是我们在登录系统的时候看到的欢迎画面,这个实际上也是一个正常的Windows桌面,既然这样,我们可以通过代码注入+Windows Hook来获取实际WinLogon.exe的键盘消息,只要勾住键盘消息,不让消息真正的传递到WinLogon.exe中,就能够彻底取消掉系统的快捷键。
程序中,通过InsertAsmCode把MASM32的代码注入到WinLogon中,通过Windows Hook勾去消息。