windows 禁用win任务管理器

原创

wx637304bacd051 2022-11-17 00:03:15 博主文章分类：C++ 随笔 ©著作权

文章标签 win 任务栏 ctrl+alt+del #ifdef #endif 文章分类 运维

©著作权归作者所有：来自51CTO博客作者wx637304bacd051的原创作品，请联系作者获取转载授权，否则将追究法律责任

1.禁用win按键，原理键盘钩子

SetWindowsHookEx(WH_KEYBOARD_LL, LowLevelKeyboardProc, hInstance, 0);

LRESULT CALLBACK LowLevelKeyboardProc(
  _In_  int nCode,
  _In_  WPARAM wParam,
  _In_  LPARAM lParam
  )
{
  if (nCode >= HC_ACTION)
  {
    KBDLLHOOKSTRUCT* pStruct = (KBDLLHOOKSTRUCT*)lParam;

    if((WM_KEYDOWN == dwAction) || (WM_KEYUP == dwAction)) && (pKeyStruct->vkCode == VK_RWIN ||
    pKeyStruct->vkCode == VK_LWIN || pKeyStruct->vkCode != VK_ESCAPE))
    {
      return TRUE;
    }
  }


  return CallNextHookEx(hKeyLLHook, nCode, wParam, lParam);
}

2.禁用ctrl+alt+del（需管理员权限和debug权限），原理挂起winlogon.exe,由于winlogon.exe过去重要，所以挂起需要谨慎，使用完了之后应该恢复。

winlogon如果开机启动的时候被挂起，则可能卡在欢迎界面。应该选择用户登录完成之后再挂起
winlogon如果挂起了，则可能启动其他exe的时候没反应，所以挂起需谨慎

bool EnableDebugPrivilege()
{
  HANDLE hToken;
  LUID sedebugnameValue;
  TOKEN_PRIVILEGES tkp;
  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
  {
    return   FALSE;
  }
  if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
  {
    CloseHandle(hToken);
    return false;
  }
  tkp.PrivilegeCount = 1;
  tkp.Privileges[0].Luid = sedebugnameValue;
  tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
  if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
  {
    CloseHandle(hToken);
    return false;
  }
  return true;
}

bool FreezeWinlogon(bool bFreeze)
{
  DWORD dwWinlogonPID = FindWinlogonPID();
  if (dwWinlogonPID == 0)
  {
    return false;
  }

  THREADENTRY32 th32;
  th32.dwSize=sizeof(th32);

  HANDLE hThreadSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
  if(hThreadSnap==INVALID_HANDLE_VALUE)
  {
    OutputDebugStringA("CreateToolhelp32Snapshot调用失败！");
    return true;
  }

  BOOL bFind =::Thread32First(hThreadSnap,&th32);
  while(bFind)
  {
    if (th32.th32OwnerProcessID == dwWinlogonPID)
    { 
      HANDLE h = OpenThread(THREAD_ALL_ACCESS,FALSE,th32.th32ThreadID);

      if (bFreeze)
      {
        ::SuspendThread(h);
        LOG_INFO("winlogon id:" << dwWinlogonPID << " is Suspend");
      }
      else
      {
        ::ResumeThread(h);
        LOG_INFO("winlogon id:" << dwWinlogonPID << " is Resume");
      }

      CloseHandle(h);
      h = NULL;

      bFind = true;
      break;
    }
    bFind = ::Thread32Next(hThreadSnap,&th32);
  }

  ::CloseHandle(hThreadSnap);
  return true;
}


DWORD FindWinlogonPID()
{
  DWORD winlogonPID = 0, dwExplorerId = 0;
  PROCESSENTRY32 pe32;
  pe32.dwSize = sizeof(pe32);

  HANDLE hProcessSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

  if(hProcessSnap == INVALID_HANDLE_VALUE)
  {
    OutputDebugString(_T("CreateToolhelp32Snapshot调用失败！"));
    return winlogonPID;
  }


  // 未查找到，继续查找
  BOOL bNext = ::Process32Next(hProcessSnap, &pe32);
  while (bNext)
  {
    //用户是否登录
    if (_tcsicmp(pe32.szExeFile, _T("explorer.exe")) == 0)
    {
      dwExplorerId = pe32.th32ProcessID;
    }
    
    else if (_tcsicmp(pe32.szExeFile, _T("winlogon.exe")) == 0)
    {
      winlogonPID = pe32.th32ProcessID;
    }

    if (dwExplorerId != 0 && winlogonPID != 0)
    {
      break;
    }
    bNext = ::Process32Next(hProcessSnap, &pe32);
  }

  ::CloseHandle(hProcessSnap);
  hProcessSnap = NULL;

  LOG_INFO("winlogon id:" << winlogonPID << ",explorer id:" << dwExplorerId);
  if (dwExplorerId != 0 && winlogonPID != 0)
  {
    return winlogonPID;
  }
  return 0;
}

3.隐藏状态栏和开始按钮，原理：查找窗口并且隐藏

void ShowTaskBar(bool bShow)
{
  HWND hWnd = FindWindow(_T("Shell_TrayWnd"),NULL);
  HWND   hStart   =FindWindow(_T("Button"),NULL);

  int nCmd = SW_SHOW;
  if (!bShow) nCmd = SW_HIDE;

  ShowWindow(hWnd,nCmd);
  ShowWindow(hStart,nCmd);
}

4.禁用任务管理器,原理：注册表

HRESULT DisableTaskManager(bool bDisabled)
{
  HKEY hKey;
  DWORD dwData, dwDisp;
  LSTATUS hRet;
  TCHAR szSubKey[] = {_T("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System")};

  if (bDisabled)
  {
    hRet = RegCreateKeyEx(HKEY_CURRENT_USER, szSubKey, 0, NULL, 
      REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, &dwDisp);
    if (hRet != ERROR_SUCCESS)
    {
#ifdef _DEBUG
      OutputDebugStringA("Could not create the registry key.");
#endif
      return hRet;
    }

    dwData = 1;
    hRet = RegSetValueEx(hKey, _T("DisableTaskMgr"), 0, REG_DWORD, (LPBYTE)&dwData, sizeof(dwData));
#ifdef _DEBUG
    if (hRet != ERROR_SUCCESS)
    {
      OutputDebugStringA("Could not set the registry value.");
    }
#endif
    RegSetValueEx(hKey, _T("DisableChangePassword"), 0, REG_DWORD, (LPBYTE)&dwData, sizeof(dwData));
    RegSetValueEx(hKey, _T("DisableLockWorkstation"), 0, REG_DWORD, (LPBYTE)&dwData, sizeof(dwData));

    RegCloseKey(hKey);
    return hRet;
  }
  else
  {
    hRet = RegOpenKeyEx(HKEY_CURRENT_USER, szSubKey, 0, KEY_WRITE, &hKey);

    if (hRet != ERROR_SUCCESS) 
    {
#ifdef _DEBUG
      OutputDebugStringA("Could not open the registry key.");
#endif
      return ERROR_SUCCESS;
    }

    hRet = RegDeleteValue(hKey, _T("DisableTaskMgr"));
#ifdef _DEBUG
    if (hRet != ERROR_SUCCESS)
    {
      OutputDebugStringA("Could not delete the registry value.");
    }
#endif
    RegDeleteValue(hKey, _T("DisableLockWorkstation"));

    DWORD ValueCount;
    RegQueryInfoKey(hKey, NULL, NULL, NULL, NULL, NULL, NULL, &ValueCount, NULL, NULL, NULL, NULL);
    RegCloseKey(hKey);

    if (0 == ValueCount)
    {
      TCHAR szSub[] = {_T("Software\\Microsoft\\Windows\\CurrentVersion\\Policies")};
      LSTATUS hRes = RegCreateKeyEx(HKEY_CURRENT_USER, szSub, 0, NULL, 
        REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, &dwDisp);
      if (ERROR_SUCCESS == hRes)
      {
        hRes = RegDeleteKey(hKey, _T("System"));
#ifdef _DEBUG
        if (hRes != ERROR_SUCCESS)
        {
          OutputDebugStringA("Could not delete the registry key.");
        }
#endif
      }
    }

    return hRet;
  }
}