Running a GUI application at Winlogon Notification Events

[Guest gbhurtado@gmail.com]

Hi,

 

First of all, sorry for the long post and the misspelled words. I

really need help with this issue.

 

I've been through this Winlogon Notification Packages thing and

managed to produce interesting results. I have an application that

must be launched as soon the user logs in. It's a legal thing and user

must accept (interact through a button) the presented time-entry to

logon continues. The application waits the user interaction for 30

seconds and then continues.

 

I've got it up an running through WLX_NOTIFICATION_INFO Logon event,

placed a lot of loggers inside both notification DLL and my

application and can assure both execute smoothly. The problem is MYAPP

is a Win32 GUI application and I can't see any graphical data from it.

I mean its main window which is set to "stay on top" doesn't show

itself but the loggers are filled with debug data, so the code ran,

but without the visible artifacts. MYAPP also starts IE (where the

user actually confirms the time-entry) which window is also invisible.

 

I've tried all sort of desktop when filling lpDesktop field in the

STARTUPINFO record but had no success in displaying MYAPP or IE GUI.

 

I also tried to move the entire code from Logon to StartShell event

imagining the interactive desktop would be active by then. Again, no

success.

 

I found several articles for launching apps from Winlogon Notification

events, but none regarding displaying a GUI at these events.

 

By my readings - and forgive me any misconception - I suppose the

CreateProcessAsUser is loading MYAPP within an invisible winsta

\desktop but have no idea how to give the following access right nor

grant the user the rights mentioned in the excerpts bellow.

 

"When a process that is running under a logon SID tries to draw to the

screen, the GDI subsystem verifies whether the logon token has the

WINSTA_READSCREEN access right. If the logon token does not have

access, the draw operation is not completed."

 

http://support.microsoft.com/?scid=kb%3Ben-us%3B327618

 

Another article states:

 

"Sometimes the process may start, but fail to draw its GUI correctly.

The best method to resolve these and other potential access related

problems is to grant the user full access to both the targeted

windowstation and desktop. For example, if you want the process that

is started by the CreateProcessAsUser function to be interactive,

specify the following windowstation and desktop combination:

winsta0\default"

 

http://support.microsoft.com/?scid=kb%3Ben-us%3B165194

 

Here's an excerpt from the code fired at logon event (made in Delphi

as I'm not proficient in C++). I can assure there's no much difference

(except from the size of exe) calling these APIs from Delphi instead

of C++. If you're willing to help with some example, feel free to

place C++ code. I'm able to translate it to Delphi.

 

....

szUserInit := GetSystemPathAsString + '\MYAPP.EXE';

 

// Token duplicate stuff...

New(pSecAttrib);

pSecAttrib^.nLength := SizeOf(pSecAttrib^);

pSecAttrib^.lpSecurityDescriptor := nil;

pSecAttrib^.bInheritHandle := False;

if DuplicateTokenEx(pInfo^.hToken, 0, pSecAttrib,

SecurityIdentification, TokenPrimary, pToken)

then begin

FillChar(si, SizeOf(si), #0);

si.cb := SizeOf(si);

si.lpDesktop := pchar('winsta0\default');

si.wShowWindow := SW_SHOWNORMAL;

si.dwFlags := 0;

if CreateProcessAsUser(pToken, nil, pchar(szUserInit), nil,

nil, False,

NORMAL_PRIORITY_CLASS or CREATE_NEW_CONSOLE, nil, nil, si,

pi) then begin

WaitForSingleObject(pi.hProcess, 30000); // Time-out for

user time-entry...

WriteToLog('[DEBUG]', 1, 'WlxEventLogon: Closing

handles...');

CloseHandle(pi.hProcess);

CloseHandle(pi.hThread);

end;

end else begin

WriteToLog('[ERROR]', 1, 'WlxEventLogon: Could not duplicate

security token handle');

end;

...

Dispose(pSecAttrib);

....

 

Al that I need is some clarifying in how to enable MYAPP and IE GUIs

to show up at Winlogon Notification logon event.

 

Thanks in advance,

 

Gustavo Hurtado

Software Architect

Northeast Bank of Brazil