unlocking a workstation

From:

sukhjeet786@gmail.com

Newsgroups:

microsoft.public.vc.language

Date:

2 Jan 2007 20:24:00 -0800

Message-ID:

<1167798240.598644.107480@v33g2000cwv.googlegroups.com>

Presently i am doing a task of unlocking a workstation
remotely with username and password. from internet search about this
topic
i came across VNC it helped me lot to under stand the concept. But i am
facing one problem.. I
Our restriction is that we cant use a service to unlock. we have to do
it
through DLL injection
So what i am, doing is listed below
1. Create DLL
2. Inject the DLL into Winlogon Address space
3. from Inside the DLL by switching the desktop
PostMessage(HWND_BROADCAST........(seen from VNC)( our computer is
already
locked)
it will display the window asking for user input of
password...........()
Now problem is that i am not able to enter password or user name into
the
field username and password of "unlock computer" window.
I have used sendInput, kebd_event and PostMessage for password
....entering... but none worked......
After pressing Fake ctrl+alt+del it do not accept any input ...plz
help me

Thank u ver much in advance
folowing is the inside code of my dll
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID
lpReserved)
{
      g_hModule = hModule;
      HWND hWnd = GetActiveWindow();
       switch(ul_reason_for_call)
       {
       case DLL_PROCESS_ATTACH:
             {
                  FunUnlock();
                  wchar_t *name = L"Winlogon";
                  HDESK desktop = OpenDesktop(name, 0, FALSE,
                              DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW
|
                              DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL |
                              DESKTOP_WRITEOBJECTS |
DESKTOP_READOBJECTS );
            DWORD dwError=0;
            if(desktop==0)
            dwError= GetLastError();
            HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId());
            DWORD dummy;
                  char new_name[256];

                  if (!GetUserObjectInformation(desktop, UOI_NAME,
&new_name, 256, &dummy)) {
                        return 1;
                  }

                  if(!SetThreadDesktop(desktop)) {
                        return 2;
                  }
                   Switched successfully - destroy the old desktop
                  //if (!CloseDesktop(old_desktop))
                  // int n=0;
                  ::PostMessage(HWND_BROADCAST, WM_HOTKEY, 0,
MAKELONG(MOD_ALT | MOD_CONTROL, VK_DELETE));
                  ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x41, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x41, 0);*/
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x42, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x42, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x43, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x43, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x44, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x44, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x45, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x45, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x46, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x46, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, 0x47, 0);
            ::PostMessage(HWND_BROADCAST, WM_KEYUP, 0x47, 0);*/
            ::PostMessage(HWND_BROADCAST, WM_KEYDOWN, VK_RETURN, 0);
            ::PostMessage(HWND_BROADCAST ,WM_KEYUP, VK_RETURN, 0);
                  }
             break;
       default:
                  break;
       }

      return TRUE;
}