1、vnc-4.0-winsrc 版本中实现模拟发送ATL+CTRL+DEL

在工程wrfb_win32m中找到模拟发送ATL+CTR_DEL 的代码

在Service.h中有



	

		

			

			

		

		

			
				// -=- Routines used by the SInput Keyboard class to emulate Ctrl-Alt-Del
			

		

	

	

		

			

			

		

		

			
				//     Returns false under Win9x
			

		

	

	

		

			

			

		

		

			
				bool emulateCtrlAltDel();

它的实现是：



	

		

			

			

		

		

			
				bool
			

		

	

	

		

			

			

		

		

			
				rfb::win32::emulateCtrlAltDel() {
			

		

	

	

		

			

			

		

		

			
				if (!osVersion.isPlatformNT)
			

		

	

	

		

			

			

		

		

			
				return false;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				CADThread* cad_thread = new CADThread();
			

		

	

	

		

			

			

		

		

			
				vlog.debug("emulate Ctrl-Alt-Del");
			

		

	

	

		

			

			

		

		

			
				if (cad_thread) {
			

		

	

	

		

			

			

		

		

			
				cad_thread->start();
			

		

	

	

		

			

			

		

		

			
				cad_thread->join();
			

		

	

	

		

			

			

		

		

			
				bool result = cad_thread->result;
			

		

	

	

		

			

			

		

		

			
				delete cad_thread;
			

		

	

	

		

			

			

		

		

			
				return result;
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				return false;
			

		

	

	

		

			

			

		

		

			
				}

（1）首先判断是不是NT家族的操作系统

OSVersionInfo继续于系统的结构体OSVERSIONINFO(这样的设计是为了考虑到后面要调用系统API：GetVersionEx)



	

		

			

			

		

		

			
				namespace rfb {
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				namespace win32 {
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				extern struct OSVersionInfo : OSVERSIONINFO {
			

		

	

	

		

			

			

		

		

			
				OSVersionInfo();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				// Is the OS one of the NT family (NT 3.51, NT4.0, 2K, XP, etc.)?
			

		

	

	

		

			

			

		

		

			
				bool isPlatformNT;
			

		

	

	

		

			

			

		

		

			
				// Is one of the Windows family?
			

		

	

	

		

			

			

		

		

			
				bool isPlatformWindows;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				// Is this OS one of those that blue-screens when grabbing another desktop (NT4 pre SP3)?
			

		

	

	

		

			

			

		

		

			
				bool cannotSwitchDesktop;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				} osVersion;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				};
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				};

它的系统信息在OSVersionInfo构造函数时获得：



	

		

			

			

		

		

			
				OSVersionInfo::OSVersionInfo() {
			

		

	

	

		

			

			

		

		

			
				// Get OS Version Info
			

		

	

	

		

			

			

		

		

			
				ZeroMemory(static_cast(this), sizeof(this));
			

		

	

	

		

			

			

		

		

			
				dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
			

		

	

	

		

			

			

		

		

			
				if (!GetVersionEx(this))
			

		

	

	

		

			

			

		

		

			
				throw rdr::SystemException("unable to get system version info", GetLastError());
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				// Set the special extra flags
			

		

	

	

		

			

			

		

		

			
				isPlatformNT = dwPlatformId == VER_PLATFORM_WIN32_NT;
			

		

	

	

		

			

			

		

		

			
				isPlatformWindows = dwPlatformId == VER_PLATFORM_WIN32_WINDOWS;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				cannotSwitchDesktop = isPlatformNT && (dwMajorVersion==4) &&
			

		

	

	

		

			

			

		

		

			
				((_tcscmp(szCSDVersion, _T("")) == 0) ||
			

		

	

	

		

			

			

		

		

			
				(_tcscmp(szCSDVersion, _T("Service Pack 1")) == 0) ||
			

		

	

	

		

			

			

		

		

			
				(_tcscmp(szCSDVersion, _T("Service Pack 2")) == 0));
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				}

（2）创建CADThread对象

CADThread* cad_thread = new CADThread();

CADThread类继续自Thread
Thread的设计是值得我们学习的。



	

		

			

			

		

		

			
				class Thread {
			

		

	

	

		

			

			

		

		

			
				public:
			

		

	

	

		

			

			

		

		

			
				Thread(const char* name_=0);
			

		

	

	

		

			

			

		

		

			
				virtual ~Thread();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				virtual void run();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				virtual void start();
			

		

	

	

		

			

			

		

		

			
				virtual Thread* join();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				const char* getName() const;
			

		

	

	

		

			

			

		

		

			
				ThreadState getState() const;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				// Determines whether the thread should delete itself when run() returns
			

		

	

	

		

			

			

		

		

			
				// If you set this, you must NEVER call join()!
			

		

	

	

		

			

			

		

		

			
				void setDeleteAfterRun() {deleteAfterRun = true;};
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				unsigned long getThreadId() const;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static Thread* self();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				friend class Condition;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				protected:
			

		

	

	

		

			

			

		

		

			
				Thread(HANDLE thread_, DWORD thread_id_);
			

		

	

	

		

			

			

		

		

			
				static DWORD WINAPI threadProc(LPVOID lpParameter);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				HANDLE thread;
			

		

	

	

		

			

			

		

		

			
				DWORD thread_id;
			

		

	

	

		

			

			

		

		

			
				char* name;
			

		

	

	

		

			

			

		

		

			
				ThreadState state;
			

		

	

	

		

			

			

		

		

			
				Condition* sig;
			

		

	

	

		

			

			

		

		

			
				Mutex mutex;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				HANDLE cond_event;
			

		

	

	

		

			

			

		

		

			
				Thread* cond_next;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				bool deleteAfterRun;
			

		

	

	

		

			

			

		

		

			
				};

CADThread重载了Thread类的run函数，CADThread的run函数先保存原有的桌面，然后切换到Winlogon桌面，然后发送ATL_CTRL_DEL，

最后把桌面还原。



	

		

			

			

		

		

			
				class CADThread : public Thread {
			

		

	

	

		

			

			

		

		

			
				public:
			

		

	

	

		

			

			

		

		

			
				CADThread() : Thread("CtrlAltDel Emulator"), result(false) {}
			

		

	

	

		

			

			

		

		

			
				virtual void run() {
			

		

	

	

		

			

			

		

		

			
				HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId());
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				if (switchToDesktop(OpenDesktop(_T("Winlogon"), 0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_SWITCHDESKTOP | GENERIC_WRITE))) {
			

		

	

	

		

			

			

		

		

			
				PostMessage(HWND_BROADCAST, WM_HOTKEY, 0, MAKELONG(MOD_ALT | MOD_CONTROL, VK_DELETE));
			

		

	

	

		

			

			

		

		

			
				switchToDesktop(old_desktop);
			

		

	

	

		

			

			

		

		

			
				result = true;
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				bool result;
			

		

	

	

		

			

			

		

		

			
				};

（3）使用（2）得到的对象调用功能



	

		

			

			

		

		

			
				cad_thread->start();
			

		

	

	

		

			

			

		

		

			
				cad_thread->join();

分别调用了start函数与join函数。有人可能会问，（2）定义的run接口怎么没调用到，其实是有的。

因为在Thread类的构造时就启动了此线程：



	

		

			

			

		

		

			
				Thread::Thread(const char* name_) : sig(0), deleteAfterRun(false) {
			

		

	

	

		

			

			

		

		

			
				sig = new Condition(mutex);
			

		

	

	

		

			

			

		

		

			
				cond_event = CreateEvent(NULL, TRUE, FALSE, NULL);
			

		

	

	

		

			

			

		

		

			
				if (!name_)
			

		

	

	

		

			

			

		

		

			
				name_ = "Unnamed";
			

		

	

	

		

			

			

		

		

			
				name = strDup(name_);
			

		

	

	

		

			

			

		

		

			
				thread = CreateThread(NULL, 0, threadProc, this, CREATE_SUSPENDED, &thread_id);
			

		

	

	

		

			

			

		

		

			
				state = ThreadCreated;
			

		

	

	

		

			

			

		

		

			
				logAction(this, "created");
			

		

	

	

		

			

			

		

		

			
				}

Thread::threadProc中就会调用到它：

Windows ctrl alt delete远程模拟-LMLPHP

2、tightvnc 客户端版本中实现模拟发送ATL+CTRL+DEL

在我的文章《XP、Wn7模拟发送ctrl+alt+delete组合键》中讲到在win7中实现模拟ATL+CTRL+DEL的方法，虽然我已经改在了会话1中发送窗口消息，可是还是没达到效果。

网友建议我去查看VNC代码，由于tightvnc代码是支持Win7 的，于是希望在这里找到解决方法。

在win-system工程中有Environment.h文件定义有类：



	

		

			

			

		

		

			
				#ifndef _ENVIRONMENT_H_
			

		

	

	

		

			

			

		

		

			
				#define _ENVIRONMENT_H_
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				#include "util/StringStorage.h"
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				#include 
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				class Environment
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				public:
			

		

	

	

		

			

			

		

		

			
				static const int APPLICATION_DATA_SPECIAL_FOLDER = 0x0;
			

		

	

	

		

			

			

		

		

			
				static const int COMMON_APPLICATION_DATA_SPECIAL_FOLDER = 0x1;
			

		

	

	

		

			

			

		

		

			
				public:
			

		

	

	

		

			

			

		

		

			
				Environment();
			

		

	

	

		

			

			

		

		

			
				~Environment();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static void getErrStr(StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static void getErrStr(const TCHAR *specification, StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static bool getSpecialFolderPath(int specialFolderId, StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static bool getCurrentModulePath(StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static bool getCurrentModuleFolderPath(StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static bool getCurrentUserName(StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static bool getComputerName(StringStorage *out);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static void restoreWallpaper();
			

		

	

	

		

			

			

		

		

			
				static void disableWallpaper();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static bool isWinNTFamily();
			

		

	

	

		

			

			

		

		

			
				static bool isWinXP();
			

		

	

	

		

			

			

		

		

			
				static bool isWin2003Server();
			

		

	

	

		

			

			

		

		

			
				static bool isVistaOrLater();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				static void simulateCtrlAltDel();
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				private:
			

		

	

	

		

			

			

		

		

			
				static void init();
			

		

	

	

		

			

			

		

		

			
				static OSVERSIONINFO m_osVerInfo;
			

		

	

	

		

			

			

		

		

			
				};
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				#endif

其中有 static void simulateCtrlAltDel();接口



	

		

			

			

		

		

			
				void Environment::simulateCtrlAltDel()
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				if (isWinNTFamily()) {
			

		

	

	

		

			

			

		

		

			
				CtrlAltDelSimulator cadSim;
			

		

	

	

		

			

			

		

		

			
				cadSim.wait();
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}

与vnc-4.0-winsrc 版本的CADThread类继承于Thread类类似，这里的CtrlAltDelSimulator类也继续Thread。

同样在thread类的构造时就启动了此线程：



	

		

			

			

		

		

			
				Thread::Thread()
			

		

	

	

		

			

			

		

		

			
				: m_terminated(false), m_active(false), m_hDesk(0)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				m_hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) threadProc,
			

		

	

	

		

			

			

		

		

			
				(LPVOID) this, CREATE_SUSPENDED, (LPDWORD) &m_threadID);
			

		

	

	

		

			

			

		

		

			
				m_hDesk = DesktopSelector::getInputDesktop();
			

		

	

	

		

			

			

		

		

			
				}

线程里会去调用execute方法：



	

		

			

			

		

		

			
				DWORD WINAPI Thread::threadProc(LPVOID pThread)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				Thread *_this = ((Thread *)pThread);
			

		

	

	

		

			

			

		

		

			
				try {
			

		

	

	

		

			

			

		

		

			
				DesktopSelector::setDesktopToCurrentThread(_this->m_hDesk);
			

		

	

	

		

			

			

		

		

			
				DesktopSelector::closeDesktop(_this->m_hDesk);
			

		

	

	

		

			

			

		

		

			
				_this->m_hDesk = 0;
			

		

	

	

		

			

			

		

		

			
				_this->execute();
			

		

	

	

		

			

			

		

		

			
				} catch (Exception &e) {
			

		

	

	

		

			

			

		

		

			
				Log::error(_T("Abnormal thread termination.")
			

		

	

	

		

			

			

		

		

			
				_T(" ThreadId = %x, message = \"%s\" \n"),
			

		

	

	

		

			

			

		

		

			
				_this->m_threadID, e.getMessage());
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				_this->m_active = false;
			

		

	

	

		

			

			

		

		

			
				return 0;
			

		

	

	

		

			

			

		

		

			
				}

CtrlAltDelSimulator类重载了execute方法：



	

		

			

			

		

		

			
				void CtrlAltDelSimulator::execute()
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				if (DesktopSelector::selectDesktop(&StringStorage(_T("Winlogon")))) {
			

		

	

	

		

			

			

		

		

			
				HWND hwndCtrlAltDel = FindWindow(_T("SAS window class"), _T("SAS window"));
			

		

	

	

		

			

			

		

		

			
				if (hwndCtrlAltDel == NULL) {
			

		

	

	

		

			

			

		

		

			
				hwndCtrlAltDel = HWND_BROADCAST;
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				PostMessage(hwndCtrlAltDel, WM_HOTKEY, 0, MAKELONG(MOD_ALT | MOD_CONTROL, VK_DELETE));
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}

往窗口发送消息是与VNC4.0版本是类似的，这里只讲selectDesktop的不同。



	

		

			

			

		

		

			
				bool DesktopSelector::selectDesktop(const StringStorage *name)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				HDESK desktop;
			

		

	

	

		

			

			

		

		

			
				if (name) {
			

		

	

	

		

			

			

		

		

			
				desktop = getDesktop(name);
			

		

	

	

		

			

			

		

		

			
				} else {
			

		

	

	

		

			

			

		

		

			
				desktop = getInputDesktop();
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				bool result = setDesktopToCurrentThread(desktop) != 0;
			

		

	

	

		

			

			

		

		

			
				closeDesktop(desktop);
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				return result;
			

		

	

	

		

			

			

		

		

			
				}



	

		

			

			

		

		

			
				HDESK DesktopSelector::getDesktop(const StringStorage *name)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				return OpenDesktop(name->getString(), 0, TRUE,
			

		

	

	

		

			

			

		

		

			
				DESKTOP_CREATEMENU |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_CREATEWINDOW |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_ENUMERATE |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_HOOKCONTROL |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_WRITEOBJECTS |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_READOBJECTS |
			

		

	

	

		

			

			

		

		

			
				DESKTOP_SWITCHDESKTOP |
			

		

	

	

		

			

			

		

		

			
				GENERIC_WRITE);
			

		

	

	

		

			

			

		

		

			
				}



	

		

			

			

		

		

			
				bool DesktopSelector::setDesktopToCurrentThread(HDESK newDesktop)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				return SetThreadDesktop(newDesktop) != 0;
			

		

	

	

		

			

			

		

		

			
				}

3、VNC服务端发送模拟CTRL+ATL+DEL的方法

3、1 在Vista版本前

参考我的文章《XP、Wn7模拟发送ctrl+alt+delete组合键》

3、2 在Vista版本后

同样是在Environment.h里的class Environment类中有：

 static bool isWinNTFamily(); static bool isWinXP(); static bool isWin2003Server(); static bool isVistaOrLater(); static void simulateCtrlAltDel(); static void simulateCtrlAltDelUnderVista();

win7下的函数就是：simulateCtrlAltDelUnderVista



	

		

			

			

		

		

			
				void Environment::simulateCtrlAltDelUnderVista()
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				Log::info(_T("Requested Ctrl+Alt+Del simulation under Vista or later"));
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				try {
			

		

	

	

		

			

			

		

		

			
				DynamicLibrary sasLib(_T("sas.dll"));
			

		

	

	

		

			

			

		

		

			
				SendSas sendSas = (SendSas)sasLib.getProcAddress("SendSAS");
			

		

	

	

		

			

			

		

		

			
				if (sendSas == 0) {
			

		

	

	

		

			

			

		

		

			
				throw Exception(_T("The SendSAS function has not been found"));
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				sendSas(FALSE);
			

		

	

	

		

			

			

		

		

			
				} catch (Exception &e) {
			

		

	

	

		

			

			

		

		

			
				Log::error(_T("The simulateCtrlAltDelUnderVista() function failed: %s"),
			

		

	

	

		

			

			

		

		

			
				e.getMessage());
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}

实现思路：

（1）从system32文件夹下的sas.dll里得到SendSAS接口，

（2）然后调用此接口sendSas(FALSE);

使用注意事项：

（1）

SendSAS function

Simulates a secure attention sequence (SAS).



	

		

			

			

		

		

			
				VOID WINAPI SendSAS(
			

		

	

	

		

			

			

		

		

			
				 _In_  BOOL AsUser
			

		

	

	

		

			

			

		

		

			
				);

Parameters

AsUser [in]

TRUE if the caller is running as the current user; otherwise,FALSE.

Remarks

为了调用SendSAS成功，应用必然以服务方式运行或有uiAccess属性（用requestedExceptionLevel函数设置为true）。

如果不是以服务方式运行，那么得把User Account Control打开。

Important Applications with the uiAccess attribute set to "true" must be signed by usingAuthenticode. In addition, the application must reside in a protected location in the file system. Currently, there are two allowable protected locations:

\Program Files\\windows\system32\

本地的安全策略必须配置为允许服务和应用程序模拟SAS。

为了配置策略，修改组策略编辑器（GPE）中的设置。

控制委托的GPE是在下面的位置：

Computer Configuration | Administrative Templates | Windows Components | Windows Logon Options | Disable or enable software Secure Attention Sequence

A service can impersonate the token of another process that calls that service. In this case, a call to theSendSAS function by that service simulates a SAS on the session associated with the impersonated token.

Windows ctrl alt delete远程模拟-LMLPHP

以上策略对应的注册表是：

reg add

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v

SoftwareSASGeneration /t REG_DWORD /d 1 /f

即增加以下注册表：

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "SoftwareSASGeneration"=dword:00000003

（2）我把它放在Win7类型于GINA的凭证COM里（且是以起一线程的方式调用），发现没有效果。

这是因为SendSAS只能在服务中才起作用，而在凭据中是不能起作用的。

（3）

那么simulateCtrlAltDelUnderVista在哪里被调用呢？



	

		

			

			

		

		

			
				void SasUserInput::setKeyboardEvent(UINT32 keySym, bool down)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				bool delPressed = false;
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				if (m_underVista) {
			

		

	

	

		

			

			

		

		

			
				switch (keySym) {
			

		

	

	

		

			

			

		

		

			
				case XK_Alt_L:
			

		

	

	

		

			

			

		

		

			
				case XK_Alt_R:
			

		

	

	

		

			

			

		

		

			
				m_altPressed = down;
			

		

	

	

		

			

			

		

		

			
				break;
			

		

	

	

		

			

			

		

		

			
				case XK_Control_L:
			

		

	

	

		

			

			

		

		

			
				case XK_Control_R:
			

		

	

	

		

			

			

		

		

			
				m_ctrlPressed = down;
			

		

	

	

		

			

			

		

		

			
				break;
			

		

	

	

		

			

			

		

		

			
				case XK_Delete:
			

		

	

	

		

			

			

		

		

			
				delPressed = down;
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			

			

		

	

	

		

			

			

		

		

			
				if (m_ctrlPressed && m_altPressed && delPressed && m_underVista) {
			

		

	

	

		

			

			

		

		

			
				Environment::simulateCtrlAltDelUnderVista();
			

		

	

	

		

			

			

		

		

			
				} else {
			

		

	

	

		

			

			

		

		

			
				m_client->setKeyboardEvent(keySym, down);
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}

我们再来看setKeyboardEvent在哪里被调用了：

（1）



	

		

			

			

		

		

			
				void UserInputServer::applyKeyEvent(BlockingGate *backGate)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				UINT32 keySym;
			

		

	

	

		

			

			

		

		

			
				bool down;
			

		

	

	

		

			

			

		

		

			
				readKeyEvent(&keySym, &down, backGate);
			

		

	

	

		

			

			

		

		

			
				m_userInput->setKeyboardEvent(keySym, down);
			

		

	

	

		

			

			

		

		

			
				}

applyKeyEvent调用readKeyEvent读出键值和按下或弹上的标志，然后再调用setKeyboardEvent。

applyKeyEvent的实现过程：



	

		

			

			

		

		

			
				void DesktopServerProto::readKeyEvent(UINT32 *keySym, bool *down,
			

		

	

	

		

			

			

		

		

			
				 BlockingGate *gate)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				*keySym = gate->readUInt32();
			

		

	

	

		

			

			

		

		

			
				*down = gate->readUInt8() != 0;
			

		

	

	

		

			

			

		

		

			
				}

（2）



	

		

			

			

		

		

			
				void RfbClient::onKeyboardEvent(UINT32 keySym, bool down)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				m_desktop->setKeyboardEvent(keySym, down);
			

		

	

	

		

			

			

		

		

			
				}

（3）



	

		

			

			

		

		

			
				void WinDesktop::setKeyboardEvent(UINT32 keySym, bool down)
			

		

	

	

		

			

			

		

		

			
				{
			

		

	

	

		

			

			

		

		

			
				Log::info(_T("set keyboard event (keySym = %u, down = %d)"), keySym, (int)down);
			

		

	

	

		

			

			

		

		

			
				try {
			

		

	

	

		

			

			

		

		

			
				if (isRemoteInputAllowed()) {
			

		

	

	

		

			

			

		

		

			
				m_userInput->setKeyboardEvent(keySym, down);
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				} catch (Exception &e) {
			

		

	

	

		

			

			

		

		

			
				Log::error(_T("setKeyboardEvent() crashed: %s"), e.getMessage());
			

		

	

	

		

			

			

		

		

			
				m_extDeskTermListener->onAbnormalDesktopTerminate();
			

		

	

	

		

			

			

		

		

			
				}
			

		

	

	

		

			

			

		

		

			
				}

（4）

zhanggf8220

Windows ctrl alt delete远程模拟

3、VNC服务端发送模拟CTRL+ATL+DEL的方法

SendSAS function

Parameters

Remarks