Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What happens 'behind' the windows lock screen?

Tags:

I have been working on windows automation and monitoring.

What exactly happens when I lock the screen of a windows machine?

I am working with Windows 7 at the moment, are there big differences to the behavior if I switch to Vista or the server versions? Is there still a desktop that can be accessed via api's? I know that i can still send key strokes and mouse clicks to specific windows (via ControlSend and ControlClick), but there seems to be no "desktop" itself.

Could someone shed some light on this whole thing or point me at a readable source where I could get an overview over the topic?

like image 479
Plastefuchs Avatar asked Mar 05 '12 08:03

Plastefuchs


People also ask

What is the picture on my Windows 10 lock screen?

The Windows spotlight image should appear on the lock screen. If you don't see the Windows spotlight image when you're signing in, select Start > Settings > Personalization > Lock screen.

Where are Microsoft background picture taken?

New ones are shown every 1-2 days. The current spotlight image can be found at C:\ProgramData\Microsoft\Windows\SystemData\<User's SID>\ReadOnly\LockScreen_O, while the current and all previous images can be found in %localappdata%\Packages\Microsoft. Windows. ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets.

Do processes still run when computer is locked?

No, if the screen is simply locked (ctrl-alt-del), any running process will continue (downloads, macros, etc), unless, you have a process that checks if the user is still there (but that isn't in your problem description so it shouldn't be the case).

Where do Windows lock screen images come from?

The quickly changing background and lock screen images can be found in this folder: C:\Users\USERNAME\AppData\Local\Packages\Microsoft. Windows. ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets (do not forget to replace USERNAME with the name you use to log-in).


2 Answers

Basically what happens is that Windows switches to the secure desktop, makes it the current one, so input is now associated with it.

The old desktop remains where it was: all the HWNDs on the desktop are still there, and any thread attached to that desktop can still access those HWNDs, get their location, and so on. You can still send messages to windows on this desktop, so long as the thread sending the message is also on that desktop.

However, since the desktop is now inactive, it cannot receive input. GetForegroundWindow will return NULL (IIRC), and you can't use SendInput any longer, since input now belongs to [a thread on] a different desktop; no controls on that inactive desktop can receive focus.

Note that sending keypress messages to a control that doesn't have focus can sometimes cause unexpected behavior, since the app or control generally never expects to receive keyboard input without getting the focus first. (This can be problematic for controls that set up some sort of input context in WM_SETFOCUS and clear it up in WM_KILLFOCUS, for example.)

In short, the UI is still there: you can do certain queries against it, but you can no longer automate it as you could on a regular desktop by sending input, and some other functions that relate to focus or input may fail.

I'm not super familiar with AutoHotKey, but the name and description of functionality suggests that it's heavily reliant on the underlying Win32 SendInput API. This won't work at all for keyboard input when a desktop is inactive.

For a reasonable overview of how desktops work and how they relate to winstations, the locked desktop, and so on, check out the Desktop article on MSDN.

One issue that I've run into in the past with desktops and automation is: how to I leave a long-running test that's using some form of user input automation (mouse, keyboard simulation), but still lock my PC so that someone can't just walk by and interfere with it. Once you lock the PC, the desktop is inactive, and so the automation stops working. A similar issue happens if the screensaver kicks in: the desktop switches, and the automation fails.

One solution is to use two PCs: let's call them Main and Test: from Main, open a remote terminal services client onto the Test machine, and then run the automated test on the test machine, but from a terminal services client window on the Main machine. Now the cool part: you can minimize that TSC window, or even lock the Main machine (or let the screensaver kick in), and that virtual session will continue working, thinking that it is still active - it's just that nobody is paying it any attention. This is one way to create a "connected" session with an active desktop, but one that no-one can interfere with, because it's protected behind the locked desktop of the Main machine.

like image 187
BrendanMcK Avatar answered Feb 11 '23 18:02

BrendanMcK


I don't know the details, but I believe the lock screen constitutes a separate "desktop" and maybe also a separate "window station" (as I understand it a window station is merely a container for desktops). The MSDN section on window stations should hopefully be useful: http://msdn.microsoft.com/en-us/library/windows/desktop/ms687098%28v=vs.85%29.aspx

In order to access a desktop, you will need to use the regular windows api's from a thread that is on that desktop. SetThreadDesktop would probably be the easiest way to do that in C, as long as the desktop isn't on a different window station.

Unfortunately, this is already difficult for a regular privileged application, and using AutoHotkey complicates it even more. Since you don't have control over threads or over process initialization, you will probably have to create a new process in the other desktop (you can do this using the CreateProcess API, which appears to have a wrapper available for AHK to which you can supply a desktop name: http://www.autohotkey.com/forum/topic1952.html). Your process will need special privileges to do this; I'm not sure that even running as Administrator is enough.

like image 20
Esme Povirk Avatar answered Feb 11 '23 19:02

Esme Povirk