3

I'm trying to simulate ctrl+alt+del with keybd_event but it doesn't do anything, stuff like ctrl+esc or alt+tab do work yet ctrl+alt+del won't work.

import ctypes
ctypes.windll.user32.keybd_event(0x11, 0, 0, 0) #CTRL is down
ctypes.windll.user32.keybd_event(0x12, 0, 0, 0) #ALT is down
ctypes.windll.user32.keybd_event(0x2E, 0, 0, 0) #DEL is down
ctypes.windll.user32.keybd_event(0x2E, 0, 0x0002, 0) #DEL is up
ctypes.windll.user32.keybd_event(0x12, 0, 0x0002, 0) #ALT is up
ctypes.windll.user32.keybd_event(0x11, 0, 0x0002, 0) #CTRL is up
David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
Shay
  • 1,375
  • 5
  • 16
  • 26

2 Answers2

5

CTRL + ALT + DEL is a special key sequence, known as the secure attention sequence that, for security reasons, cannot be faked using keybd_input or SendInput.

You will need to use the SendSAS API call to simulate the SAS. Do read the documentation carefully do make sure that you adhere to the stringent requirements of this function.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • 1
    Is creating a service in session 0 the best way to go about this for a Python script that's using ctypes? I think a program can enable this for a service by setting the system policy `SoftwareSASGeneration` to 1 or 3. To clarify the docs, for Vista support sas.dll is distributed in the Windows 7 SDK, in the Redist folder. Per License\\Redist.txt, it's ok to distribute this binary. – Eryk Sun Jun 04 '14 at 09:55
  • @eryksun Yeah, As I read it you can redist the DLL on Vista. A service will get it done, but it seems pretty heavy. There may be other reasons to prefer not to impose a service on the user. If it's a desktop app, then there are a few more hoops to jump through. Not easy to do with Python/ctypes given that the process that executes the code is typically python.exe. I'd go for a small executable to do the work, built with C++ using the SDK. – David Heffernan Jun 04 '14 at 10:08
  • If XP support is desired, is it back to requiring a service? I think you need to be `SYSTEM` to send the ctrl+alt+del hotkey to the `Winlogon` desktop. I don't have an XP box to test this. – Eryk Sun Jun 04 '14 at 10:21
  • @eryksun It's kind of mirky at that point. MS only supplied the saslib code on demand. And the e-mail address they provided to make the request has been ignored for years. I think you are looking at reversing it yourself, or using something like http://www.remkoweijnen.nl/blog/tag/saslibex/ Good places to look are open source VNC programs because they very commonly need to send SAS – David Heffernan Jun 04 '14 at 10:23
  • If my application is set as uiAccess=false and is not a service is it still possible to send a secure attn request @DavidHeffernan ? – yatg Jul 02 '15 at 17:49
1

That's a Windows security mechanism. CTRL + ALT + DEL is special. At least one justification is the "Press CTRL + ALT + DEL for login prompt" thing where by pressing it you make sure Windows is really asking for your password and not just some program masquerading as a Windows prompt.

Mwiza
  • 7,780
  • 3
  • 46
  • 42
otus
  • 5,572
  • 1
  • 34
  • 48