0

For my application it is a requirement to block any user input while the application is running. I am using User32.dll's "BlockInput" function to achieve this.

The problem is that the function does not work if the user has not got administrator priviledges. I've now implemented a service (running with local system priviledges) to do this job, even if the user has no admin rights.

Unfortunately the function call now only locks the input devices of the service session, and not the ones of the user's session.

How to call User32.dll functions (from a service) for the current users session?

gorootde
  • 4,003
  • 4
  • 41
  • 83
  • 1
    Seems an extremely heavy handed approach. Why do you have this requirement? – Jonathan Potter Oct 15 '15 at 11:00
  • My application performs critical actions that are not allowed to be done by normal users. – gorootde Oct 15 '15 at 11:07
  • Services run in session 0, the user works in session 1. Blocking input in one session will not affect the other, this should be obvious. It sounds very much like an XY problem. WHAT critical actions are you performing that require you to disable user input like this? – Jonathan Potter Oct 15 '15 at 11:20
  • It is used for a VNC like remote deskop operation. The remote user has access to UI components that are not visible to a standard user. So during an active remote session the local user must be "locked out". – gorootde Oct 15 '15 at 11:37

2 Answers2

2

How to call User32.dll functions (from a service) for the current users session?

Your service would need to use CreateProcessAsUser() to launch a new process in the context of the user's session, then that process can call BlockInput().

The service can use WTSQueryUserToken() to get the necessary user token for CreateProcessAsUser().

To get the user token, the service needs to know the session ID that the user is running in. Your Java app can discover its own session ID by using OpenProcessToken() and GetTokenInformation() and then send the ID to the service via an IPC mechanism. Or the service can hunt for the session using WTSEnumerateSessions() and WTSQuerySessionInformation().

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • Ok I've implemented that. I am now able to execute any process in the user session - but unfortunately only with the rights of the current logged on user (which are not sufficient). How to execute with admin rights? – gorootde Oct 19 '15 at 09:43
  • See http://stackoverflow.com/questions/33212984/createprocessasuser-with-elevated-priviledges on how to do this – gorootde Mar 08 '16 at 13:27
0

How to call user32.dll functions (from a service) for the current user's session?

You cannot. The restrictions on BlockInput are there for a reason and the system provides no means for you to bypass them. If it did, what would be the point of the restrictions in the first place.

It's quite simple. If you want to call BlockInput, then you need sufficient rights.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • To be precise: The application does NOT run with administrative priviledges, but the setup of the application does. I've now split up the application into a service (contains the part that needs administrative rights) and the application itself (which calls the service). – gorootde Oct 15 '15 at 11:09
  • Arrange that you call `BlockInput` from a process running in the desired desktop, with sufficient processes. It's really that simple. – David Heffernan Oct 15 '15 at 18:00