I want to create a process that can operate in lockscreen.
SendInput to be more precise, I will enter the password simulating keystrokes to log on to user when the screen is locked
When I start the SendInput code delayed(to have time to lock user) it doesn't do anything.
So I want to create a process, preferably using CreateProcessAsUserA, that can operate in lockscreen.
Here's what I've tried:
int main()
{
Sleep(4000);
LPCTSTR lpApplicationName = L"sendInput.exe";
LPTSTR lpCommandLine = NULL;
LPSECURITY_ATTRIBUTES lpProcessAttributes = NULL;
LPSECURITY_ATTRIBUTES lpThreadAttributes = NULL;
BOOL bInheritHandles = FALSE;
DWORD dwCreationFlags = CREATE_NEW_CONSOLE;
LPVOID lpEnvironment = NULL;
LPCTSTR lpCurrentDirectory = L"";
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
ZeroMemory(&pi, sizeof(PROCESS_INFORMATION));
//get lockscreen user token
HANDLE hToken;
if (!WTSQueryUserToken(WTSGetActiveConsoleSessionId(), &hToken))
{
printf("WTSQueryUserToken failed with error %d\n", GetLastError());
return 1;
}
//start process using CreateProcessAsUserA
if (!CreateProcessAsUser(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, &si, &pi))
{
printf("CreateProcessAsUserA failed with error %d\n", GetLastError());
CloseHandle(hToken);
return 1;
}
//close handle
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
CloseHandle(hToken);
return 0;
}
But this code is giving me error with WTSQueryUserToken(WTSQueryUserToken failed with error 1314) and I'm not really sure everything else is fine
Here's what's going on in sendInput.exe(I've used qt a bit here to create a map to store key WORD's, didn't feel I need to add it to tags):
void sendPassword(){
//Map to store keys as char-WORD
QMap<QString, WORD> keyMap;
keyMap["Enter"] = 0x0D;
keyMap["0"] = 0x30; keyMap["1"] = 0x31; keyMap["2"] = 0x32; keyMap["3"] = 0x33;
keyMap["4"] = 0x34; keyMap["5"] = 0x35; keyMap["6"] = 0x36; keyMap["7"] = 0x37;
keyMap["8"] = 0x38; keyMap["9"] = 0x39;
keyMap["A"] = 0x41; keyMap["B"] = 0x42; keyMap["C"] = 0x43; keyMap["D"] = 0x44;
keyMap["E"] = 0x45; keyMap["F"] = 0x46; keyMap["G"] = 0x47; keyMap["H"] = 0x48;
keyMap["I"] = 0x49; keyMap["J"] = 0x4A; keyMap["K"] = 0x4B; keyMap["L"] = 0x4C;
keyMap["M"] = 0x4D; keyMap["N"] = 0x4E; keyMap["O"] = 0x4F; keyMap["P"] = 0x50;
keyMap["Q"] = 0x51; keyMap["R"] = 0x52; keyMap["S"] = 0x53; keyMap["T"] = 0x54;
keyMap["U"] = 0x55; keyMap["V"] = 0x56; keyMap["W"] = 0x57; keyMap["X"] = 0x58;
keyMap["Y"] = 0x59; keyMap["Z"] = 0x5A;
password = "1234";
//Initialize inputs array.
INPUT* inputs = new INPUT[password.length()*2] {};
for(int i=0; i<password.length(); i++){
//Add password to inputs array char by char, key down and up.
inputs[i*2].type = INPUT_KEYBOARD;
inputs[i*2].ki.wVk = keyMap[(QString)password[i]];
inputs[i*2+1].type = INPUT_KEYBOARD;
inputs[i*2+1].ki.wVk = keyMap[(QString)password[i]];
inputs[i*2+1].ki.dwFlags = KEYEVENTF_KEYUP;
}
//SendInput, send inputs array.
SendInput(password.length()*2, inputs, sizeof(INPUT));
//Delete inputs array.
delete[] inputs;
}
It would help a lot if you can show a code example, or another solution to this problem. Thanks in advance.
