Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
MS-Windows: Send keys to login/unlock page/Asisstive Technology Application
251 views
Skip to first unread message
Harald Oehlmann
Jun 7, 2023, 9:48:35 AM6/7/23
to
Dear TCL/Tk MS-Windows experts,
we are in Windows 10/11 login or locked screen.
Application: send password by emulated keystrokes from a TCL
application. A barcode scanner is attached to the application. A login
code is scanned by the barcode reader and the password is extracted (it
is stored encrypted).
The application sends virtual keyboard data via Windows function
"keybd_event" or TWAPI. It is wrapped into a starkit.
I started the app as administrator -> data came not through to lock
screen password field
I started the app as a service as user "system" -> did not come through
This page
https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-sendinput
states:
"This function is subject to UIPI. Applications are permitted to inject
input only into applications that are at an equal or lesser integrity
level.".
Now, how to set the integrity level, probably "system" is required?
https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control
I did not find really anything. Any comments on that?
But I found this:
https://learn.microsoft.com/en-us/windows/win32/winauto/uiauto-securityoverview
So, such an application may interact with any other.
Requirements are:
1) Be signed with a certificate to interact with applications running at
a higher privilege level.
2) Be trusted by the system. The application must be installed in a
secure location that requires a user account control (UAC) prompt for
access. For example, the Program Files folder.
3) Be built with a manifest file that includes the uiAccess flag.
Question about 1) signed exe:
- thanks to Paul, here is a howto for self signed certificates:
https://wiki.tcl-lang.org/page/SDX+under+Windows
This also works with the starkits compiled by Ashok, I tested it, great!
I suppose, a self signed certificate is not sufficient. So, I may buy
one here:
https://www.globalsign.com/de-de/code-signing/microsoft-authenticode
Is that a good idea ? Which of the proposed keys, expensive or more
expensive ? On hardware tolken or on TPM module (no Asure, please).
Question about 3) manifest
How may I change or view the manifest of the starkit file ?
Thanks for any answer,
Harald
we are in Windows 10/11 login or locked screen.
Application: send password by emulated keystrokes from a TCL
application. A barcode scanner is attached to the application. A login
code is scanned by the barcode reader and the password is extracted (it
is stored encrypted).
The application sends virtual keyboard data via Windows function
"keybd_event" or TWAPI. It is wrapped into a starkit.
I started the app as administrator -> data came not through to lock
screen password field
I started the app as a service as user "system" -> did not come through
This page
https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-sendinput
states:
"This function is subject to UIPI. Applications are permitted to inject
input only into applications that are at an equal or lesser integrity
level.".
Now, how to set the integrity level, probably "system" is required?
https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control
I did not find really anything. Any comments on that?
But I found this:
https://learn.microsoft.com/en-us/windows/win32/winauto/uiauto-securityoverview
So, such an application may interact with any other.
Requirements are:
1) Be signed with a certificate to interact with applications running at
a higher privilege level.
2) Be trusted by the system. The application must be installed in a
secure location that requires a user account control (UAC) prompt for
access. For example, the Program Files folder.
3) Be built with a manifest file that includes the uiAccess flag.
Question about 1) signed exe:
- thanks to Paul, here is a howto for self signed certificates:
https://wiki.tcl-lang.org/page/SDX+under+Windows
This also works with the starkits compiled by Ashok, I tested it, great!
I suppose, a self signed certificate is not sufficient. So, I may buy
one here:
https://www.globalsign.com/de-de/code-signing/microsoft-authenticode
Is that a good idea ? Which of the proposed keys, expensive or more
expensive ? On hardware tolken or on TPM module (no Asure, please).
Question about 3) manifest
How may I change or view the manifest of the starkit file ?
Thanks for any answer,
Harald
et99
Jun 7, 2023, 4:18:41 PM6/7/23
to
logged in. I'm not sure if this would work before
you're even logged in, however,
https://windowsloop.com/how-to-run-a-program-as-administrator-without-prompt/
I've used this described procedure with the task
scheduler to run a tcl script at admin privs to run a
program w/o the prompt and then using twapi find its
window and send it mouse clicks.
In the task scheduler, I see one can set in the
general tab, "run whether user is logged on or not"
And there's also a checkbox "run with *highest*
privileges". Not sure how high that really is though.
Then in the triggers tab, with new... (to create a new
trigger) at the top it says "begin the task", one can
choose "at logon" or even "at startup".
I've not tried this, as the above page only discusses
how to setup a task that you run from a shortcut using
the schtasks.exe program.
But perhaps you can adapt it to run prior to logon.
Then maybe you don't need to use the schtasks.exe
directly, but have it run for you at logon or startup.
If it runs with highest privs, maybe that's good enough.
I've only used this on win 10 however, not win 11.
Harald Oehlmann
Jun 8, 2023, 6:18:51 AM6/8/23
to
Am 07.06.2023 um 22:18 schrieb et99:
>
> It sounds like you need to run this before the user is
> logged in. I'm not sure if this would work before
> you're even logged in, however,
>
> https://windowsloop.com/how-to-run-a-program-as-administrator-without-prompt/
>
> I've used this described procedure with the task
> scheduler to run a tcl script at admin privs to run a
> program w/o the prompt and then using twapi find its
> window and send it mouse clicks.
>
> In the task scheduler, I see one can set in the
> general tab, "run whether user is logged on or not"
> And there's also a checkbox "run with *highest*
> privileges". Not sure how high that really is though.
>
> Then in the triggers tab, with new... (to create a new
> trigger) at the top it says "begin the task", one can
> choose "at logon" or even "at startup".
>
> I've not tried this, as the above page only discusses
> how to setup a task that you run from a shortcut using
> the schtasks.exe program.
>
> But perhaps you can adapt it to run prior to logon.
> Then maybe you don't need to use the schtasks.exe
> directly, but have it run for you at logon or startup.
> If it runs with highest privs, maybe that's good enough.
>
> I've only used this on win 10 however, not win 11.
Thanks a lot for this valuable contribution.
>
> It sounds like you need to run this before the user is
> logged in. I'm not sure if this would work before
> you're even logged in, however,
>
> https://windowsloop.com/how-to-run-a-program-as-administrator-without-prompt/
>
> I've used this described procedure with the task
> scheduler to run a tcl script at admin privs to run a
> program w/o the prompt and then using twapi find its
> window and send it mouse clicks.
>
> In the task scheduler, I see one can set in the
> general tab, "run whether user is logged on or not"
> And there's also a checkbox "run with *highest*
> privileges". Not sure how high that really is though.
>
> Then in the triggers tab, with new... (to create a new
> trigger) at the top it says "begin the task", one can
> choose "at logon" or even "at startup".
>
> I've not tried this, as the above page only discusses
> how to setup a task that you run from a shortcut using
> the schtasks.exe program.
>
> But perhaps you can adapt it to run prior to logon.
> Then maybe you don't need to use the schtasks.exe
> directly, but have it run for you at logon or startup.
> If it runs with highest privs, maybe that's good enough.
>
> I've only used this on win 10 however, not win 11.
I appreciate, that you read this long post and thinks on it.
Did you do mouse-clicks on the unlock login screen (if the user has
locked the screen)? Did that work? If YES, I am interested, how the
application is done. Is the exe signed? Is it at c:\program files..?
What is the manifest?
What I tested:
- desktop starkit with user privileges -> can send keypresses to any
other program of the user. If the user locks the screen and activates
the password entry, it can not send to this entry.
- desktop starkit with admin privileges -> can send keypresses to other
admin programs and to user programs. If the user locks the screen and
activates the password entry, it can not send to this entry.
- Windows service starkit with system user: can send keypress to any
other program, but not to initial login password field, nor to unlock
screen password field.
The corresponding system calls succeed when keystrokes are sent to the
login screen, but there is no output. I suppose, the following phrase
from the SendInput function help page gives insight to that:
"This function fails when it is blocked by UIPI. Note that neither
GetLastError nor the return value will indicate the failure was caused
by UIPI blocking."
So, I suppose, your proposition was already tested.
Do you agree with this analysis ?
Thank you again, I appreciate !
Take care,
Harald
et99
Jun 8, 2023, 3:29:40 PM6/8/23
to
I never log out nor use the login screen on my computer, but as I recall, you have to left click on the password text entry to get anything going.
I don't know if my use of the task scheduler is anything more than what you are already doing, I just know it lets me avoid the user account control screen, which I couldn't otherwise do.
I don't use an .exe signature, I'm just launching a tclkit.exe with a script, which exec's my backup program, finds its main window and sends it some mouse clicks all using twapi.
The procedure on that page I mentioned is fairly straight forward, it even shows you pictures of the dialogs you need to fill out to create a task (just scroll down past the ads).
Good Luck
Harald Oehlmann
Jun 8, 2023, 3:51:45 PM6/8/23
to
I will test, if this works for me.
Thank you and take care,
Harald
Harald Oehlmann
Jun 15, 2023, 6:36:55 AM6/15/23
to
I have made additional tests.
The following script was wrapped into a starkit (by Ashok, tcl8.6.12,
TWAPI 4.7.2, 32bit) on WIndows 10 64bit GER and started as administrator:
<SCRIPT>
package require Tk
console show
wm withdraw .
update
package require twapi
proc s {} {
twapi::send_input [list [list key 65 0x1e]]
puts -nonewline a
after 10000 s
}
after 10000 s
proc m {} {
puts "[catch {twapi::move_mouse 100 100} e] $e"
after 10000 m
}
</SCRIPT>
Wrap command:
tclkit-cli-8_6_12-twapi-4_7_2-x86-max.exe sdx.kit wrap twapisend.exe
-runtime tclkit-gui-8_6_12-twapi-4_7_2-x86-max.exe
Then, the lock screen was activated.
The mouse move and key press is active in the lock screen.
The keypress changes to the password screen.
The mouse moves to the upper-right corner.
But when changing (by the keypress) to the password entry screen, nor
mouse move, nor keypress are recognized.
The mouse move returns an error:
1 Wrong parameter
The keypress just does not appear.
Is this also what you see, or are you able to move the mouse in the
password part of the lock screen ?
et99
Jun 15, 2023, 6:50:47 PM6/15/23
to
send it a character that opens the password text box.
After that, the only thing active is the onscreen keyboard
or the actual keyboard. I have to enter a password to leave.
I can't even paste anything into the password field.
So, sorry, this doesn't appear to work.
I did find this discussion and it seems likely that only using a driver will work:
https://stackoverflow.com/questions/9652358/simulating-input-in-windows-logon-screen-using-a-driver
Harald Oehlmann
Jun 16, 2023, 4:00:52 AM6/16/23
to
I want to thank you for the efforts to always follow my messages and to
check what I have done. I really appreciate !
Thanks for the great pointer with a lot of research. I will first try
the "Assistent technology" approach before trying the driver method.
Harald Oehlmann
Jul 13, 2023, 11:28:15 AM7/13/23
to
Thank you all reading this thread. The current state is logged on the
following wiki page:
https://wiki.tcl-lang.org/page/MS+Windows%3A+assistive+technology%2C+code+signing%2C+send+keystrokes+to+other+applications+and+Windows+login+password+field
Thank you,
Harald
following wiki page:
https://wiki.tcl-lang.org/page/MS+Windows%3A+assistive+technology%2C+code+signing%2C+send+keystrokes+to+other+applications+and+Windows+login+password+field
Thank you,
Harald
Harald Oehlmann
Jul 14, 2023, 10:53:10 AM7/14/23
to
to have the TCL application run in the Windows Logon screen ;-).
Enjoy the logbook,
Harald
Yuriy Kovalenko
Jul 20, 2023, 6:19:06 AM7/20/23
to
Hello Harald,
Below is not perfect but working example of using IsProcessInJob with Ffidl.
It is based on topic https://stackoverflow.com/questions/5595918/using-ffidl-with-tcl-to-return-pass-by-reference-strings-and-arrays
package require twapi
package require Ffidl
package require Ffidlrt
ffidl::callout IsProcessInJob {int int pointer-var} int [ffidl::symbol kernel32.dll IsProcessInJob]
proc is_process_in_job {process job} {
set res_ptr [binary format [::ffidl::info format int] 0]
if {[IsProcessInJob $process $job res_ptr]} {
binary scan $res_ptr [::ffidl::info format int] res_ptr
return $res_ptr
} else {
puts "Error executing IsProcessInJob"
return -1
}
}
Test case:
ffidl::callout CreateJobObjectA {int pointer-utf8} int [ffidl::symbol kernel32.dll CreateJobObjectA]
set cur_process [lindex [twapi::get_process_handle [twapi::get_current_process_id] ] 0]
set job [CreateJobObjectA 0 "testJob"]
(bin) 26 % is_process_in_job $cur_process 0
1 ; # search process in any job is successfull
(bin) 27 % is_process_in_job $cur_process $job
0 ; # process is not in testJob
Below is not perfect but working example of using IsProcessInJob with Ffidl.
It is based on topic https://stackoverflow.com/questions/5595918/using-ffidl-with-tcl-to-return-pass-by-reference-strings-and-arrays
package require twapi
package require Ffidl
package require Ffidlrt
ffidl::callout IsProcessInJob {int int pointer-var} int [ffidl::symbol kernel32.dll IsProcessInJob]
proc is_process_in_job {process job} {
set res_ptr [binary format [::ffidl::info format int] 0]
if {[IsProcessInJob $process $job res_ptr]} {
binary scan $res_ptr [::ffidl::info format int] res_ptr
return $res_ptr
} else {
puts "Error executing IsProcessInJob"
return -1
}
}
Test case:
ffidl::callout CreateJobObjectA {int pointer-utf8} int [ffidl::symbol kernel32.dll CreateJobObjectA]
set cur_process [lindex [twapi::get_process_handle [twapi::get_current_process_id] ] 0]
set job [CreateJobObjectA 0 "testJob"]
(bin) 26 % is_process_in_job $cur_process 0
1 ; # search process in any job is successfull
(bin) 27 % is_process_in_job $cur_process $job
0 ; # process is not in testJob
Harald Oehlmann
Jul 20, 2023, 8:40:49 AM7/20/23
to
Great, Yuriy, I appreciate. I am at the conference, thank on holiday,
will test mid August.
Thanks again,
Harald
will test mid August.
Thanks again,
Harald
0 new messages