1、网上找的win7 hook winlogon实现禁用CTRL+ALT+DEL

转载自互联网：仅修改了软件打开自动屏蔽和隐藏窗体。

       保存成相应文件，可以用VB6直接编译出exe，win7下依赖于winlogon的快捷键会被屏蔽；
       若要恢复，可选开启图形界面后，点击释放按钮。

KeyboardLockFormModule.bas文件

Attribute VB_Name = "KeyboardLockFormModule"
Option Explicit

Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Const SYNCHRONIZE = &H100000
Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
Public Const PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Public Declare Function NtSuspendProcess Lib "ntdll.dll" (ByVal hProc As Long) As Long
Public Declare Function NtResumeProcess Lib "ntdll.dll" (ByVal hProc As Long) As Long
Declare Function OpenThread Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwThreadId As Long) As Long
Declare Function NtTerminateProcess Lib "ntdll" (ByVal hProc As Long, ByVal ExitCode As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LARGE_INTEGER) As Long
Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, ByRef PreviousState As Long, ByRef ReturnLength As Long) As Long
Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Declare Function GetCurrentProcessId Lib "kernel32.dll" () As Long
Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, ByRef TokenHandle As Long) As Long
Declare Function GetLastError Lib "kernel32.dll" () As Long
Type LARGE_INTEGER
      LowPart As Long
      HighPart As Long
End Type

Public Const ANYSIZE_ARRAY As Long = 1
Public Const SE_PRIVILEGE_ENABLED As Long = &H2
Public Const TOKEN_ADJUST_PRIVILEGES As Long = &H20
Public Const TOKEN_QUERY As Long = &H8

Type LUID_AND_ATTRIBUTES
      LUID As LARGE_INTEGER
      Attributes As Long
End Type
Type TOKEN_PRIVILEGES
      PrivilegeCount As Long
      Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
'获得系统快照中的第一个进程的信息
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
'获得系统快照中的下一个进程的信息
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Type PROCESSENTRY32
    dwSize As Long                 '结构大小
    cntUsage As Long               '此进程的引用计数
    th32ProcessID As Long          '进程ID
    th32DefaultHeapID As Long      '进程默认堆ID
    th32ModuleID As Long           '进程模块ID
    cntThreads As Long             '此进程开启的线程计数
    th32ParentProcessID As Long    '父进程ID
    pcPriClassBase As Long         '线程优先权
    dwFlags As Long                '保留
    szExeFile As String * 260      '进程全名
End Type

Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPmodule = &H8

Private Function GetWinlogonPID() As Long
    GetWinlogonPID = 0
    Dim lngResult As Long
    Dim hSnapShot As Long
    Dim hMSnapshot As Long
    Dim strTreTxt As String
    Dim lngRet As Long
    Dim lngProcCount As Long
    Dim strExe As String
    Dim PEE As PROCESSENTRY32
    hSnapShot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
    PEE.dwSize = Len(PEE)
    lngResult = ProcessFirst(hSnapShot, PEE)
    '建立进程快照，循环查找进程
    Do While lngResult <> 0
        strExe = Left(PEE.szExeFile, InStr(PEE.szExeFile, Chr(0)) - 1)
        If LCase(strExe) = "winlogon.exe" Then '找到winlogon则返回
            GetWinlogonPID = PEE.th32ProcessID
            CloseHandle hSnapShot
            Exit Function
        End If
        lngResult = ProcessNext(hSnapShot, PEE)
    Loop

    CloseHandle hSnapShot
End Function

Function EnableDebugPrivilege() As Boolean
Dim TP As TOKEN_PRIVILEGES
Dim hToken As Long, r As Long, e As Long
'提升进程权限
r = OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken)
e = GetLastError
If r And Not e Then
    r = LookupPrivilegeValue(vbNullString, "SeDebugPrivilege", TP.Privileges(0).LUID)
    e = GetLastError
    If r And Not e Then
        TP.PrivilegeCount = 1
        TP.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
        r = AdjustTokenPrivileges(hToken, False, TP, LenB(TP), 0, 0)
        EnableDebugPrivilege = GetLastError = 0
    Else
        EnableDebugPrivilege = False
    End If
    
Else
    EnableDebugPrivilege = False
End If
Call CloseHandle(hToken)
End Function

Public Function SusWin() As Boolean '挂起winlogon进程
'注：若多次调用本函数，也需调用同样多的ResWin才能恢复进程！！
Dim hP As Long
hP = OpenProcess(PROCESS_ALL_ACCESS, 0, GetWinlogonPID)
If hP = 0 Then
SusWin = False
Exit Function
End If
SusWin = (NtSuspendProcess(hP) >= 0)
CloseHandle hP
End Function

Public Function ResWin() As Boolean '恢复winlogon进程
Dim hP As Long
hP = OpenProcess(PROCESS_ALL_ACCESS, 0, GetWinlogonPID)
If hP = 0 Then
ResWin = False
Exit Function
End If
ResWin = (NtResumeProcess(hP) >= 0)
CloseHandle hP
End Function

keyboardlock文件

Type=Exe
Form=KeyboardLockForm.frm
Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation
Module=KeyboardLockFormModule; KeyboardLockFormModule.bas
IconForm="KeyboardLockForm"
Startup="KeyboardLockForm"
ExeName32="KeyboardLock.exe"
Command32=""
Name="KeyboardLock"
HelpContextID="0"
CompatibleMode="0"
MajorVer=1
MinorVer=0
RevisionVer=0
AutoIncrementVer=0
ServerSupportFiles=0
VersionCompanyName="1.0"
CompilationType=0
OptimizationType=0
FavorPentiumPro(tm)=0
CodeViewDebugInfo=-1
NoAliasing=0
BoundsCheck=0
OverflowCheck=0
FlPointCheck=0
FDIVCheck=0
UnroundedFP=0
StartMode=0
Unattended=0
Retained=0
ThreadPerObject=0
MaxNumberOfThreads=1

[MS Transaction Server]
AutoRefresh=1

KeyboardLockForm文件

VERSION 5.00
Begin VB.Form KeyboardLockForm 
   BorderStyle     =   1  'Fixed Single
   Caption         =   "只能在WinVista或Win7中使用！！"
   ClientHeight    =   2775
   ClientLeft      =   45
   ClientTop       =   330
   ClientWidth     =   4875
   LinkTopic       =   "KeyboardLockForm"
   MaxButton       =   0   'False
   MinButton       =   0   'False
   ScaleHeight     =   2775
   ScaleWidth      =   4875
   StartUpPosition =   3  '窗口缺省
   '下面这句默认隐藏窗体，若要显示，删除这一句
   Visible         =   0   'False
   Begin VB.CommandButton Command2 
      Caption         =   "恢复Winlogon"
      Height          =   735
      Left            =   600
      TabIndex        =   1
      Top             =   1440
      Width           =   3495
   End
   Begin VB.CommandButton Command1 
      Caption         =   "挂起Winlogon"
      Height          =   735
      Left            =   600
      TabIndex        =   0
      Top             =   480
      Width           =   3495
   End
End
Attribute VB_Name = "KeyboardLockForm"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Private Sub Command1_Click()
If SusWin() = False Then MsgBox "挂起失败！"
End Sub

Private Sub Command2_Click()
If ResWin() = False Then MsgBox "恢复失败！"
End Sub

Private Sub Form_Load()
'打开程序直接禁用
Call Command1_Click
If EnableDebugPrivilege = False Then
'打开Winlogon进程需获得SeDebug权限
'否则OpenProcess会失败
MsgBox "提权失败！", vbCritical
Unload Me
End If
End Sub