Running a GUI application at Winlogon Notification Events




First of all, sorry for the long post and the misspelled words. I
really need help with this issue.

I've been through this Winlogon Notification Packages thing and
managed to produce interesting results. I have an application that
must be launched as soon the user logs in. It's a legal thing and user
must accept (interact through a button) the presented time-entry to
logon continues. The application waits the user interaction for 30
seconds and then continues.

I've got it up an running through WLX_NOTIFICATION_INFO Logon event,
placed a lot of loggers inside both notification DLL and my
application and can assure both execute smoothly. The problem is MYAPP
is a Win32 GUI application and I can't see any graphical data from it.
I mean its main window which is set to "stay on top" doesn't show
itself but the loggers are filled with debug data, so the code ran,
but without the visible artifacts. MYAPP also starts IE (where the
user actually confirms the time-entry) which window is also invisible.

I've tried all sort of desktop when filling lpDesktop field in the
STARTUPINFO record but had no success in displaying MYAPP or IE GUI.

I also tried to move the entire code from Logon to StartShell event
imagining the interactive desktop would be active by then. Again, no

I found several articles for launching apps from Winlogon Notification
events, but none regarding displaying a GUI at these events.

By my readings - and forgive me any misconception - I suppose the
CreateProcessAsUser is loading MYAPP within an invisible winsta
\desktop but have no idea how to give the following access right nor
grant the user the rights mentioned in the excerpts bellow.

"When a process that is running under a logon SID tries to draw to the
screen, the GDI subsystem verifies whether the logon token has the
WINSTA_READSCREEN access right. If the logon token does not have
access, the draw operation is not completed.";en-us;327618

Another article states:

"Sometimes the process may start, but fail to draw its GUI correctly.
The best method to resolve these and other potential access related
problems is to grant the user full access to both the targeted
windowstation and desktop. For example, if you want the process that
is started by the CreateProcessAsUser function to be interactive,
specify the following windowstation and desktop combination:

Here's an excerpt from the code fired at logon event (made in Delphi
as I'm not proficient in C++). I can assure there's no much difference
(except from the size of exe) calling these APIs from Delphi instead
of C++. If you're willing to help with some example, feel free to
place C++ code. I'm able to translate it to Delphi.

szUserInit := GetSystemPathAsString + '\MYAPP.EXE';

// Token duplicate stuff...
pSecAttrib^.nLength := SizeOf(pSecAttrib^);
pSecAttrib^.lpSecurityDescriptor := nil;
pSecAttrib^.bInheritHandle := False;
if DuplicateTokenEx(pInfo^.hToken, 0, pSecAttrib,
SecurityIdentification, TokenPrimary, pToken)
then begin
FillChar(si, SizeOf(si), #0);
si.cb := SizeOf(si);
si.lpDesktop := pchar('winsta0\default');
si.wShowWindow := SW_SHOWNORMAL;
si.dwFlags := 0;
if CreateProcessAsUser(pToken, nil, pchar(szUserInit), nil,
nil, False,
pi) then begin
WaitForSingleObject(pi.hProcess, 30000); // Time-out for
user time-entry...
WriteToLog('[DEBUG]', 1, 'WlxEventLogon: Closing
end else begin
WriteToLog('[ERROR]', 1, 'WlxEventLogon: Could not duplicate
security token handle');

Al that I need is some clarifying in how to enable MYAPP and IE GUIs
to show up at Winlogon Notification logon event.

Thanks in advance,

Gustavo Hurtado
Software Architect
Northeast Bank of Brazil

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question