Programmatically Determine a Duration of a Locked Workstation?
I hadn't found this before, but from any application you can hookup a SessionSwitchEventHandler. Obviously your application will need to be running, but so long as it is:
Microsoft.Win32.SystemEvents.SessionSwitch += new Microsoft.Win32.SessionSwitchEventHandler(SystemEvents_SessionSwitch);
void SystemEvents_SessionSwitch(object sender, Microsoft.Win32.SessionSwitchEventArgs e)
{
if (e.Reason == SessionSwitchReason.SessionLock)
{
//I left my desk
}
else if (e.Reason == SessionSwitchReason.SessionUnlock)
{
//I returned to my desk
}
}
Checking for workstation lock/unlock change with c#
You can get this notification via a WM_WTSSESSION_CHANGE message. You must notify Windows that you want to receive these messages via WTSRegisterSessionNotification and unregister with WTSUnRegisterSessionNotification.
These posts should be helpful for a C# implementation.
http://pinvoke.net/default.aspx/wtsapi32.WTSRegisterSessionNotification
http://blogs.msdn.com/shawnfa/archive/2005/05/17/418891.aspx
http://bytes.com/groups/net-c/276963-trapping-when-workstation-locked
C++: check if computer is locked
From the same MSDN link you gave, the third paragraph of "Remarks" says:
This function has the same result as pressing Ctrl+Alt+Del and clicking Lock Workstation. To unlock the workstation, the user must log in. There is no function you can call to determine whether the workstation is locked. To receive notification when the user logs in, use the WTSRegisterSessionNotification function to receive WM_WTSSESSION_CHANGE messages. You can use session notifications to track the desktop state so you know whether it is possible to interact with the user.
windows lock and unlock event in C++
You can register a window to receive events for session changes using WTSRegisterSessionNotification.
Then listen for WM_WTSSESSION_CHANGE with a wParam value of WTS_SESSION_UNLOCK.
How can I detect that users lock Windows and then log them off
You don't need bat or c# for that, just adjusting CNS, Corporate Nazi Settings. Also known as "Group Policies".
You can also find all the different options if (e.g.) you start up gpedit.msc. A good starting point is Administrative Templates --> System --> Ctrl+Alt+Del Options.
Here you can remove lock. One also can adjust lock so instead of locking it'll log the user off.
Get Driver Locked memory programmatically
really not hard debug RAMMap[64].exe and view how it get this results. note - all used structures and api classes here undocumented. so as is. all data types declared in processhacker project. i will be use it as is : #include <phnt.h>
also in ntmmapi.h we can view next constants:
#define MMPFNUSE_PROCESSPRIVATE 0
#define MMPFNUSE_FILE 1
#define MMPFNUSE_PAGEFILEMAPPED 2
#define MMPFNUSE_PAGETABLE 3
#define MMPFNUSE_PAGEDPOOL 4
#define MMPFNUSE_NONPAGEDPOOL 5
#define MMPFNUSE_SYSTEMPTE 6
#define MMPFNUSE_SESSIONPRIVATE 7
#define MMPFNUSE_METAFILE 8
#define MMPFNUSE_AWEPAGE 9
#define MMPFNUSE_DRIVERLOCKPAGE 10
#define MMPFNUSE_KERNELSTACK 11
if compare it with screenshot - visible match.
tool first query physical memory ranges (displayed in 5 tab ) via (SystemSuperfetchInformation, SuperfetchMemoryRangesQuery) and than for every page (range) do query SuperfetchPfnQuery.
minimal code can look like:
NTSTATUS Rammap(PF_PHYSICAL_MEMORY_RANGE_INFO* ppmri, ULONGLONG Use[16], DWORD dwPageSize)
{
if (ULONG RangeCount = ppmri->RangeCount)
{
WCHAR kb[64];
ULONG_PTR TotalSize = 0;
PF_PHYSICAL_MEMORY_RANGE* Range = ppmri->Ranges;
PF_PFN_PRIO_REQUEST pprr = {
PF_PFN_PRIO_REQUEST_VERSION
};
SUPERFETCH_INFORMATION spi = {
SUPERFETCH_INFORMATION_VERSION, SUPERFETCH_INFORMATION_MAGIC, SuperfetchPfnQuery, &pprr, sizeof(pprr)
};
do
{
if (ULONG_PTR PageCount = Range->PageCount)
{
ULONG_PTR PfnCount;
ULONG_PTR BasePfn = Range->BasePfn;
ULONG_PTR
Start = BasePfn * dwPageSize,
Size = PageCount * dwPageSize,
End = Start + Size;
TotalSize += Size;
StrFormatKBSize(Size, kb, RTL_NUMBER_OF(kb));
DbgPrint("0x%016I64x\t0x%016I64x\t%S\n", Start, End, kb);
do
{
pprr.PfnCount = PfnCount = min(PageCount, RTL_NUMBER_OF(pprr.PageData));
MMPFN_IDENTITY* PageData = pprr.PageData;
do
{
PageData++->PageFrameIndex = BasePfn++;
} while (--PfnCount);
ULONG cb;
NTSTATUS status = NtQuerySystemInformation(SystemSuperfetchInformation, &spi, sizeof(spi), &cb);
if (0 <= status)
{
PageData = pprr.PageData;
PfnCount = pprr.PfnCount;
do
{
Use[PageData++->u1.e1.UseDescription]++;
} while (--PfnCount);
}
else
{
return status;
}
} while (PageCount -= pprr.PfnCount);
}
} while (Range++, --RangeCount);
StrFormatKBSize(TotalSize, kb, RTL_NUMBER_OF(kb));
DbgPrint("-------------\nTotalSize: %S\n", kb);
}
return STATUS_SUCCESS;
}
NTSTATUS Rammap(ULONGLONG Use[16], DWORD dwPageSize)
{
BOOLEAN b;
NTSTATUS status = RtlAdjustPrivilege(SE_PROF_SINGLE_PROCESS_PRIVILEGE, TRUE, FALSE, &b);
if (0 <= status)
{
SUPERFETCH_INFORMATION spi = {
SUPERFETCH_INFORMATION_VERSION, SUPERFETCH_INFORMATION_MAGIC, SuperfetchMemoryRangesQuery
};
ULONG rcb = sizeof(PF_PHYSICAL_MEMORY_RANGE_INFO);
static volatile UCHAR guz = 0;
PVOID stack = alloca(guz);
PF_PHYSICAL_MEMORY_RANGE_INFO* ppmri = 0;
do
{
if (spi.Length < rcb)
{
spi.Length = RtlPointerToOffset(spi.Data = alloca(rcb - spi.Length), stack);
ppmri = (PF_PHYSICAL_MEMORY_RANGE_INFO*)spi.Data;
ppmri->Version = PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION;
}
if (0 <= (status = NtQuerySystemInformation(SystemSuperfetchInformation, &spi, sizeof(spi), &rcb)))
{
status = Rammap(ppmri, Use, dwPageSize);
break;
}
} while (status == STATUS_BUFFER_TOO_SMALL);
}
return status;
}
void Rammap()
{
SYSTEM_INFO sbi;
GetSystemInfo(&sbi);
ULONGLONG Use[16]={};
if (0 <= Rammap(Use, sbi.dwPageSize))
{
WCHAR sz[16], kb[32];
PCWSTR Name;
ULONG n = MMPFNUSE_KERNELSTACK;
do
{
ULONGLONG u = Use[n];
switch (n)
{
case MMPFNUSE_PROCESSPRIVATE: Name = L"Process Private";
break;
case MMPFNUSE_FILE: Name = L"Mapped File";
break;
case MMPFNUSE_PAGEFILEMAPPED: Name = L"Shareable";
break;
case MMPFNUSE_PAGETABLE: Name = L"Page Tabe";
break;
case MMPFNUSE_PAGEDPOOL: Name = L"Page Pool";
break;
case MMPFNUSE_NONPAGEDPOOL: Name = L"NonPaged Pool";
break;
case MMPFNUSE_SYSTEMPTE: Name = L"System PTE";
break;
case MMPFNUSE_SESSIONPRIVATE: Name = L"Session Private";
break;
case MMPFNUSE_METAFILE: Name = L"Metafile";
break;
case MMPFNUSE_AWEPAGE: Name = L"AWE";
break;
case MMPFNUSE_DRIVERLOCKPAGE: Name = L"DriverLocked";
break;
case MMPFNUSE_KERNELSTACK: Name = L"KernelStack";
break;
default:
swprintf(sz, L"[%x]", n);
Name = sz;
}
StrFormatKBSize(u * sbi.dwPageSize, kb, RTL_NUMBER_OF(kb));
DbgPrint("%16S %S\n", Name, kb);
} while (n--);
}
}
for self system i got
0x0000000000001000 0x0000000000058000 348 KB
0x0000000000059000 0x000000000009f000 280 KB
0x0000000000100000 0x000000008122c000 2,114,736 KB
0x000000008122e000 0x000000008a2d1000 148,108 KB
0x000000008a60a000 0x000000008a772000 1,440 KB
0x000000008b3ff000 0x000000008b400000 4 KB
0x0000000100000000 0x000000046f000000 14,401,536 KB
-------------
TotalSize: 16,666,452 KB
KernelStack 24,400 KB
DriverLocked 13,768 KB
AWE 0 KB
Metafile 667,932 KB
Session Private 24,048 KB
System PTE 50,332 KB
NonPaged Pool 323,104 KB
Page Pool 314,032 KB
Page Tabe 69,020 KB
Shareable 243,288 KB
Mapped File 4,391,092 KB
Process Private 10,545,436 KB
Related Topics
How to Move and Resize a Form Without a Border
Why Does Casting Int to Invalid Enum Value Not Throw Exception
Optimal Linq Query to Get a Random Sub Collection - Shuffle
How to Know If a Datetime Is Between a Daterange in C#
Regex for Accepting Only Persian Characters
Changing the User Agent of the Webbrowser Control
Asynchronous Locking Based on a Key
Can a C# Thread Really Cache a Value and Ignore Changes to That Value on Other Threads
Why Can't I Have Abstract Static Methods in C#
How to Compile and Execute New Code at Runtime in .Net
How to Access a Control Inside a Xaml Datatemplate
System.Text.JSON.JSONelement Toobject Workaround