<!-- Add the rest of your HTML here -->
Introduction
The Winlogon Notification Package is a DLL which exports functions that handle Winlogon.exe events. These event messages includes lock, unlock, logoff, logon, startup, shutdown, startscreensaver, stopscreensaver, and startshell.
This article demonstrates how to use the Winlogon Notification Package as an alternative to NT Services. The main benefits for doing this is better handling of user activities. In addition, the Winlogon Notification Package will be very lightweight and requires much less code then its NT service equivalent.
The Steps
Creating a Winlogon Notification package is very simple. Just create a DLL with specific functions to run during the Winlogon event messages. To let Winlogon.exe know about your DLL, simply add a few entries into the registry where appropriate. This method can be quite robust and versatile when combined with your services and applications.
Sample
This sample starts a WIN32 application before the user logon. Because the process is started by Winlogon, it is owned by the system account. Users may not end the process through 'End Task'. This is the exact way NT services behave. In this sample, the logoff notification will terminate the process. If the process needed to stay active, the EndProcessAtWinlogoff function should be removed. If we wanted the process to be owned by the user, we could use CreateProcessAsUser during a startup notification instead of a logon notification.
Step 1.) - the dll
#include <windows.h>
#include <Winwlx.h>
PROCESS_INFORMATION g_pi;
TCHAR g_szPath[] = _T("c:\somepath\execut.exe \"arguments\"");
SafeTerminateProcess(HANDLE hProcess, UINT uExitCode);
BOOL WINAPI LibMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
{
DisableThreadLibraryCalls (hInstance);
}
break;
}
return TRUE;
}
VOID APIENTRY StartProcessAtWinLogon (PWLX_NOTIFICATION_INFO pInfo)
{
STARTUPINFO si;
si.cb = sizeof(STARTUPINFO);
si.lpReserved = NULL;
si.lpTitle = NULL;
si.lpDesktop = "WinSta0\\Default";
si.dwX = si.dwY = si.dwXSize = si.dwYSize = 0L;
si.dwFlags = 0;;
si.wShowWindow = SW_SHOW;
si.lpReserved2 = NULL;
si.cbReserved2 = 0;
CreateProcess(NULL, g_szPath, NULL, NULL, FALSE, CREATE_NEW_CONSOLE,
NULL, NULL, &si, &g_pi);
}
VOID APIENTRY StopProcessAtWinLogoff (PWLX_NOTIFICATION_INFO pInfo)
{
SafeTerminateProcess(g_pi.hProcess, 0xDEADBEEF);
}
VOID APIENTRY YOUR_EVENT_HANDLERS (PWLX_NOTIFICATION_INFO pInfo)
{
}
...
Step 2.) - the exports
The program hasn't exported any functions yet. We need to create a .def file.
sample.def
EXPORTS
StartProcessAtWinLogon
StopProcessAtWinLogoff
Now add the following to your linkage options in VC6 and build.
/def: "sample.def"
If everything went well, the files sample.dll and sample.exp will be in your output folder. Move these to \%NTROOT%\system32
Step 3.) - the registry
Add the following values and keys to the registry. These values communicate to Winlogon.exe and let it know which procedures to run during an event notification. Add as few or as many notification events as needed.
HKEY_LOCAL_MACHINE
\Software
\Microsoft
\Windows NT
\CurrentVersion
\Winlogon
\Notify
\NameOfProject
\Asynchronous REG_DWORD 0
\Dllname REG_SZ NameOfDll.dll
\Impersonate REG_DWORD 0
\Logon REG_SZ StartProcessAtWinLogon
\Logoff REG_SZ StopProcessAtWinLogoff
\... REG_SZ NameOfFunction
That's it! Now restart and Winlogon.exe will launch your app.
Tony Truong graduated from UCLA in Spring of 2001 and starting worked at Symantec Corporation as a Software Engineer. After a few years of developing various features for Norton SystemWorks, Tony moved to San Diego. He is currently writing database applications using ASP.NET and C# with the .NET Framework. Tony specializes in tara-byte databases with emphasis on high availability, optimization, and complex entity modeling.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
![Rose | [Rose]](https://codeproject.global.ssl.fastly.net/script/Forums/Images/rose.gif)
;P