Chaotic Lair of niu

Programming/Code helper | Posted by niu 2008/08/14 16:34

GINA에 대해서...

사용자 로그온에 대해 처리하는 방법에 대해서 논의를 하다가 나왔는데 처음엔 뭔지 몰랐다-ㅁ-

그렇다면!!

당연히 검색!!

어디서? MSDN에서ㅋ

-------------------------------------------------------------------------------------

GINA

The GINA operates in the context of the Winlogon process and, as such, the GINA DLL is loaded very early in the boot process. The GINA DLL must follow rules so that the integrity of the system is maintained, particularly with respect to interaction with the user.

The most common use of the GINA is to communicate with an external device such as a smart-card reader. It is essential to set the start parameter for the device driver to system (Winnt.h: SERVICE_SYSTEM_START) to ensure that the driver is loaded by the time the GINA is invoked.

The purpose of a GINA DLL is to provide customizable user identification and authentication procedures. The default GINA does this by delegating SAS event monitoring to Winlogon, which receives and processes CTL+ALT+DEL secure attention sequences (SASs). A custom GINA is responsible for setting itself up to receive SAS events (other than the default CTRL+ALT+DEL SAS event) and notifying Winlogon when SAS events occur. Winlogon will evaluate its state to determine what is required to process the custom GINA's SAS. This processing usually includes calls to the GINA's SAS processing functions.

For information about specific GINA export functions, see GINA Export Functions. For information about using GINA structures to pass information, see GINA Structures.

Topic Description
Loading and Running a GINA DLL Which registry key value to alter to load and run a custom GINA DLL.
Building and Testing a GINA DLL How to test a GINA DLL.

-----------------------------------------------------------------------------------------

Winlogon and GINA

Winlogon, the GINA, and network providers are the components of the interactive logon model. The interactive logon procedure is normally controlled by Winlogon, MSGina.dll, and network providers. To change the interactive logon procedure, MSGina.dll can be replaced with a customized GINA DLL.

To work with Winlogon, the GINA, and network providers, you should have a firm knowledge of the Windows security architecture, especially with regard to tokens, authentication packages, and related matters.

For information about specific functions and structures, see Authentication Reference. This reference section includes descriptions of the functions that a GINA DLL must implement, the Winlogon support functions that the GINA DLL can call, and the data structures used to pass information between Winlogon and the GINA.

Sample GINA code can be found in the Platform SDK Security samples. The samples contain C code for implementing a GINA stub and a GINA hook. For more information about custom GINA DLL development, send an e-mail message to: ginareqs@microsoft.com.

For information about the authentication model supported by Windows and for details about the Local Security Authority (LSA) services and authentication package interfaces, see LSA Authentication.

For information about the aspects of the Local Security Authority that relate to the administration of security policy, which includes trust relationships with other computers and domains, assignment of privileges, audit generation control, system accessibility, and other similar topics, see LSA Policy.

For information about Winlogon and GINA, see the following topics.

Topic Description
Winlogon Winlogon provides a set of support functions for the GINA DLL.
GINA A GINA DLL provides customizable user identification and authentication procedures.
Terminal Services GINA Functions When Terminal Services are enabled, the GINA must call Winlogon support functions to complete several tasks.
Interaction with Network Providers You can configure a system to support zero or more network providers.
Responsibilities and Features Each component of the interactive logon process has a set of responsibilities.
Interaction Between Winlogon and GINA The state of Winlogon determines which GINA function is called to process any given secure attention sequence (SAS) event.
Winlogon Notification Packages You can implement a notification package to monitor and respond to Winlogon events.

--------------------------------------------------------------------------------------

결론은 GINA를 변경하면 윈도우 로그온을 변경할수 있다.라는 말이 되는데...

기본적으로 유저의 키보드 조작은 WH_KEYBOARD를 이용해서 가상키까지 후킹할 수 있고,

WH_KEYBOARD_LL을 이용하면(LL = Low Level) 모든 시스템키까지 후킹할 수 있다.

하지만 이걸로도 처리하지 못하는것이 Ctrl+Alt+Del 이다.

얘네들은 저기에서 걸리지 않고 OS에서 따로 처리하게 되는데.

이를 막는 방법 중 하나가 이 GINA를 변경하는것이다.

그 외에도 Window 로그인 대신 다른 것으로 로그인하게 할수도 있다는 것.

중요한건 공부해야 한다는거다.
Creative Commons License
Creative Commons License

'Programming > Code helper' 카테고리의 다른 글

MoveFileEx라는 특이한 함수  (0) 2008/08/25
GINA에 대해서...  (0) 2008/08/14
WinDbg!!  (0) 2008/07/28
rand() 함수에 대해서...  (2) 2008/04/25
TAG, , ,
Trackback 0 Comment 0

TRACKBACK http://blog.niu.kr/trackback/32 관련글 쓰기

댓글을 달아 주세요

<PREV 1 ... 29 30 31 32 33 34 35 36 37 ... 54 NEXT>