Disable Ctrl + Alt + Del

BOOL DisableCTRL_ALT_DEL(bool bDisable)
	{
		if (bDisable==suspend)
			return FALSE;
		
		//bDisable ? Suspend(_WinLoginPid) : Resume(_WinLoginPid);
		typedef DWORD(WINAPI* NtProcessAPI)(HANDLE ProcessHandle);
		HMODULE h_module = LoadLibrary(L"ntdll.dll");
		if (!h_module)
			return FALSE;
		NtProcessAPI _NtResumeProcess = (NtProcessAPI)GetProcAddress(h_module, bDisable ? "NtSuspendProcess" : "NtResumeProcess");
		if (_NtResumeProcess)
		{
			HANDLE ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, _WinLoginPid);
			if (ProcessHandle)
			{
				_NtResumeProcess(ProcessHandle);					
				CloseHandle(ProcessHandle);
			}
		}
		suspend = bDisable;
		FreeLibrary(h_module);
		return TRUE;
	}

explain ：bDisable Record whether you are disabled for a member variable .

_WinLoginPid Return values for the following functions .

DWORD GetWinLoginPID()
	{
		PROCESSENTRY32 pe32;
		pe32.dwSize = sizeof(pe32);
		HANDLE hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

		DWORD PID = 0;
		BOOL bNext = ::Process32First(hProcessSnap, &pe32);
		while (bNext)
		{
			if (wcscmp(pe32.szExeFile, L"winlogon.exe") == 0)
			{
				PID = pe32.th32ProcessID;
				break;
			}
			bNext = ::Process32Next(hProcessSnap, &pe32);
		}
		::CloseHandle(hProcessSnap);
		return PID;
	}

This method has defects ：

1、 Because it hung up winlogon, This is the key process of the system , It will affect the system function , So when you exit the program, you must restore it .

2、 After exiting the program, the key combination will still be processed .

Another way is to inject winlogon Take over message processing by yourself , The risk will be greater , Easy to use, system problems . If you have a lot of testing machines, you can try .