Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for March, 2009


If you read the MSDN documentation of WM_KEYDOWN and WM_KEYUP you can see that those message require us to interpret lParam as a bitfield:

Specifies the repeat count, scan code, extended-key flag, context code, previous key-state flag, and transition-state flag, as shown in the following table.

Specifies the repeat count for the current message. The value is the number of times the keystroke is autorepeated as a result of the user holding down the key. The repeat count is always one for a WM_KEYUP message.
Specifies the scan code. The value depends on the OEM.
Specifies whether the key is an extended key, such as the right-hand ALT and CTRL keys that appear on an enhanced 101- or 102-key keyboard. The value is 1 if it is an extended key; otherwise, it is 0.
Reserved; do not use.
Specifies the context code. The value is always 0 for a WM_KEYUP message.
Specifies the previous key state. The value is always 1 for a WM_KEYUP message.
Specifies the transition state. The value is always 1 for a WM_KEYUP message.

I was looking for a convenient way to get and read the bits and this is what I made up:

Existing code to simulate the Secure Attention Sequence (SAS),which most people refer to as control alt delete or ctrl-alt-del, no longer works in Windows Vista. It seems that Microsoft offers a library that exports a function called SimulateSAS(). It is not public and one is supposed to request it by sending a mail to Mails to this address remain unanswered though.

I researched how other people (including Microsoft) have solved this task and was unhappy with the results: some solutions work only with (or without) UAC, most solutions work only for the current or console Terminal Server sessions or need a kernel mode driver.

So I decided to create my own Saslib with the following goals:

  • Should work both with and without User Account Control (UAC)
  • Should support current, console and any Terminal Server session
  • Does not need a driver
  • The calling application does not need to be signed or have a special manifest
  • Support multiple programming languages

I have succeeded and thus SasLibEx was born: not only can it successfully simulate the SAS sequence it can do this for any/all Terminal Server sessions. It can also lock the workstation (again for all sessions) and switch between the normal desktop and the secure desktop (the desktop that UAC runs on). SasLibEx was successfully tested both with and without User Account Control (UAC).

In the future I will place SasLibEx on it’s own website. Meanwhile you can contact me if you are interested in it at the following mail address: mail

Please note that I have spend lots of time into this project and therefore I cannot give it away for free

Update: I have added new features to SasLibEx, see here:

I’m working on a new build of TSAdminEx for which I need to query the total amount of physical memory. Locally we can use the GlobalMemoryStatusEx API but there’s no API to do this remotely. It would be possible using WMI but I decided not to use that because I dislike it because of it’s slowness and I need support for older OS versions which might not have WMI.

So I found in the registry the following key:

HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory

It has a value .Translated of type RES_RESOURCE_LIST which seems undocumented besides stating that it exists. Regedit knows how to handle it though. If you doubleclick on the key you will see something like this: