Click here to Skip to main content
11,812,712 members (73,075 online)
Click here to Skip to main content

Winlogon using Mobile Disk

, 30 Nov 2007 CPOL 100.2K 2.2K 88
Rate this:
Please Sign up or sign in to vote.
This is a full set of applications that can be used to logon to Windows system using mobile disk. No password typing.


PCLock is a system to allow a user to use his/ her mobile disk to logon to Microsoft® Windows® operating systems. It works as a SmartCard and the user does not need to know the password to logon. All information required to logon is kept in a file in the mobile disk (User.Info). This file contains some information about the mobile disk. Copying the file to another disk does not work. User logs on to Windows by inserting the disk and logs out by removing the disk (optional).


PCLock is designed around the Win32 Winlogon. Winlogon is a component of the Microsoft® Windows NT®/Windows® 2000/Windows® XP operating system that provides interactive logon support. Winlogon is designed around an interactive logon model that consists of three components (as shown in Figure 1 below): the Winlogon executable program, a Graphical Identification, and authentication dynamic-link library (DLL)-referred to as the GINA-and any number of network providers.

Screenshot - winlgn.jpg
Figure 1.

Winlogon handles interface functions that are independent of authentication policy. The GINA is a replaceable DLL component that is loaded by Winlogon. The GINA implements the authentication policy of the interactive logon model, and is expected to perform all identification and authentication user interactions. For example, replacement GINA DLLs can implement smart card, retinal-scan, or other authentication mechanisms in place of the standard Windows NT/Windows 2000 user name and password authentication. Network provider DLL is not used in our case.


Each client requires a security key at the time of setup. This key should be the same for a group of PCs. Several groups can exist but user can login only on the same group. If there is only one group (all PCs use the same key) everyone can login to every PC. The security key is kept with Windows. This key is required while creating the authentication disk. Every disk contains Windows user information and this is checked using Local Security Authority (LSA) of Windows.

The User.Info File

The KeyGen application is used to create User.Info file on mobile disk. The file created for a disk is unique and does not work on any other disk. The user can only use the disk as storage. Any change or format of the disk can cause the file invalid. KeyGen requires a security key while creating the disk that must be similar to the security key that is used while setting up the client. Validity of a disk can be checked using KeyGen. Windows user information is not checked here. Wrong information about logon causes a popup dialog box to appear asking for username and password. It is possible to use a domain. But this feature is not tested. All information on the disk is encrypted but it should be kept securely. Anyone having the disk can logon to client systems.

Authentication Process

When the computer boots up, the Winlogon initializes and negotiates with GINA. The GINA shows a dialog box and waits for the user to insert his/ her mobile disk (Figure 2).

Screenshot - WELCOME.jpg
Figure 2.

When a removable device is inserted into or replaced from a computer, a system wide WM_DEVICECHANGE message is broadcasted by the OS. The WM_DEVICECHANGE device message notifies an application of a change to the hardware configuration of a device or the computer. The GINA checks for a valid user information file. If found, it logs on to Windows using LogonUser API. The DevMon application monitors the WM_DEVICECHANGE message and if it finds no valid disk inserted into the system it sends a logout request to the Winlogon. If the application fails to quit properly, this may fail. Force termination of an application may cause data loss. So force is not applied. Users are suggested to logout the system manually from start button. DevMon is a helper application and it is optional.


The application has four parts:

  1. The Custom GINA
  2. The KeyGen application
  3. The DevMon application
  4. The Setup application

Now let me give a short description for each of them.

Custom GINA

This is the heart of the project. It is used by Windows to interact with the user to manage a user session. It is a DLL with predefined functions. We make our GINA implementation to be used with mobile disk. Here I show the WlxLoggedOutSAS function that shows a dialog box (Figure 2) and waits for the user to insert the mobile disk that can be used to login that user.

int WINAPI WlxLoggedOutSAS (
  PVOID                pWlxContext,
  DWORD                dwSasType,
  PLUID                pAuthenticationId,
  PSID                 pLogonSid,
  PDWORD               pdwOptions,
  PHANDLE              phToken,
  PVOID *              pProfile)
        return WLX_SAS_ACTION_NONE;

    PGINA_CONTEXT pgContext = (PGINA_CONTEXT) pWlxContext;
      int ret = pgContext->pWlxFuncs->WlxDialogBox(pgContext->hWlx,

    if (ret != IDC_LOGON_BUTTON) 
        return WLX_SAS_ACTION_NONE;

    TOKEN_GROUPS    *   pGroups;
    DWORD cbStats;

    if (!phToken)
        return WLX_SAS_ACTION_NONE;

        if (!LogonUser(g_lpUserName,
            //Logon failed. Give user a chance to update his disk
            ret = pgContext->pWlxFuncs->WlxDialogBox(pgContext->hWlx,

            if (ret != IDOK) 
                return WLX_SAS_ACTION_NONE;


    //  Pass back null profile and options.
    *pdwOptions = 0;
    *pProfile =NULL;         
    // Get the authenticationid from the user token.
    if (!GetTokenInformation(*phToken,
                (PVOID) &userStats,
        return WLX_SAS_ACTION_NONE;
        *pAuthenticationId = userStats.AuthenticationId; 

    DWORD size,i;
    pGroups = (TOKEN_GROUPS *)LocalAlloc(LMEM_FIXED, 1024);
        if (size > 1024)
            pGroups = (TOKEN_GROUPS *)LocalReAlloc(pGroups, LMEM_FIXED, size);

        for (i = 0; i < pGroups->GroupCount ; i++)
               if ((pGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID) == 
                           pGroups->Groups[i].Sid );

    pMprNotifyInfo->pszOldPassword = NULL;

The dialog procedure is as follows:

int CALLBACK DisplaySASNoticeDlgProc(
    HWND    hDlg,
    UINT    Message,
    WPARAM  wParam,
    LPARAM  lParam)

    HWND hMsg=GetDlgItem(hDlg,IDC_STATUS_STATIC);

    CUserInfo ui;
    int drv;
    char lpPath[255];

    switch (Message)



    if(wParam==DBT_DEVICEARRIVAL && pheadBC->dbch_devicetype==DBT_DEVTYP_VOLUME)

            USER_INFO user_info=ui.LoadUserInfo(lpPath);


            EndDialog(hDlg, ID_LOGON_SUCCESS);


Device Monitor Application

This application is used to monitor the mobile disk. If the user removes a mobile disk, the system sends WM_DEVICECHANGE message to the application. Now we check if it is the disk used to login user and if true, end user session by calling ExitWindows API.

    int wmId, wmEvent;

    switch (message) 
        case WM_DEVICECHANGE:
                if(!g_bLogoutOnDiskRemove) break;

                //MessageBox(0,"Device Removed",0,0);

            return DefWindowProc(hWnd, message, wParam, lParam);
   return 0;

We need to check if a valid disk is still present on system to make sure the actual logon disk is removed.

BOOL CUserInfo::ValidDiskPresent()
    TCHAR    drive[10], lpPath[100];
    DWORD dwDrives=GetLogicalDrives();
    for(int i=2;i<26;i++)
        int bit=(int)pow((double)2,i);


                USER_INFO user_info=LoadUserInfo(lpPath);
                    return i;
    return 0;

The KeyGen Application

This application is used to generate userinfo file on mobile disk. It takes input from the user. It shows a combo box of all users to select from. To enumerate users in a combo box, we use the following function.

void CSelectUserDlg::EnumUsers()
   LPUSER_INFO_0 pTmpBuf;
   DWORD dwLevel = 0;
   DWORD dwPrefMaxLen = -1;
   DWORD dwEntriesRead = 0;
   DWORD dwTotalEntries = 0;
   DWORD dwResumeHandle = 0;
   DWORD i;
   DWORD dwTotalCount = 0;
   NET_API_STATUS nStatus;

   char    *pmbbuf   = (char *)malloc( 100 );
   // Call the NetUserEnum function, specifying level 0; 
   //   enumerate global user account types only.
   do // begin do
      nStatus = NetUserEnum((LPCWSTR)pszServerName,
                            FILTER_NORMAL_ACCOUNT, // global/domain users

      if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA))
         if ((pTmpBuf = pBuf) != NULL)
            for (i = 0; (i < dwEntriesRead); i++)

                   if (pTmpBuf == NULL)

        wcstombs( pmbbuf, pTmpBuf->usri0_name, 99 ); 
        m_UsersCombo.AddString((char *)pmbbuf);
      if (pBuf != NULL)
    pBuf = NULL;
   while (nStatus == ERROR_MORE_DATA); // end do
   if (pBuf != NULL)

The Setup Application

It stores both previous applications (excluding KeyGen) in its resource section. It extracts those on the client machine and creates registry settings as appropriate. Please refer to source code for details.


Use setup.exe to install on the client PC. Please be careful while entering the security key. If this key is wrong, you may not logon to Windows locally even if you are the administrator.

Create Logon Disk

Use KeyGen application to create the authentication disk. You may use this tool on any computer. But you can check the disk validity only where the PCLock is installed. Provide valid Windows logon user information when asked for. If you change the password on client computer, the user is asked for valid information when he/she inserts his/her disk. Invalid security key on the disk will cause logon failure. Remove the file from root of mobile disk and the disk is no more valid. Do NOT format the disk or change the label of the disk. If you copy the same file it may not work. The file is only valid for a single disk. The disk information is kept on the disk. You cannot copy the file to another disk even it is from the same manufacturer.


Logon to an administrator account and use setup.exe to uninstall PCLock. You need to provide the security key. After uninstall, restart the computer and run setup.exe again for optional clean up.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Maruf Maniruzzaman
Software Developer KAZ Software Ltd. Bangladesh.
Bangladesh Bangladesh
Have completed BSc in Computer Science & Engineering from Shah Jalal University of Science & Technology, Sylhet, Bangladesh (SUST).

Story books (specially Masud Rana series), tourism, songs and programming is most favorite.

Maruf Notes

Working on small project for 2 factor authentication

You may also be interested in...

Comments and Discussions

Questionif i have lost the mobile disk , what can i do Pin
Member 269735422-Aug-12 1:59
memberMember 269735422-Aug-12 1:59 
AnswerRe: if i have lost the mobile disk , what can i do Pin
Maruf Maniruzzaman24-Sep-12 15:05
memberMaruf Maniruzzaman24-Sep-12 15:05 
GeneralMy vote of 5 Pin
JJMatthews23-Feb-12 22:33
memberJJMatthews23-Feb-12 22:33 
QuestionWorking on Windows7? Pin
TTP (NewBee)21-Jan-10 1:50
memberTTP (NewBee)21-Jan-10 1:50 
Questiongot a compiled version? Pin
lucasjohnson0019-Mar-09 6:03
memberlucasjohnson0019-Mar-09 6:03 
AnswerRe: got a compiled version? Pin
Maruf Maniruzzaman22-Sep-09 11:18
memberMaruf Maniruzzaman22-Sep-09 11:18 
Download the binary package (2nd One)

Maruf Maniruzzaman
@ Dhaka, Bangladesh.

Questionlanguage used to implement this article Pin
Member 407499325-Apr-08 3:24
memberMember 407499325-Apr-08 3:24 
GeneralRe: language used to implement this article Pin
Maruf Maniruzzaman25-Apr-08 4:33
memberMaruf Maniruzzaman25-Apr-08 4:33 
Questionquestion Pin
Member 407499324-Apr-08 5:03
memberMember 407499324-Apr-08 5:03 
GeneralRe: question Pin
Maruf Maniruzzaman24-Apr-08 20:24
memberMaruf Maniruzzaman24-Apr-08 20:24 
Questiongina dll question Pin
Member 407499323-Apr-08 23:46
memberMember 407499323-Apr-08 23:46 
GeneralRe: gina dll question Pin
Maruf Maniruzzaman24-Apr-08 1:43
memberMaruf Maniruzzaman24-Apr-08 1:43 
AnswerRe: gina dll question Pin
wangjinfeng20-Jul-10 16:26
memberwangjinfeng20-Jul-10 16:26 
Generalimport gina dll in c# applicatiions Pin
Member 407499323-Apr-08 19:15
memberMember 407499323-Apr-08 19:15 
GeneralRe: import gina dll in c# applicatiions Pin
Maruf Maniruzzaman23-Apr-08 19:49
memberMaruf Maniruzzaman23-Apr-08 19:49 
Questionrun the project Pin
Member 432070423-Apr-08 2:00
memberMember 432070423-Apr-08 2:00 
Questionrunning problem Pin
Member 407499322-Apr-08 22:08
memberMember 407499322-Apr-08 22:08 
GeneralRe: running problem Pin
Maruf Maniruzzaman23-Apr-08 1:16
memberMaruf Maniruzzaman23-Apr-08 1:16 
Questionwindows logon Pin
Member 407499322-Apr-08 21:57
memberMember 407499322-Apr-08 21:57 
GeneralRe: windows logon Pin
Maruf Maniruzzaman23-Apr-08 1:14
memberMaruf Maniruzzaman23-Apr-08 1:14 
GeneralCant login in to windows, problem is with CheckSecurityKey() Pin
JoltWork18-Mar-08 4:13
memberJoltWork18-Mar-08 4:13 
GeneralRe: Cant login in to windows, problem is with CheckSecurityKey() Pin
JoltWork18-Mar-08 4:49
memberJoltWork18-Mar-08 4:49 
GeneralRe: Cant login in to windows, problem is with CheckSecurityKey() Pin
Maruf Maniruzzaman18-Mar-08 4:59
memberMaruf Maniruzzaman18-Mar-08 4:59 
GeneralRe: Cant login in to windows, problem is with CheckSecurityKey() Pin
Maruf Maniruzzaman18-Mar-08 4:50
memberMaruf Maniruzzaman18-Mar-08 4:50 
QuestionProblems with logging on to windows Pin
kricko510-Mar-08 1:28
memberkricko510-Mar-08 1:28 
GeneralRe: Problems with logging on to windows Pin
Maruf Maniruzzaman10-Mar-08 3:17
memberMaruf Maniruzzaman10-Mar-08 3:17 
GeneralRe: Problems with logging on to windows Pin
kricko510-Mar-08 3:46
memberkricko510-Mar-08 3:46 
GeneralRe: Problems with logging on to windows Pin
Maruf Maniruzzaman10-Mar-08 19:14
memberMaruf Maniruzzaman10-Mar-08 19:14 
GeneralRe: Problems with logging on to windows Pin
kricko511-Mar-08 3:39
memberkricko511-Mar-08 3:39 
QuestionHow to run or add security program in GINA such as smartcard.exe progrom Pin
YCTYCT24-Feb-08 17:34
memberYCTYCT24-Feb-08 17:34 
AnswerRe: How to run or add security program in GINA such as smartcard.exe progrom Pin
Maruf Maniruzzaman10-Mar-08 3:18
memberMaruf Maniruzzaman10-Mar-08 3:18 
QuestionQuestion??? Pin
huangdp9-Jan-08 19:46
memberhuangdp9-Jan-08 19:46 
AnswerRe: Question??? Pin
Maruf Maniruzzaman9-Jan-08 22:58
memberMaruf Maniruzzaman9-Jan-08 22:58 
GeneralRe: Question??? Pin
huangdp10-Jan-08 22:08
memberhuangdp10-Jan-08 22:08 
GeneralRe: How to compile? [modified] Pin
YCTYCT29-Nov-07 17:42
memberYCTYCT29-Nov-07 17:42 
GeneralRe: How to compile? Pin
Maruf Maniruzzaman30-Nov-07 6:27
memberMaruf Maniruzzaman30-Nov-07 6:27 
QuestionHow to compile? Pin
YCTYCT17-Nov-07 23:02
memberYCTYCT17-Nov-07 23:02 
AnswerRe: How to compile? Pin
Maruf Maniruzzaman18-Nov-07 18:05
memberMaruf Maniruzzaman18-Nov-07 18:05 
GeneralRe: How to compile? Pin
YCTYCT19-Nov-07 21:10
memberYCTYCT19-Nov-07 21:10 
GeneralSecurity and comments... Pin
Theike1-Oct-07 9:43
memberTheike1-Oct-07 9:43 
GeneralRe: Security and comments... Pin
Maruf Maniruzzaman1-Oct-07 12:36
memberMaruf Maniruzzaman1-Oct-07 12:36 
GeneralGreat Article Pin
conrad Braam1-Oct-07 21:12
memberconrad Braam1-Oct-07 21:12 
GeneralRe: Great Article Pin
Maruf Maniruzzaman1-Oct-07 21:37
memberMaruf Maniruzzaman1-Oct-07 21:37 
GeneralVista Pin
_gl1-Oct-07 3:44
member_gl1-Oct-07 3:44 
GeneralRe: Vista Pin
iarspider1-Oct-07 11:52
memberiarspider1-Oct-07 11:52 
GeneralRe: Vista Pin
Maruf Maniruzzaman1-Oct-07 16:28
memberMaruf Maniruzzaman1-Oct-07 16:28 
GeneralRe: Vista Pin
Maruf Maniruzzaman1-Oct-07 16:20
memberMaruf Maniruzzaman1-Oct-07 16:20 
GeneralRe: Vista Pin
_gl1-Oct-07 23:40
member_gl1-Oct-07 23:40 
GeneralThis is really cool Pin
Lito28-Sep-07 3:48
memberLito28-Sep-07 3:48 
GeneralRe: This is really cool Pin
Maruf Maniruzzaman28-Sep-07 5:19
memberMaruf Maniruzzaman28-Sep-07 5:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.151002.1 | Last Updated 30 Nov 2007
Article Copyright 2007 by Maruf Maniruzzaman
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid