c++winapiwtsapi32

WTS LastInputTime

i'm trying to retrive the difference between CurrentTime and LastInputTime and comparing it to another value. CurrentTime is updating correctly but LastInputTime is always a constant value, i dont know why sometimes is 0 , sometimes is other constant value . Any help ?

void localSessions()
{
    while (TRUE)
    {
        cout << "Risky local logon sessions :" << endl;
        DWORD pCount;
        PWTS_SESSION_INFO pSessionsInfo=new WTS_SESSION_INFO[MAX_SESSIONS];
        WTSEnumerateSessionsA(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessionsInfo, &pCount);
        DWORD bytes;
        for (auto it = 0; it < pCount; it++)
        {
            WTSINFOEX* ptr;
            if (pSessionsInfo[it].State == WTSActive)
            {
                INT ret = WTSQuerySessionInformationA(WTS_CURRENT_SERVER_HANDLE, pSessionsInfo[it].SessionId, WTSSessionInfoEx, (LPSTR*)&ptr, &bytes);
                if (ret != 0)
                {
                    INT ret = Gambit::OS::Environment::GetOSVersion();
                    INT unlocked = 0, unknown = 0;
                    LONGLONG last_input = ptr->Data.WTSInfoExLevel1.CurrentTime.QuadPart - ptr->Data.WTSInfoExLevel1.LastInputTime.QuadPart;
                    cout << last_input << endl;
                    HANDLE token;
                    WTSQueryUserToken(pSessionsInfo[it].SessionId, &token);
                    ImpersonateLoggedOnUser(token);
                    BOOL active;
                    SystemParametersInfo(SPI_GETSCREENSAVERRUNNING, 0, &active, 0);
                    RevertToSelf();
                    if (!(ret >= 16 && ret <= 19))
                    {
                        if ((ptr->Data.WTSInfoExLevel1.SessionFlags & WTS_SESSIONSTATE_UNLOCK) != 0)
                        {
                            unlocked = 1;
                        }
                    }
                    else if (ret >= 16 && ret <= 19)
                    {
                        if ((ptr->Data.WTSInfoExLevel1.SessionFlags & WTS_SESSIONSTATE_LOCK) != 0)
                        {
                            unlocked = 1;
                        }
                    }
                    if (unlocked == 1 && active == FALSE && last_input > 500000000000)
                    {
                        cout << "Winstation name : " << ptr->Data.WTSInfoExLevel1.WinStationName << endl;
                        cout << "UserName name : " << ptr->Data.WTSInfoExLevel1.UserName << endl;
                        cout << "Domain name : " << ptr->Data.WTSInfoExLevel1.DomainName << endl;
                    }

                    cout << endl;
                }
            }
        }
        cout << endl << endl;
        Sleep(1000);
    }
}
Solution

  • LastInputTime is zero for a local session.

    For a remote session, when there is no user input after last query of LastInputTime, it will keep unchanged. If there is a user input (like mouse move etc), LastInputTime will update to new time.

    If you want to monitor local session user input time you can use GetLastInputInfo instead.