How TeamViewer and other remote control software simulate the Alt-Ctr-Del keypress, also known as the Windows Secure Attention Sequence (SAS)?

1. Many forums state that this is not possible, but the facts are against them. :)
2. SendSAS function looks the most obvious answer, but that requires Group Policy changes, UIPI bypass, etc. so it's definitely not what that the run-only TeamViewer does.
3. Another common suggestion is using the proprietary SasLibEx library, but that is discontinued and works only up to Windows Vista.
4. An old Stackoverflow answer has a near miss, but it does not work with newer Windows
5. SendInput does not work for Alt-Ctrl-Del, neither if it is sent to winsta0\winlogon desktop
6. PostMessage(HWND_BROADCAST, WM_HOTKEY, 0, MAKELONG( MOD_CONTROL | MOD_ALT, VK_DELETE)); - nope
7. WmsgSendMessage was tried on the next man's suggestion, it proved no better or different than SendSAS.
8. Keyboard filter drivers could be a solution, but they need code signing and special privileges to install, and implementing them is neither for the faint hearted. I also verified with driverquery that the run-only Team Viewer does not install drivers.

So, any idea how others do it?

The Internals of SAS implementation gives a good overview of what it is happening behind the scenes.

I found out, that there is an undocumented Secure Desktop LRPC Interface aka. Winlogon RPC Interface used by the Windows components themselves and some third party libraries as well. Here is everything I got about it:

• Internals of SAS implementation from Mark E. Russinovich book gives a very good overview what is happening behind the scenes
• Two obscure sites give some details about the interface itself, but for me this is too little to use them. (Link 1, Link 2)