There are several methods to get user idle time.
No 1. one of most widely used is GetLastInputInfo.
However, the API returns invalid values when called by system services, because system services are isolated to session 0 and no input triggers signaled.
No 2. second option is WTSQuerySessionInformation.
The 3rd parameter, WTSInfoClass can be set to WTSSessionInfo and WTSINFO structure could be obtained.
API itself can be used by system services, but LastInputTime would not be valid if the API’s called for local (Console) user.
No 3. third option is to build another user mode app with Inter Process Communication (IPC).
To achieve that, service process must launch a new user mode process and communicate each other.
To create user mode process, valid user token should be obtained by WTSQueryUserToken, and then call CreateProcessAsUser with acquired token.
No 4. Querying WMI
System service process can query WMI and obtain Last Input data.
ReadOperationCount would be changed if any keyboard or mouse input occurred.
