For reference: Thanks to the answer and comments I found the following situations which might likely trigger these errors:

• Login after user switching in Windows
• Login from password protected screensavers
• VNC / Remote Desktop Services

I will ignore the errors in a global excpetion handler as follows:

procedure MyGlobalExceptionHandler(Sender: TObject; E: Exception);
var
    TopCallStackFunction: string;
begin
    if E is EOSError then
    begin
        TopCallStackFunction := GetEurekalogTopCallStackFunction();

        //EOSError: System error: Code: 5 Access denied, 
        //caused by GetKeyState or EndPaint or GetCursorPos
        if ((E as EOSError).ErrorCode = Windows.ERROR_ACCESS_DENIED) 
          and ((TopCallStackFunction = 'GetKeyState') 
          or (TopCallStackFunction = 'EndPaint')
          or (TopCallStackFunction = 'GetCursorPos')) then
            Exit;

        //EOsError: A call to an OS function failed, caused by GetCursorPos 
        if ((E as EOSError).ErrorCode = 0) 
          and (TopCallStackFunction = 'GetCursorPos') then
            Exit;
    end;

    ... //other error handling
end;

The documentation for GetCursorPos says:

The input desktop must be the current desktop when you call GetCursorPos. Call OpenInputDesktop to determine whether the current desktop is the input desktop. If it is not, call SetThreadDesktop with the HDESK returned by OpenInputDesktop to switch to that desktop.

You can fall foul of this, most commonly when unlocking a workstation. In my code I replace GetCursorPos with this variant:

function GetCursorPos(var lpPoint: TPoint): BOOL; stdcall;
(* The GetCursorPos API in user32 fails if it is passed a memory address >2GB 
   which breaks LARGEADDRESSAWARE apps.  We counter this by calling GetCursorInfo
   instead which does not suffer from the same problem.

   In addition we have had problems with GetCursorPos failing when called 
   immediately after a password protected screensaver or a locked workstation 
   re-authenticates. This problem initially appeared with XP SP1 and is brought 
   about because TMouse.GetCursorPos checks the return value of the GetCursorPos 
   API call and raises an OS exception if the API has failed.
*)
var
  CursorInfo: TCursorInfo;
begin
  CursorInfo.cbSize := SizeOf(CursorInfo);
  Result := GetCursorInfo(CursorInfo);
  if Result then begin
    lpPoint := CursorInfo.ptScreenPos;
  end else begin
    lpPoint := Point(0, 0);
  end;
end;

You can use your favourite code hooking mechanism to replace GetCursorPos. I do it like so:

RedirectProcedure(@Windows.GetCursorPos, @CodePatcher.GetCursorPos);

with RedirectProcedure as described here: Patch routine call in delphi

It turned out for my particular scenario, that GetCursorPos would fail, but GetCursorInfo would not fail. But as has been pointed out in the comments, there are scenarios where GetCursorInfo will also fail. In that case you might find it expedient to arrange that the patched function does not return False.

As for GetKeyState, I'm not sure about that one. It's quite possibly similar but GetKeyState is an API that I am not personally familiar with.

Strange, in my testing I find that GetCursorInfo exhibits exactly the same problem as GetCursorPos, at least in the situation where a password-locked screen is unlocked.

(Tested using Delphi 7 and Windows 7, and HookAPI from madshi.net for the patching).

Test procedure:

1. Create a simple app simply calling Mouse.CursorPos every second (just a TTimer and a TEdit dropped on the main form, with the Timer code shown below).
2. Add the CodePatcher unit to the project.
3. Run the application.
4. Lock the screen (Flag-L).
5. Enter password to unlock the screen.

Outcome with David Heffernan's original code:

//== BOF BUG REPORT =================================================
operating system  : Windows 7 x64 Service Pack 1 build 7601
executable        : Project1.exe
compiled with     : Delphi 7
madExcept version : 3.0o

exception class   : EOSError
exception message : System Error. Code: 5. Access is denied.

main thread ($1b48):
0045c513 +73 Project1.exe SysUtils           RaiseLastOSError
0045c543 +07 Project1.exe SysUtils           Win32Check
00487dc1 +09 Project1.exe Controls 10578  +1 TMouse.GetCursorPos
0049dc7f +27 Project1.exe Unit1       32  +1 TForm1.Timer1Timer
//== EOF BUG REPORT =================================================

Outcome when the "Result := True;" line is uncommented:

No exception raised.

Source files

//==BOF PROJECT1.DPR========================================================================
program Project1;

uses
  madExcept,
  madLinkDisAsm,
  madListHardware,
  madListProcesses,
  madListModules,
  Forms,
  Unit1 in 'Unit1.pas' {Form1},
  CodePatcher in 'CodePatcher.pas';

{$R *.res}

begin
  Application.Initialize;
  Application.CreateForm(TForm1, Form1);
  Application.Run;
end.
//==EOF PROJECT1.DPR========================================================================

//==BOF UNIT1.PAS========================================================================
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, ExtCtrls;

type
  TForm1 = class(TForm)
    Timer1: TTimer;
    Edit1: TEdit;
    procedure Timer1Timer(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.Timer1Timer(Sender: TObject);
begin
  Edit1.Text := IntToStr(Mouse.CursorPos.X);
end;

end.
//==EOF UNIT1.PAS========================================================================


//==BOF CODEPATCHER.PAS========================================================================
unit CodePatcher;

interface

implementation

uses
  Windows, Types, madCodeHook;

var GetCursorPosNextHook : function (var lpPoint: TPoint): BOOL; stdcall;

// David Heffernan's solution
function GetCursorPosHookProc(var lpPoint: TPoint): BOOL; stdcall;
var
  CursorInfo: TCursorInfo;
begin
  CursorInfo.cbSize := SizeOf(CursorInfo);
  Result := GetCursorInfo(CursorInfo);
  if Result then begin
    lpPoint := CursorInfo.ptScreenPos;
  end else begin
    lpPoint := Point(0, 0);
    // Uncomment next line to avoid exception caused by TMouse.GetCursorPos
    //Result := True;
  end;
end;

initialization
  HookAPI('user32.dll', 'GetCursorPos', @GetCursorPosHookProc, @GetCursorPosNextHook);

finalization
  UnhookAPI(@GetCursorPosNextHook);

end.
//==EOF CODEPATCHER.PAS========================================================================