近来, 无聊之极, 将 AutoLogon反汇编, 玩玩..贴出代码如下:
1. 获取用户帐户及其域.
void CAutoLogonDlg::GetAccount(void)
{
HANDLE hProcess = GetCurrentProcess( );
HANDLE hToken = NULL;
if ( OpenProcessToken( hProcess, TOKEN_QUERY, &hToken ) ) {
DWORD dwInfoLen = 0;
TOKEN_USER *ptuUser = 0;
GetTokenInformation( hToken, TokenUser, NULL, 0, &dwInfoLen );
ptuUser = ( TOKEN_USER* )malloc( dwInfoLen );
if ( ptuUser == NULL ) {
CloseHandle( hToken );
CloseHandle( hProcess );
return ;
}
if ( GetTokenInformation( hToken, TokenUser, ( LPVOID )ptuUser, dwInfoLen, &dwInfoLen ) ) {
SID_NAME_USE snu;
DWORD dwUsernameLen = MAX_PATH;
DWORD dwDomainLen = MAX_PATH;
WCHAR szUsername[ MAX_PATH ] = { 0 };
WCHAR szDomain [ MAX_PATH ] = { 0 };
if ( LookupAccountSid( NULL, ptuUser->User.Sid, szUsername, &dwUsernameLen, szDomain, &dwDomainLen, &snu ) ) {
SetDlgItemText( IDC_EDIT_USERNAME, szUsername );
SetDlgItemText( IDC_EDIT_DOMAIN, szDomain );
}
}
free( ptuUser );
CloseHandle( hToken );
}
CloseHandle( hProcess );
}
{
HANDLE hProcess = GetCurrentProcess( );
HANDLE hToken = NULL;
if ( OpenProcessToken( hProcess, TOKEN_QUERY, &hToken ) ) {
DWORD dwInfoLen = 0;
TOKEN_USER *ptuUser = 0;
GetTokenInformation( hToken, TokenUser, NULL, 0, &dwInfoLen );
ptuUser = ( TOKEN_USER* )malloc( dwInfoLen );
if ( ptuUser == NULL ) {
CloseHandle( hToken );
CloseHandle( hProcess );
return ;
}
if ( GetTokenInformation( hToken, TokenUser, ( LPVOID )ptuUser, dwInfoLen, &dwInfoLen ) ) {
SID_NAME_USE snu;
DWORD dwUsernameLen = MAX_PATH;
DWORD dwDomainLen = MAX_PATH;
WCHAR szUsername[ MAX_PATH ] = { 0 };
WCHAR szDomain [ MAX_PATH ] = { 0 };
if ( LookupAccountSid( NULL, ptuUser->User.Sid, szUsername, &dwUsernameLen, szDomain, &dwDomainLen, &snu ) ) {
SetDlgItemText( IDC_EDIT_USERNAME, szUsername );
SetDlgItemText( IDC_EDIT_DOMAIN, szDomain );
}
}
free( ptuUser );
CloseHandle( hToken );
}
CloseHandle( hProcess );
}
2. 设置自动登录.
void CAutoLogonDlg::SetAutoLogon( LPTSTR szUsername, LPTSTR szDomain, LPTSTR szPassword )
{
if ( szUsername == NULL || szDomain == NULL || szPassword == NULL ||
lstrcmp( L"", szUsername ) == 0 ||
lstrcmp( L"", szDomain ) == 0 ||
lstrcmp( L"", szPassword ) == 0 ) {
MessageBox( L"Set AutoLogon failed" );
return ;
}
LSA_OBJECT_ATTRIBUTES lsaAttr = { sizeof( LSA_OBJECT_ATTRIBUTES ) };
LSA_HANDLE hLsa;
HKEY hKey;
if ( ::RegOpenKeyEx( HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
0, KEY_ALL_ACCESS, &hKey ) != ERROR_SUCCESS ) {
MessageBox( L"Open register failed" );
return ;
}
if ( ::RegSetValueEx( hKey, L"DefaultUserName", 0, REG_SZ, ( BYTE* )szUsername, lstrlen( szUsername ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L"Set register failed" );
RegCloseKey( hKey );
return ;
}
if ( ::RegSetValueEx( hKey, L"DefaultDomainName", 0, REG_SZ, ( BYTE* )szDomain, lstrlen( szDomain ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L"Set register failed" );
RegCloseKey( hKey );
return ;
}
if ( LsaOpenPolicy( NULL, &lsaAttr, POLICY_CREATE_SECRET, &hLsa ) == STATUS_SUCCESS ) {
WCHAR* pszPasswordKey = L"DefaultPassword";
DWORD dwPasswordKeyLen = lstrlen( pszPasswordKey ) * 2; // 因为双字节数据点两个字节长度
LSA_UNICODE_STRING lsaPasswordKey;
lsaPasswordKey.Length = dwPasswordKeyLen;
lsaPasswordKey.MaximumLength = dwPasswordKeyLen + 2; // 把末尾的空加上
lsaPasswordKey.Buffer = pszPasswordKey;
LSA_UNICODE_STRING lsaPassword;
DWORD dwPasswordLen = lstrlen( szPassword ) * 2;
lsaPassword.Length = dwPasswordLen;
lsaPassword.MaximumLength = dwPasswordLen + 2;
lsaPassword.Buffer = szPassword;
bool fEncript = true;
if ( LsaStorePrivateData( hLsa, &lsaPasswordKey, &lsaPassword ) == STATUS_SUCCESS ) {
RegDeleteValue( hKey, L"DefaultPassword" );
} else {
if ( RegSetValueEx( hKey, L"DefaultPassword", 0, REG_SZ, ( BYTE* )szPassword, lstrlen( szPassword ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L"Set AutoLogon Failed" );
LsaClose( hLsa );
RegCloseKey( hKey );
return;
} else {
fEncript = false;
}
}
LsaClose( hLsa );
if ( RegSetValueEx( hKey, L"AutoAdminLogon", 0, REG_SZ, ( BYTE* )( L"1" ), 2 ) == ERROR_SUCCESS ) {
if ( fEncript ) {
MessageBox( L"successfully, \nand the password is encripted" );
} else {
MessageBox( L"successfully, \nbut the password is NOT encripted" );
}
}
}
RegCloseKey( hKey );
LsaClose( hLsa );
}
{
if ( szUsername == NULL || szDomain == NULL || szPassword == NULL ||
lstrcmp( L"", szUsername ) == 0 ||
lstrcmp( L"", szDomain ) == 0 ||
lstrcmp( L"", szPassword ) == 0 ) {
MessageBox( L"Set AutoLogon failed" );
return ;
}
LSA_OBJECT_ATTRIBUTES lsaAttr = { sizeof( LSA_OBJECT_ATTRIBUTES ) };
LSA_HANDLE hLsa;
HKEY hKey;
if ( ::RegOpenKeyEx( HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
0, KEY_ALL_ACCESS, &hKey ) != ERROR_SUCCESS ) {
MessageBox( L"Open register failed" );
return ;
}
if ( ::RegSetValueEx( hKey, L"DefaultUserName", 0, REG_SZ, ( BYTE* )szUsername, lstrlen( szUsername ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L"Set register failed" );
RegCloseKey( hKey );
return ;
}
if ( ::RegSetValueEx( hKey, L"DefaultDomainName", 0, REG_SZ, ( BYTE* )szDomain, lstrlen( szDomain ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L"Set register failed" );
RegCloseKey( hKey );
return ;
}
if ( LsaOpenPolicy( NULL, &lsaAttr, POLICY_CREATE_SECRET, &hLsa ) == STATUS_SUCCESS ) {
WCHAR* pszPasswordKey = L"DefaultPassword";
DWORD dwPasswordKeyLen = lstrlen( pszPasswordKey ) * 2; // 因为双字节数据点两个字节长度
LSA_UNICODE_STRING lsaPasswordKey;
lsaPasswordKey.Length = dwPasswordKeyLen;
lsaPasswordKey.MaximumLength = dwPasswordKeyLen + 2; // 把末尾的空加上
lsaPasswordKey.Buffer = pszPasswordKey;
LSA_UNICODE_STRING lsaPassword;
DWORD dwPasswordLen = lstrlen( szPassword ) * 2;
lsaPassword.Length = dwPasswordLen;
lsaPassword.MaximumLength = dwPasswordLen + 2;
lsaPassword.Buffer = szPassword;
bool fEncript = true;
if ( LsaStorePrivateData( hLsa, &lsaPasswordKey, &lsaPassword ) == STATUS_SUCCESS ) {
RegDeleteValue( hKey, L"DefaultPassword" );
} else {
if ( RegSetValueEx( hKey, L"DefaultPassword", 0, REG_SZ, ( BYTE* )szPassword, lstrlen( szPassword ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L"Set AutoLogon Failed" );
LsaClose( hLsa );
RegCloseKey( hKey );
return;
} else {
fEncript = false;
}
}
LsaClose( hLsa );
if ( RegSetValueEx( hKey, L"AutoAdminLogon", 0, REG_SZ, ( BYTE* )( L"1" ), 2 ) == ERROR_SUCCESS ) {
if ( fEncript ) {
MessageBox( L"successfully, \nand the password is encripted" );
} else {
MessageBox( L"successfully, \nbut the password is NOT encripted" );
}
}
}
RegCloseKey( hKey );
LsaClose( hLsa );
}