Enumerating Windows credentials with CredEnumerate function (Windows XP/2003 Only)

最新推荐文章于 2022-08-03 15:11:40 发布

iiprogram

最新推荐文章于 2022-08-03 15:11:40 发布

阅读量1.7k

点赞数

分类专栏： vcbcbdelphi的window编程文章标签： windows credentials function winapi filter byte

本文链接：https://blog.csdn.net/iiprogram/article/details/2456710

版权

vcbcbdelphi的window编程专栏收录该内容

551 篇文章 1 订阅

订阅专栏

The following code sample enumerates all credentials of the current logged on user, and dump them into the standard output.

First, the CWinCredentials class encapsulates the calls to credentials API functions:

class CWinCredentials
{
protected:

	typedef BOOL (WINAPI *CredReadFuncType)(
		LPCTSTR TargetName, 
		DWORD Type, 
		DWORD Flags, 
		PCREDENTIAL *Credential
		);

	typedef BOOL (WINAPI *CredEnumerateType)(
		LPCTSTR Filter, 
		DWORD Flags, 
		DWORD *Count, 
		PCREDENTIAL **Credentials
		);

	typedef VOID (WINAPI *CredFreeFuncType)(PVOID Buffer);

	
	HMODULE hAdvApi32;
	BOOL bLoaded;
	CredReadFuncType pCredRead;
	CredFreeFuncType pCredFree;
	CredEnumerateType pCredEnumerate;

public:
	CWinCredentials();
	~CWinCredentials();
	BOOL LoadCredsLibrary();
	void FreeCredsLibrary();
	BOOL IsLoaded();
	BOOL CredRead(
		LPCTSTR TargetName, 
		DWORD Type, 
		DWORD Flags, 
		PCREDENTIAL *Credential
		);

	BOOL CredEnumerate(
		LPCTSTR Filter, 
		DWORD Flags, 
		DWORD *Count, 
		PCREDENTIAL **Credentials
		);

	VOID CredFree(PVOID Buffer);
};

CWinCredentials::CWinCredentials()
{
	hAdvApi32 = NULL;
	bLoaded = FALSE;
}

CWinCredentials::~CWinCredentials()
{
	FreeCredsLibrary();
}

BOOL CWinCredentials::IsLoaded()
{
	return bLoaded;
}


BOOL CWinCredentials::LoadCredsLibrary()
{
	if (bLoaded) return TRUE;

	hAdvApi32 = LoadLibrary(_T("advapi32.dll"));
	if (hAdvApi32 != NULL)
	{
		//Dynamically load CredRead, CredEnumerate, and CredFree API functions.
		pCredRead = (CredReadFuncType)GetProcAddress(hAdvApi32, "CredReadW");
		pCredFree = (CredFreeFuncType)GetProcAddress(hAdvApi32, "CredFree");
		pCredEnumerate = (CredEnumerateType)GetProcAddress(hAdvApi32, "CredEnumerateW");

		//If all 3 functions are available, return TRUE.
		if (pCredRead != NULL && pCredFree != NULL && pCredEnumerate != NULL)
			bLoaded = TRUE;
		else
		{
			//Failed to load the credentials API functions.
			FreeCredsLibrary();
		}
	}

	return bLoaded;
}

void CWinCredentials::FreeCredsLibrary()
{
	//Free advapi32 library, if we previously loaded it.
	if (hAdvApi32 != NULL)
	{
		FreeLibrary(hAdvApi32);
		hAdvApi32 = NULL;
	}

	bLoaded = FALSE;

}


BOOL CWinCredentials::CredRead(
	LPCTSTR TargetName, 
	DWORD Type, 
	DWORD Flags, 
	PCREDENTIAL *Credential
	)
{
	if (bLoaded)
		return pCredRead(TargetName, Type, Flags, Credential);
	else
		return FALSE;
}


BOOL CWinCredentials::CredEnumerate(
	LPCTSTR Filter, 
	DWORD Flags, 
	DWORD *Count, 
	PCREDENTIAL **Credentials
	)
{
	if (bLoaded)
		return pCredEnumerate(Filter, Flags, Count, Credentials);
	else
		return FALSE;
}

VOID CWinCredentials::CredFree(PVOID Buffer)
{
	if (bLoaded)
		pCredFree(Buffer);
}

The main function uses the CWinCredentials class to enumerate the credentials of the current logged on user, and dump the information to the standard output:

int wmain( int argc, wchar_t *argv[])
{
	CWinCredentials WinCredentials;

	//Load Credentials API functions.
	if (WinCredentials.LoadCredsLibrary())
	{

		PCREDENTIAL *pCredArray = NULL;
		DWORD dwCount = 0;

		//Load all credentials into array.
		if (WinCredentials.CredEnumerate(NULL, 0, &dwCount, &pCredArray))
		{

			for (DWORD dwIndex = 0; dwIndex < dwCount; dwIndex++)
			{
				PCREDENTIAL pCredential = pCredArray[dwIndex];

				//Write the Credential information into the standard output.
				printf("*********************************************/r/n");
				printf(	"Flags:   %d/r/n"/
						"Type:    %d/r/n"/
						"Name:    %ls/r/n"/
						"Comment: %ls/r/n"/
						"Persist: %d/r/n"/
						"User:    %ls/r/n",
						pCredential->Flags,
						pCredential->Type,
						pCredential->TargetName, 
						pCredential->Comment,
						pCredential->Persist,
						pCredential->UserName);

				
				printf( "Data: /r/n");

				char szHexBuffer[256] = "";
				char szAsciiBuffer[256] = "";
				char szHex[16];
				char szAscii[2];
				DWORD dwByte;

				//Write the credential's data as Hex Dump.
				for (dwByte = 0; dwByte < pCredential->CredentialBlobSize; dwByte++)
				{
					BYTE byte1 = pCredential->CredentialBlob[dwByte];
					sprintf(szHex, "%2.2X ", byte1);
					szAscii[1] = '/0';

					if (byte1 >= 32 && byte1 < 128)
						szAscii[0] = (UCHAR)byte1;
					else
						szAscii[0] = ' ';

					strcat(szHexBuffer, szHex);
					strcat(szAsciiBuffer, szAscii);

					if (dwByte == pCredential->CredentialBlobSize - 1 
						|| dwByte % 16 == 15)
					{
						printf("%-50s %s/r/n", szHexBuffer, szAsciiBuffer);
						szHexBuffer[0] = '/0';
						szAsciiBuffer[0] = '/0';
					}


				}

				printf("*********************************************/r/n");
				printf("/r/n/r/n");

			}

			//Free the credentials array.
			WinCredentials.CredFree(pCredArray);
		}
		
	}
	else
	{

		printf("Failed to load the Credentials API functions !/r/n");
	}

	return 0;
}

Download CredView Sample Project