近来, 无聊之极, 将 AutoLogon反汇编, 玩玩..贴出代码如下:
1. 获取用户帐户及其域.
void
CAutoLogonDlg::GetAccount(
void
)
{
HANDLE hProcess = GetCurrentProcess( );
HANDLE hToken = NULL;
if ( OpenProcessToken( hProcess, TOKEN_QUERY, & hToken ) ) {
DWORD dwInfoLen = 0 ;
TOKEN_USER * ptuUser = 0 ;
GetTokenInformation( hToken, TokenUser, NULL, 0 , & dwInfoLen );
ptuUser = ( TOKEN_USER * )malloc( dwInfoLen );
if ( ptuUser == NULL ) {
CloseHandle( hToken );
CloseHandle( hProcess );
return ;
}
if ( GetTokenInformation( hToken, TokenUser, ( LPVOID )ptuUser, dwInfoLen, & dwInfoLen ) ) {
SID_NAME_USE snu;
DWORD dwUsernameLen = MAX_PATH;
DWORD dwDomainLen = MAX_PATH;
WCHAR szUsername[ MAX_PATH ] = { 0 };
WCHAR szDomain [ MAX_PATH ] = { 0 };
if ( LookupAccountSid( NULL, ptuUser -> User.Sid, szUsername, & dwUsernameLen, szDomain, & dwDomainLen, & snu ) ) {
SetDlgItemText( IDC_EDIT_USERNAME, szUsername );
SetDlgItemText( IDC_EDIT_DOMAIN, szDomain );
}
}
free( ptuUser );
CloseHandle( hToken );
}
CloseHandle( hProcess );
}
{
HANDLE hProcess = GetCurrentProcess( );
HANDLE hToken = NULL;
if ( OpenProcessToken( hProcess, TOKEN_QUERY, & hToken ) ) {
DWORD dwInfoLen = 0 ;
TOKEN_USER * ptuUser = 0 ;
GetTokenInformation( hToken, TokenUser, NULL, 0 , & dwInfoLen );
ptuUser = ( TOKEN_USER * )malloc( dwInfoLen );
if ( ptuUser == NULL ) {
CloseHandle( hToken );
CloseHandle( hProcess );
return ;
}
if ( GetTokenInformation( hToken, TokenUser, ( LPVOID )ptuUser, dwInfoLen, & dwInfoLen ) ) {
SID_NAME_USE snu;
DWORD dwUsernameLen = MAX_PATH;
DWORD dwDomainLen = MAX_PATH;
WCHAR szUsername[ MAX_PATH ] = { 0 };
WCHAR szDomain [ MAX_PATH ] = { 0 };
if ( LookupAccountSid( NULL, ptuUser -> User.Sid, szUsername, & dwUsernameLen, szDomain, & dwDomainLen, & snu ) ) {
SetDlgItemText( IDC_EDIT_USERNAME, szUsername );
SetDlgItemText( IDC_EDIT_DOMAIN, szDomain );
}
}
free( ptuUser );
CloseHandle( hToken );
}
CloseHandle( hProcess );
}
2. 设置自动登录.
void
CAutoLogonDlg::SetAutoLogon( LPTSTR szUsername, LPTSTR szDomain, LPTSTR szPassword )
{
if ( szUsername == NULL || szDomain == NULL || szPassword == NULL ||
lstrcmp( L "" , szUsername ) == 0 ||
lstrcmp( L "" , szDomain ) == 0 ||
lstrcmp( L "" , szPassword ) == 0 ) {
MessageBox( L " Set AutoLogon failed " );
return ;
}
LSA_OBJECT_ATTRIBUTES lsaAttr = { sizeof ( LSA_OBJECT_ATTRIBUTES ) };
LSA_HANDLE hLsa;
HKEY hKey;
if ( ::RegOpenKeyEx( HKEY_LOCAL_MACHINE, L " SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon " ,
0 , KEY_ALL_ACCESS, & hKey ) != ERROR_SUCCESS ) {
MessageBox( L " Open register failed " );
return ;
}
if ( ::RegSetValueEx( hKey, L " DefaultUserName " , 0 , REG_SZ, ( BYTE * )szUsername, lstrlen( szUsername ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L " Set register failed " );
RegCloseKey( hKey );
return ;
}
if ( ::RegSetValueEx( hKey, L " DefaultDomainName " , 0 , REG_SZ, ( BYTE * )szDomain, lstrlen( szDomain ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L " Set register failed " );
RegCloseKey( hKey );
return ;
}
if ( LsaOpenPolicy( NULL, & lsaAttr, POLICY_CREATE_SECRET, & hLsa ) == STATUS_SUCCESS ) {
WCHAR * pszPasswordKey = L " DefaultPassword " ;
DWORD dwPasswordKeyLen = lstrlen( pszPasswordKey ) * 2 ; // 因为双字节数据点两个字节长度
LSA_UNICODE_STRING lsaPasswordKey;
lsaPasswordKey.Length = dwPasswordKeyLen;
lsaPasswordKey.MaximumLength = dwPasswordKeyLen + 2 ; // 把末尾的空加上
lsaPasswordKey.Buffer = pszPasswordKey;
LSA_UNICODE_STRING lsaPassword;
DWORD dwPasswordLen = lstrlen( szPassword ) * 2 ;
lsaPassword.Length = dwPasswordLen;
lsaPassword.MaximumLength = dwPasswordLen + 2 ;
lsaPassword.Buffer = szPassword;
bool fEncript = true ;
if ( LsaStorePrivateData( hLsa, & lsaPasswordKey, & lsaPassword ) == STATUS_SUCCESS ) {
RegDeleteValue( hKey, L " DefaultPassword " );
} else {
if ( RegSetValueEx( hKey, L " DefaultPassword " , 0 , REG_SZ, ( BYTE * )szPassword, lstrlen( szPassword ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L " Set AutoLogon Failed " );
LsaClose( hLsa );
RegCloseKey( hKey );
return ;
} else {
fEncript = false ;
}
}
LsaClose( hLsa );
if ( RegSetValueEx( hKey, L " AutoAdminLogon " , 0 , REG_SZ, ( BYTE * )( L " 1 " ), 2 ) == ERROR_SUCCESS ) {
if ( fEncript ) {
MessageBox( L " successfully, \nand the password is encripted " );
} else {
MessageBox( L " successfully, \nbut the password is NOT encripted " );
}
}
}
RegCloseKey( hKey );
LsaClose( hLsa );
}
{
if ( szUsername == NULL || szDomain == NULL || szPassword == NULL ||
lstrcmp( L "" , szUsername ) == 0 ||
lstrcmp( L "" , szDomain ) == 0 ||
lstrcmp( L "" , szPassword ) == 0 ) {
MessageBox( L " Set AutoLogon failed " );
return ;
}
LSA_OBJECT_ATTRIBUTES lsaAttr = { sizeof ( LSA_OBJECT_ATTRIBUTES ) };
LSA_HANDLE hLsa;
HKEY hKey;
if ( ::RegOpenKeyEx( HKEY_LOCAL_MACHINE, L " SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon " ,
0 , KEY_ALL_ACCESS, & hKey ) != ERROR_SUCCESS ) {
MessageBox( L " Open register failed " );
return ;
}
if ( ::RegSetValueEx( hKey, L " DefaultUserName " , 0 , REG_SZ, ( BYTE * )szUsername, lstrlen( szUsername ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L " Set register failed " );
RegCloseKey( hKey );
return ;
}
if ( ::RegSetValueEx( hKey, L " DefaultDomainName " , 0 , REG_SZ, ( BYTE * )szDomain, lstrlen( szDomain ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L " Set register failed " );
RegCloseKey( hKey );
return ;
}
if ( LsaOpenPolicy( NULL, & lsaAttr, POLICY_CREATE_SECRET, & hLsa ) == STATUS_SUCCESS ) {
WCHAR * pszPasswordKey = L " DefaultPassword " ;
DWORD dwPasswordKeyLen = lstrlen( pszPasswordKey ) * 2 ; // 因为双字节数据点两个字节长度
LSA_UNICODE_STRING lsaPasswordKey;
lsaPasswordKey.Length = dwPasswordKeyLen;
lsaPasswordKey.MaximumLength = dwPasswordKeyLen + 2 ; // 把末尾的空加上
lsaPasswordKey.Buffer = pszPasswordKey;
LSA_UNICODE_STRING lsaPassword;
DWORD dwPasswordLen = lstrlen( szPassword ) * 2 ;
lsaPassword.Length = dwPasswordLen;
lsaPassword.MaximumLength = dwPasswordLen + 2 ;
lsaPassword.Buffer = szPassword;
bool fEncript = true ;
if ( LsaStorePrivateData( hLsa, & lsaPasswordKey, & lsaPassword ) == STATUS_SUCCESS ) {
RegDeleteValue( hKey, L " DefaultPassword " );
} else {
if ( RegSetValueEx( hKey, L " DefaultPassword " , 0 , REG_SZ, ( BYTE * )szPassword, lstrlen( szPassword ) * 2 ) != ERROR_SUCCESS ) {
MessageBox( L " Set AutoLogon Failed " );
LsaClose( hLsa );
RegCloseKey( hKey );
return ;
} else {
fEncript = false ;
}
}
LsaClose( hLsa );
if ( RegSetValueEx( hKey, L " AutoAdminLogon " , 0 , REG_SZ, ( BYTE * )( L " 1 " ), 2 ) == ERROR_SUCCESS ) {
if ( fEncript ) {
MessageBox( L " successfully, \nand the password is encripted " );
} else {
MessageBox( L " successfully, \nbut the password is NOT encripted " );
}
}
}
RegCloseKey( hKey );
LsaClose( hLsa );
}