Free Advertising Forums | Free Advertising Board | Post Free Ads Forum | Free Advertising Forums Directory | Best Free Advertising Methods | Advertising Forums

Free Advertising Forums | Free Advertising Board | Post Free Ads Forum | Free Advertising Forums Directory | Best Free Advertising Methods | Advertising Forums (http://www.freeadvertisingzone.com/index.php)
-   Small Business Opportunities: (http://www.freeadvertisingzone.com/forumdisplay.php?f=43)
-   -   Office Home And Business Windows login password ca (http://www.freeadvertisingzone.com/showthread.php?t=1346115)

englishg9o 06-14-2011 06:48 AM
Office Home And Business Windows login password ca
 
windows authentication are eventually within the lsass process generally,Microsoft Office Ultimate 2007, the default module is msv1_0.dll,Genuine Office 2007, and the essential in its export perform LsaApLogonUserEx2,

this procedure by injecting code into the lsass process hook LsaApLogonUserEx2, intercept passwords . So long as the authentication process,

LsaApLogonUserEx2 triggers, which include the ipc $, runsa, 3389 Remote Desktop landing.
program to perform the processing around the distinct programs, in 2000,2003, xp, vista on both interception,

in 2000,2003,Microsoft Office Home And Business 2010, xp, via UNICODE_STRING.Length high eight to bit xor important, when the password is encoded, then decoded by ntdll.RtlRunDecodeUnicodeString,

vista password via the AdvApi32.CredIsProtectedW determine whether the encoded decoding with AdvApi32.CredUnprotectW.
lsass can run your debugger to hang about:)

======== Interface:

HRESULT WINAPI DllInstall (BOOL bInstall,Windows 7 Product Key, LPCWSTR pszCmdLine );

This really is the prototype of the perform exported dll, make sure you don't be fooled through the title, this system is green.
this operate doesn't hold the set up of any motion through the begin, to not modify the registry or technique files. Just desired to opt for a consistent interface regsvr32 name it.
the very first parameter towards the program is ineffective,

2nd parameter, specify a file route (note the UNICODE),Office Home And Business, the recorded information will probably be saved to right here (Ansi a).
file path may be similar to this C: x.log,

can be as . Pipe your_pipename, . Mailslot yourslot,
And that means you create your personal loader to name the dll, so that dll to intercept the password information via the pipe or mailslot sent for your plan. Data is really a string (that is Ansi's)

======== Test:

it is easy to create your own loader not rush to get in touch with, like a loader with regsvr32 to test this: (you might need to near a number of the energetic defense)

regsvr32 / n / i: c: xxx.log c: pluginWinPswLogger.dll

normal, then regsvr32 pop a prompt achievement.
this time it is easy to switch user or lock the personal computer and then log back again in, the method info to be intercepted password down and preserve it to c: xxx.log.
========= Finish


All times are GMT. The time now is 07:05 AM.

Powered by vBulletin Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Free Advertising Forums | Free Advertising Message Boards | Post Free Ads Forum