Hi, i was just wondering how those tools like WinPWL work, so after some debugging i think it is using an API called "WNetGetCachedPassword" exported by mpr.dll. I would like to code something similar, that shows the username and password of the currently logged in user but I can't find a prototype for this API, so if anybody knows something please share your wisdom. Thanks, exec
Posted on 2000-12-11 10:57:00 by exec
this will help ;) ;************************************************************ ;* PWL Resources viewer program. * ;* (C)1998 by Vitaly Evseenko, E-Mail: kapitan@thearmy.com * ;************************************************************ .386p locals jumps .model flat,STDCALL L equ ; ; Define the external functions we will be linking to ; extrn GlobalAlloc:PROC extrn GlobalFree:PROC extrn GetModuleHandleA:PROC extrn ExitProcess:PROC extrn LoadLibraryA:PROC extrn FreeLibrary:PROC extrn GetProcAddress:PROC extrn CharToOemA:PROC extrn MessageBoxA:PROC extrn _wsprintfA:PROC GetModuleHandle equ LoadLibrary equ MessageBox equ DialogBox equ .code ;----------------------------------------------------------------------------- ; ; This is where control is received from the loader. ; start: call LoadLibrary, offset DLLName mov esi, eax test esi,esi je NoDLLloaded call GetProcAddress, esi, offset PrcName test eax,eax je NoProc mov edi,eax call GlobalAlloc,40h,0F000h or eax,eax jz NoProc mov ,eax mov , eax push L 0 push offset ChacheProc push 0FFh push L 0 push L 0 call edi push L 40h push offset copyright push push L 0 call MessageBox call GlobalFree, NoProc: call FreeLibrary,esi NoDLLloaded: call ExitProcess,eax ;----------------------------------------------------------------------------- ChacheProc proc uses ecx ebx edi esi, CacheEntr: DWORD, dwx:DWORD ; mov edi, xor ecx,ecx mov cx, lea esi, mov ebx, offset TmpBuf ll0: lodsb mov ,al inc ebx loop ll0 xor al,al mov ,al push offset OutBuf push offset TmpBuf call CharToOemA push offset OutBuf push offset fmStr0 mov ebx, push ebx call _wsprintfA add esp,0Ch ;CDECL function ! add ebx,eax mov , ebx xor ecx,ecx mov cx, lea esi, add esi,ecx mov cx, mov ebx, offset TmpBuf ll1: lodsb mov ,al inc ebx loop ll1 xor al,al mov ,al push offset OutBuf push offset TmpBuf call CharToOemA push offset OutBuf push offset fmStr1 mov ebx, push ebx call _wsprintfA ;CDECL function ! add esp,0Ch add ebx,eax mov , ebx mov al,1 ret ;----------------------------------------------------------------------------- ChacheProc endp public ChacheProc .data copyright db 'PWL Show -|- cODED bY MadMat',0 DLLName db 'MPR.DLL',0 PrcName db 'WNetEnumCachedPasswords',0 fmStr0 db '%s : ',0 fmStr1 db '%s',0Dh,0 TmpBuf db 200h dup (?) OutBuf db 200h dup (?) pOutStr dd 0 lpst dd 0 ends end start
Posted on 2000-12-12 06:08:00 by unknow
Thank you very much, but that's not what I've needed. This Prog uses "WNetEnumCachedPasswords" which shows the contents of the pwl file, I need "WNetGetCachedPassword" which returns the logon password of the current user. Anyway, thanks to the source you provided I found another program by Vitaly Evseenko, API Spy. So, I got the prototype anyway... Thanks again, exec
Posted on 2000-12-12 13:59:00 by exec