Hi, I have a problem with NetUserEnum function, I found the topic at this forum about NetUserEnum function but it couldn't help me.
Could someone look at this code and tell me what is wrong:
The result is two chars that are not the user name :).
I also tried NetQueryDisplayInformation, but the result was simliar.
Maybe someone have an example of how to use these functions. Assembler code, of course...
Could someone look at this code and tell me what is wrong:
format PE GUI 4.0
entry start
include '%flatpath%\Include\win32ax.inc'
struct USER_INFO_0
usri0_name db 20 dup (0)
ends
section '.data' data readable writeable
_buf USER_INFO_0
EntRead dd ?
TotEntr dd ?
section '.code' code readable executable
start:
invoke NetUserEnum,0,0,2,addr _buf,-1,EntRead,TotEntr,0
invoke MessageBox,HWND_DESKTOP,_buf.usri0_name,"TEST",MB_OK
exit:
invoke ExitProcess,0
section '.idata' import data readable writeable
library kernel,'KERNEL32.DLL',\
netapi32,'NETAPI32.DLL',\
user,'USER32.DLL'
import kernel,\
ExitProcess,'ExitProcess'
import netapi32,\
NetUserEnum,'NetUserEnum'
import user,\
MessageBox,'MessageBoxA'
The result is two chars that are not the user name :).
I also tried NetQueryDisplayInformation, but the result was simliar.
Maybe someone have an example of how to use these functions. Assembler code, of course...
The bufptr parameter:
Pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must free the buffer even if the function fails with ERROR_MORE_DATA.
Change a couple of lines of code and it works:
Then _buf points to an array of pointers which (finally) contain user names.
Just watch out - those names are in Unicode.
Pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must free the buffer even if the function fails with ERROR_MORE_DATA.
Change a couple of lines of code and it works:
section '.data' data readable writeable
_buf dd ?
section '.code' code readable executable
invoke NetUserEnum,0,0,2,_buf,-1,EntRead,TotEntr,0
Then _buf points to an array of pointers which (finally) contain user names.
Just watch out - those names are in Unicode.
Had a play around and got some odd user accounts on my computer (XPHSP2).
Control Panel -> Users shows 2 - mine and Guest.
This code shows me 6 - now "Administrator" and "ASPNET" I can figure out, but "HelpAssistant" and "SUPPORT_388945a0"???
Control Panel -> Users shows 2 - mine and Guest.
This code shows me 6 - now "Administrator" and "ASPNET" I can figure out, but "HelpAssistant" and "SUPPORT_388945a0"???
format PE GUI 4.0
entry start
include 'win32wx.inc'
section '.data' data readable writeable
_buf dd ?
EntRead dd ?
TotEntr dd ?
section '.code' code readable executable
start:
invoke NetUserEnum,0,0,2,_buf,-1,EntRead,TotEntr,0
mov esi,
mov edi,[_buf]
.1: mov eax,
add edi,4
invoke MessageBox,HWND_DESKTOP,eax,"TEST",MB_OK
dec esi
jnz .1
exit:
invoke ExitProcess,0
section '.idata' import data readable writeable
library kernel,'KERNEL32.DLL',\
netapi32,'NETAPI32.DLL',\
user,'USER32.DLL'
import kernel,\
ExitProcess,'ExitProcess'
import netapi32,\
NetUserEnum,'NetUserEnum'
import user,\
MessageBox,'MessageBoxW'
Thank you sinsi, your code works fine, so these two chars was the pointer to an array.
Now, I have to figure out how to convert the result to ANSII, because I'm using this code bellow to print the result in the console and it works like MessageBoxA, I only see the first letter of user name...
Thanks again...
Now, I have to figure out how to convert the result to ANSII, because I'm using this code bellow to print the result in the console and it works like MessageBoxA, I only see the first letter of user name...
proc WriteText text
local wr dd ?
invoke WriteFile,<invoke GetStdHandle,STD_OUTPUT_HANDLE>,,<invoke lstrlen,>,addr wr,0
ret
endp
Thanks again...
Like I said, the strings are unicode (wide) strings, so you have to either convert them to ansi, or do what I did and use the unicode version of MessageBox (MessageBoxW).
If you're writing it to a console, use WriteConsoleW instead of WriteFile.
If you're writing it to a console, use WriteConsoleW instead of WriteFile.