diff options
| author | Dirk | 2014-06-10 14:19:40 +0200 |
|---|---|---|
| committer | Dirk | 2014-06-10 14:19:40 +0200 |
| commit | 8bb7ed968db64e9b12a6447e2eec3586ef9e935c (patch) | |
| tree | cd038af0c4b67b2f9a029e4a203fcf102f42aa13 /windows/bootpgm/win32/experimental.cpp | |
| parent | Minor cleanup. (diff) | |
| download | tm-scripts-8bb7ed968db64e9b12a6447e2eec3586ef9e935c.tar.gz tm-scripts-8bb7ed968db64e9b12a6447e2eec3586ef9e935c.tar.xz tm-scripts-8bb7ed968db64e9b12a6447e2eec3586ef9e935c.zip | |
Windows system name changer during bootup.
Diffstat (limited to 'windows/bootpgm/win32/experimental.cpp')
| -rw-r--r-- | windows/bootpgm/win32/experimental.cpp | 275 |
1 files changed, 275 insertions, 0 deletions
diff --git a/windows/bootpgm/win32/experimental.cpp b/windows/bootpgm/win32/experimental.cpp new file mode 100644 index 00000000..23746310 --- /dev/null +++ b/windows/bootpgm/win32/experimental.cpp @@ -0,0 +1,275 @@ +#include "stdafx.h"
+#include "handle.h"
+#include "account.h"
+#include "io.h"
+#include "main.h"
+
+void showAutoLogonName(IO &io,char *args)
+{
+ RegKey k(L"Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon");
+ char buffer[40];
+ io.println(k.get_string_value(&UnicodeString(L"DefaultUsername")).chars(buffer,40));
+}
+
+void get_privilege(long id)
+{
+ HANDLE h;
+ ULONG status=NtOpenProcessToken(
+ NtCurrentProcess()
+ ,0x20
+ ,&h);
+ CHECKER(status)
+
+ TOKEN_PRIVILEGES tp;
+ tp.count = 1;
+ tp.Privileges[0].Luid = NT::RtlConvertLongToLuid(id);
+ tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+
+ status = NtAdjustPrivilegesToken(
+ h
+ ,false
+ ,&tp
+ ,0
+ ,0
+ ,0);
+ CHECKER(status)
+
+ ZwClose(h);
+}
+
+void loadSam(IO &io,char *args)
+{
+ get_privilege(SE_RESTORE_PRIVILEGE);
+
+ RegKey machine(L"Machine\\");
+
+ UnicodeString key(L"SAM");
+ UnicodeString path(L"\\??\\C:\\WINDOWS\\system32\\config\\SAM");
+
+ OBJECT_ATTRIBUTES dest;
+ InitializeObjectAttributes(
+ &dest,
+ &key.unicode_string(),
+ OBJ_CASE_INSENSITIVE,
+ machine.get_handle(),
+ NULL);
+
+ OBJECT_ATTRIBUTES file;
+ InitializeObjectAttributes(
+ &file,
+ &path.unicode_string(),
+ OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+
+ ULONG status=NtLoadKey(&dest,&file);
+ CHECKER(status)
+}
+
+void save_key_to(UnicodeString &key,UnicodeString &path)
+{
+ get_privilege(SE_BACKUP_PRIVILEGE);
+
+ RegKey sam(key);
+ sam.flush();
+
+ OBJECT_ATTRIBUTES file;
+ InitializeObjectAttributes(
+ &file,
+ &path.unicode_string(),
+ OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+ HANDLE hFile;
+ IO_STATUS_BLOCK ios;
+ ULONG status = ZwCreateFile(
+ &hFile
+ ,GENERIC_WRITE
+ ,&file
+ ,&ios
+ ,0
+ ,0
+ ,0
+ ,FILE_CREATE
+ ,0
+ ,0
+ ,0);
+ CHECKER(status);
+
+ sam.save_to(hFile);
+ ZwClose(hFile);
+}
+
+void saveSam(IO &io,char *args)
+{
+ save_key_to(UnicodeString(L"Machine\\SAM")
+ ,UnicodeString(L"\\??\\C:\\WINDOWS\\system32\\config\\SAM.bak"));
+}
+
+void unloadSam(IO &io,char *args)
+{
+ RegKey(L"Machine\\SAM").flush();
+
+ RegKey machine(L"Machine\\");
+ UnicodeString key(L"SAM");
+
+ OBJECT_ATTRIBUTES dest;
+ InitializeObjectAttributes(
+ &dest,
+ &key.unicode_string(),
+ OBJ_CASE_INSENSITIVE,
+ machine.get_handle(),
+ NULL);
+ ULONG status = NtUnloadKey(&dest);
+ CHECKER(status)
+}
+
+void showName(IO &io,char *args)
+{
+ if (!*args)
+ {
+ io.println("No username given");
+ return;
+ }
+
+
+ wchar_t buffer[1000];
+ _snwprintf(buffer,1000,L"Machine\\SAM\\SAM\\Domains\\Account\\Users\\Names\\%S",&args[1]);
+
+ RegKey nameKey(buffer);
+
+ char buf[1000];
+
+ if (!nameKey.valid())
+ {
+ _snprintf(buf,sizeof(buf),"User not found: %s",&args[1]);
+ io.println(buf);
+ return;
+ }
+
+ ULONG type;
+ int length = nameKey.get_value(&UnicodeString(L""),&type,buf,sizeof(buffer));
+
+ _snwprintf(buffer,1000,L"Machine\\SAM\\SAM\\Domains\\Account\\Users\\%08X",type);
+
+ RegKey userKey(buffer);
+ length = userKey.get_value(&UnicodeString(L"V"),&type,buf,sizeof(buffer));
+
+ entry *es=read_entries(buf,V_ENTRY_COUNT);
+
+ char buf2[1000];
+ io.print("Name: ");
+ io.println(UnicodeString((wchar_t *)es[USERNAME_E].data,es[USERNAME_E].length).chars(buf2,sizeof(buf2)));
+ io.print("Voller Name: ");
+ io.println(UnicodeString((wchar_t *)es[FULLNAME_E].data,es[FULLNAME_E].length).chars(buf2,sizeof(buf2)));
+}
+
+void testRegKey(IO &io,char *args)
+{
+ wchar_t buffer[1000];
+ _snwprintf(buffer,1000,L"Machine\\SAM\\SAM\\Domains\\Account\\Users\\Names\\%S",&args[1]);
+
+ char buf[1000];
+ UnicodeString str(buffer);
+ io.println(str.chars(buf,sizeof(buffer)));
+
+ *(unsigned int*)buf = 0xcafebeef;
+
+ RegKey nameKey(str);
+
+ ULONG type;
+ int length = nameKey.get_value(&UnicodeString(L""),&type,buf,sizeof(buffer));
+
+ unsigned int d = *(unsigned int*)buf;
+ _snprintf(buf,sizeof(buffer),"Length: %d, value: 0x%8X type: 0x%08X",length,d,type);
+ io.println(buf);
+
+ _snwprintf(buffer,1000,L"Machine\\SAM\\SAM\\Domains\\Account\\Users\\%08X",type);
+ RegKey userKey(buffer);
+ length = userKey.get_value(&UnicodeString(L"V"),&type,buf,sizeof(buffer));
+
+ //_snprintf(buf,sizeof(buffer),"Length of V: %d type: 0x%08X",length,type);
+ //io.println(buf);
+ entry *es=read_entries(buf,V_ENTRY_COUNT);
+
+ char buf2[1000];
+ io.println(UnicodeString((wchar_t *)es[1].data,es[1].length).chars(buf2,sizeof(buf2)));
+
+ es[USERNAME_E].data = L"Gustav";
+ es[USERNAME_E].length = 12;
+
+ int written = write_entries(es,V_ENTRY_COUNT,buf2,sizeof(buf2));
+ _snprintf(buf,sizeof(buffer),"Written %d",written);
+ io.println(buf);
+ userKey.set_value(&UnicodeString(L"V"),type,buf2,written);
+
+ userKey.flush();
+}
+
+const int RdWrIoPort = 0x80;
+
+void initReg(IO &io2,char *args)
+{
+ //ULONG status = NtInitializeRegistry(2);
+ //CHECKER(status);
+ unsigned int addr=0x8066eb34; //CmpNoWrite
+
+ char *c=(char*)addr;
+
+ BYTE Value;
+
+ IO_STRUCT io;
+ memset(&io, 0, sizeof(io));
+ io.IoAddr = RdWrIoPort;
+ io.pBuffer = (PVOID)(ULONG_PTR)addr;
+ io.NumBytes = 1;
+ io.Reserved4 = 1;
+ io.Reserved6 = 1;
+ ULONG status = ZwSystemDebugControl(DebugSysWriteIoSpace, &io, sizeof(io), NULL, 0,NULL);
+ CHECKER(status)
+
+ memset(&io, 0, sizeof(io));
+ io.IoAddr = RdWrIoPort;
+ io.pBuffer = &Value;
+ io.NumBytes = 1;
+ io.Reserved4 = 1;
+ io.Reserved6 = 1;
+ status = ZwSystemDebugControl(DebugSysReadIoSpace, &io, sizeof(io), NULL, 0,NULL);
+ CHECKER(status);
+
+ if (Value == 1)
+ {
+ io2.println("NoWrite set, now resetting");
+ Value = 0;
+
+ memset(&io, 0, sizeof(io));
+ io.IoAddr = RdWrIoPort;
+ io.pBuffer = &Value;
+ io.NumBytes = 1;
+ io.Reserved4 = 1;
+ io.Reserved6 = 1;
+ status = ZwSystemDebugControl(DebugSysWriteIoSpace, &io, sizeof(io), NULL, 0,NULL);
+ CHECKER(status);
+
+ memset(&io, 0, sizeof(io));
+ io.IoAddr = RdWrIoPort;
+ io.pBuffer = (PVOID)(ULONG_PTR)addr;
+ io.NumBytes = 1;
+ io.Reserved4 = 1;
+ io.Reserved6 = 1;
+ status = ZwSystemDebugControl(DebugSysReadIoSpace, &io, sizeof(io), NULL, 0, NULL);
+ CHECKER(status);
+ }
+ else
+ io2.println("NoWrite not set");
+}
+
+void register_experimental_cmds(Main &main)
+{
+ main.addCommand("setName",testRegKey);
+ main.addCommand("loadSam",loadSam);
+ main.addCommand("unloadSam",unloadSam);
+ main.addCommand("saveSam",saveSam);
+ main.addCommand("initReg",initReg);
+ main.addCommand("showName",showName);
+}
\ No newline at end of file |