stackoom
  简体   繁体   中英

How to Read the Credentials cache from the Windows registry from c++

 原文  2012-12-18 15:11:08       c++/ c/ windows/ registry/ regedit

Question

Windows credentials are cached in the local system which are called local cache. This will allow the user to logon the system when unable to contact the domain controller.

These cached credentials are stored as hashes in the local systems registry at the values HKEY_LOCAL_MACHINE\\SECURITY\\CACHE\\NL$1 through NL$10. This is only accessible by the system account or we have to give the permissions to the administrator to perform actions.

Now I am trying to access these caches from my c++ code. But I have failed to get the values. Please give a solution to read and write these caches from a c++ code.

The code I am using:

DWORD GetLocalMachineProfileBuffer(BYTE* pBuffer, DWORD nMaxLength )
{
LPCWSTR szSubKey = L"SECURITY\\CACHE";
LPCWSTR szValueName = L"NL$1";

    DWORD   rc; 
    DWORD   dwType; 
    HKEY    hOpenedKey;

    if( ERROR_SUCCESS == RegOpenKeyEx (HKEY_LOCAL_MACHINE,szSubKey,0,KEY_READ,&hOpenedKey) )
    {
        rc = RegQueryValueEx(hOpenedKey,szValueName,0,&dwType,(LPBYTE)pBuffer,&nMaxLength ); 
        if( rc != ERROR_SUCCESS ) 
        { 
            return (DWORD)-1;
        } 
        else 
        { 
            _ASSERT( dwType == REG_BINARY ); 
        } 

        RegCloseKey( hOpenedKey );
        return nMaxLength; 
    }
    else
    {
        return (DWORD)-1;
    }   
}

int _tmain(int argc, _TCHAR* argv[])
{
    static BYTE Buffer[200];
    DWORD nLength = GetLocalMachineProfileBuffer( Buffer, sizeof( Buffer ) );

    for(int i=0;i<200;i++) {
            printf("%0X ",Buffer[i]);
    }
    getch();
    return 0;
}

1 answers

solution1
 2  2012-12-18 17:58:23

In order to read this area of the registry you MUST be running as NT AUTHORITY\\SYSTEM , otherwise known as LocalSystem - the windows equivalent of unix root . I am guessing you are getting Access Denied, but you are throwing the error message away.

So this:

 if( rc != ERROR_SUCCESS ) 
    { 
        return (DWORD)-1;
    }

Should be this:

   if( rc != ERROR_SUCCESS ) 
    { 
        return rc;
    }

Then you can check the exit code using echo %ERRORLEVEL% or similar, and find out what error you are actually getting.

The best way to get a process running as SYSTEM is to create a job using the Task Scheduler API.

You can do this on the local machine by specifying the local machine name.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Read Timezoneinfo from windows registry (C++) How to read data from the cache in c++ How Read String Value from Registry in c++? How to read QWORD (64-bit) from the registry in C++? C++ Read values from the registry How to get computer manufacturer and model from windows registry in C++? How to read from env in Windows in c++ How to read a value from the Windows registry c++ registry read/write from a non-admin Windows Service C++ - getting null values in value read from registry
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM