internal static extern NtStatus LsaOpenPolicy( IntPtr systemName, ref LsaObjectAttributes objectAttributes, AccessMask desiredAccess, out IntPtr policyHandle);
internal static extern NtStatus LsaOpenPolicy( IntPtr systemName, ref LsaObjectAttributes objectAttributes, AccessMask desiredAccess, out IntPtr policyHandle);
public static string RetrieveLocalMachineAccountPassword() { NtStatus ntsResult = NtStatus.STATUS_SUCCESS; // Open PolicyHandle IntPtr policyHandle = IntPtr.Zero; LsaObjectAttributes objectAttributes = new LsaObjectAttributes(); ntsResult = NativeMethods.LsaOpenPolicy( IntPtr.Zero, // NULL, the function opens the Policy object on the local system. ref objectAttributes, AccessMask.POLICY_GET_PRIVATE_INFORMATION, out policyHandle); if (ntsResult == NtStatus.STATUS_ACCESS_DENIED) { throw new InvalidOperationException( "LsaOpenPolicy STATUS_ACCESS_DENIED, please run the program as administrator"); } if (ntsResult != NtStatus.STATUS_SUCCESS) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "LsaOpenPolicy failed, Result={0}", ntsResult)); } IntPtr privateData = IntPtr.Zero; LsaUnicodeString keyName = new LsaUnicodeString(); try { // Retrieve PrivateData string localMachineNameKey = "$MACHINE.ACC"; keyName.Buffer = Marshal.StringToHGlobalUni(localMachineNameKey); keyName.Length = (ushort)(UnicodeEncoding.CharSize * localMachineNameKey.Length); keyName.MaximumLength = (ushort)(keyName.Length + UnicodeEncoding.CharSize); ntsResult = NativeMethods.LsaRetrievePrivateData(policyHandle, ref keyName, out privateData); if (ntsResult != NtStatus.STATUS_SUCCESS) { throw new InvalidOperationException( string.Format(CultureInfo.InvariantCulture, "LsaRetrievePrivateData failed, Result={0}", ntsResult)); } //Get Local Machine Account Password LsaUnicodeString localMachineAccount = (LsaUnicodeString)Marshal.PtrToStructure(privateData, typeof(LsaUnicodeString)); if (localMachineAccount.Buffer == IntPtr.Zero) { throw new InvalidOperationException("local machine account is invalid"); } if (localMachineAccount.Length == 0) { throw new InvalidOperationException("local machine account password is invalid"); } return Marshal.PtrToStringUni( localMachineAccount.Buffer, localMachineAccount.Length / UnicodeEncoding.CharSize); } finally { if (privateData != IntPtr.Zero) { NativeMethods.LsaFreeMemory(privateData); } if (keyName.Buffer != IntPtr.Zero) { Marshal.FreeHGlobal(keyName.Buffer); } if (policyHandle != IntPtr.Zero) { NativeMethods.LsaClose(policyHandle); } } }