Exemple #1
0
 internal static extern NtStatus LsaOpenPolicy(
     IntPtr systemName, ref LsaObjectAttributes objectAttributes,
     AccessMask desiredAccess, out IntPtr policyHandle);
Exemple #2
0
 internal static extern NtStatus LsaOpenPolicy(
     IntPtr systemName, ref LsaObjectAttributes objectAttributes,
     AccessMask desiredAccess, out IntPtr policyHandle);
Exemple #3
0
        public static string RetrieveLocalMachineAccountPassword()
        {
            NtStatus ntsResult = NtStatus.STATUS_SUCCESS;

            // Open PolicyHandle
            IntPtr policyHandle = IntPtr.Zero;
            LsaObjectAttributes objectAttributes = new LsaObjectAttributes();

            ntsResult = NativeMethods.LsaOpenPolicy(
                IntPtr.Zero, // NULL, the function opens the Policy object on the local system.
                ref objectAttributes, AccessMask.POLICY_GET_PRIVATE_INFORMATION, out policyHandle);

            if (ntsResult == NtStatus.STATUS_ACCESS_DENIED)
            {
                throw new InvalidOperationException(
                    "LsaOpenPolicy STATUS_ACCESS_DENIED, please run the program as administrator");
            }

            if (ntsResult != NtStatus.STATUS_SUCCESS)
            {
                throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "LsaOpenPolicy failed, Result={0}", ntsResult));
            }

            IntPtr privateData = IntPtr.Zero;
            LsaUnicodeString keyName = new LsaUnicodeString();
            try
            {
                // Retrieve PrivateData
                string localMachineNameKey = "$MACHINE.ACC";
                keyName.Buffer = Marshal.StringToHGlobalUni(localMachineNameKey);
                keyName.Length = (ushort)(UnicodeEncoding.CharSize * localMachineNameKey.Length);
                keyName.MaximumLength = (ushort)(keyName.Length + UnicodeEncoding.CharSize);

                ntsResult = NativeMethods.LsaRetrievePrivateData(policyHandle, ref keyName, out privateData);

                if (ntsResult != NtStatus.STATUS_SUCCESS)
                {
                    throw new InvalidOperationException(
                        string.Format(CultureInfo.InvariantCulture, "LsaRetrievePrivateData failed, Result={0}", ntsResult));
                }

                //Get Local Machine Account Password
                LsaUnicodeString localMachineAccount =
                    (LsaUnicodeString)Marshal.PtrToStructure(privateData, typeof(LsaUnicodeString));

                if (localMachineAccount.Buffer == IntPtr.Zero)
                {
                    throw new InvalidOperationException("local machine account is invalid");
                }

                if (localMachineAccount.Length == 0)
                {
                    throw new InvalidOperationException("local machine account password is invalid");
                }

                return Marshal.PtrToStringUni(
                    localMachineAccount.Buffer, localMachineAccount.Length / UnicodeEncoding.CharSize);
            }
            finally
            {
                if (privateData != IntPtr.Zero)
                {
                    NativeMethods.LsaFreeMemory(privateData);
                }
                if (keyName.Buffer != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(keyName.Buffer);
                }
                if (policyHandle != IntPtr.Zero)
                {
                    NativeMethods.LsaClose(policyHandle);
                }
            }
        }