问题
I have been trying to extract the Windows login password hint for Windows 7 programmatically and I came to know it can be retrieved from the following location in the registry
HKLM\SAM\SAM\Domains\Account\Users\"userkey"\UserPasswordHint
However, I am not able to figure out is there any way to find out userkey for the currently logged-on user programmatically?
回答1:
If you can get the current user name, it's quite easy, using the same registry tree.
Take a look in HKLM\SAM\SAM\Domains\Account\Users\Names\{username}. The value of the entry would relate to the proper userkey.
Of course remember the hint may not exist.
EDIT
Ha! Nailed it!
As you said in a comment, it's not the values of the node that contain the proper value, it's the type of a default entry of that node. It's hard, if not impossible, to obtain with c#, as this types are not standard. I have troubles with this approach, so I changed it.
The hexadecimal value you call the userkey is, in fact, the last part of the user SID (this part is called RID). As far as I know, every Administrator has RID = 500, every Guest = 501, normal users starting with 1000 or 1001, can't remember right now.
And what is it in hexadecimal?
500 = 0x1f4
501 = 0x1f5
1000= 0x3e9
...
Looks familiar?
So what we need to do is to get this SID of a user, extract the interesting part, convert it to padded hexadecimal string and retrieve the value.
static void Main(string[] args)
{
SecurityIdentifier sid = System.Security.Principal.WindowsIdentity.GetCurrent().User;
var rid = sid.ToString().Split('-').Last();
var hexValue = int.Parse(rid).ToString("X").PadLeft(8, '0');
RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SAM\SAM\Domains\Account\Users\"+hexValue);
try
{
var hint = key.GetValue("UserPasswordHint");
//...
}
catch (Exception)
{
Console.WriteLine("Could not access value");
}
}
WATCH OUT!
As far as I know you cannot access SAM database if you're not privileged enough. Running it as System user (e.g. with psexec -s yourbinary.exe) helps, but it changes the current user, and the program fails. So you need to work out on your own how to run it for an interesting user.
来源:https://stackoverflow.com/questions/26398156/retrieving-windows-password-hint-from-the-registry