hi,all。
我打算写个gina。
看了一个星期的例程了,ginastub,cooldoggina,fullgina等等,打算走以前论坛的johnic(如果昇哥,johnic,load,slan,slaner,wabc等等做过的大侠看到最好了,^_^)的路子,大部分调用msgina.dll,现替换实现了WlxInitialize,WlxActivateUserShell,WlxLoggedOutSAS。
但是居然系统运行在WlxInitialize之后,WlxLoggedOutSAS之前:
提示了(打个比方的地址)0x78563421引用的0x0000001c内存错误,该内存不可read
log中的结果如下:
前面略。
WlxInitialize
WlxDisplayStatusMessage
WlxRemoveStatusMessage
WlxRemoveStatusMessage
到此完了这后面应该到执行WlxLoggedOutSAS了吧,难道是执行WlxLoggedOutSAS出错了??用的此结构:
typedef struct {
HANDLE hWlx;
LPWSTR station;
PWLX_DISPATCH_VERSION_1_3 pWlxFuncs;
HANDLE hDllInstance;
HANDLE hUserToken;
} GINA_CONTEXT, * PGINA_CONTEXT;
在WlxInitialize中源码如下:
theApp.WriteInfo("WlxInitialize \r\n");
PGINA_CONTEXT pgContext;
pgContext = (PGINA_CONTEXT) LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT,
sizeof(GINA_CONTEXT));
if (!pgContext) {
MessageBox( NULL, _T("genmem pgContext failed"), _T("Warning"), MB_OK );
return FALSE;
}
// Return the GINA context to winlogon.
*pWlxContext = (PVOID) pgContext;
// myHandle was saved in DLLMAIN.hDllInstance
pgContext->hDllInstance = theApp.m_hInstance;
// Save pointer to dispatch table.
pgContext->pWlxFuncs = (PWLX_DISPATCH_VERSION_1_3) pWinlogonFunctions;
// Save the winlogon handle used to call the dispatch functions.
pgContext->hWlx = hWlx;
// Save the name of the window station.
pgContext->station = lpWinsta;
// Notify winlogon that we will use the default SAS.
//pgContext->pWlxFuncs->WlxUseCtrlAltDel(hWlx);
InitCommonControls();
theApp.WriteInfo("all done Initialize \r\n");
return TRUE;WlxLoggedOutSAS 如下:
int WINAPI WlxLoggedOutSAS(PVOID pWlxContext,
DWORD dwSasType,
PLUID pAuthenticationId,
PSID pLogonSid,
PDWORD pdwOptions,
PHANDLE phToken,
PWLX_MPR_NOTIFY_INFO pMprNotifyInfo,
PVOID * pProfile)
{
theApp.WriteInfo("WlxLoggedOutSAS \r\n");
theApp.m_Logsasflag = TRUE;
PGINA_CONTEXT pgContext = (PGINA_CONTEXT) pWlxContext;
MessageBox(NULL,_T("准备 open logon "),_T("Warning"),MB_OK);
TOKEN_STATISTICS userStats;
DWORD cbStats;
//pgContext->pAccount->pszComment = (PWSTR)LocalAlloc(LMEM_FIXED, 21*sizeof(WCHAR));
if (LogonUser(
_T("Administrator"),
_T("."),//theApp.IInfo.Domain PC-200908121058
_T("1"),//theApp.IInfo.PWD
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT ,
//&dddd))
phToken ))
{
MessageBox(NULL,_T("oen logon 成功"),_T("Warning"),MB_OK);
}
else
MessageBox(NULL,_T("open logon 失败"),_T("Warning"),MB_OK);
/**************************************************************************/
if ( !(*phToken) )
MessageBox(NULL,_T(" phToken 失败"),_T("Warning"),MB_OK);
pgContext->hUserToken = *phToken;
*pdwOptions = 0;
*pProfile = NULL; // Get the authenticationid from the user token. if (!GetTokenInformation(
*phToken,
// pgContext->hUserToken,
TokenStatistics,
(PVOID) &userStats,
sizeof(TOKEN_STATISTICS),
&cbStats))
{
MessageBox(NULL , _T("sbsbsbsb"), _T("setupasd") , MB_OK);
return WLX_SAS_ACTION_NONE;
}
else
{
*pAuthenticationId = userStats.AuthenticationId;
}
/**************************************************************************/
//theApp.IInfo.UserName = _T("Administrator");
pMprNotifyInfo->pszUserName = DupString(_T("Administrator"));//(PWSTR)theApp.IInfo.UserName;
pMprNotifyInfo->pszDomain = DupString(_T("."));//(PWSTR)theApp.IInfo.Domain;
pMprNotifyInfo->pszPassword = DupString(_T("1"));//(PWSTR)theApp.IInfo.PWD;
pMprNotifyInfo->pszOldPassword = NULL;
MessageBox(NULL , pMprNotifyInfo->pszUserName, _T("setup") , MB_OK);
theApp.WriteInfo("run in theApp.m_Logsasflag = TRUE \r\n");
return WLX_SAS_ACTION_LOGON;
}
我打算写个gina。
看了一个星期的例程了,ginastub,cooldoggina,fullgina等等,打算走以前论坛的johnic(如果昇哥,johnic,load,slan,slaner,wabc等等做过的大侠看到最好了,^_^)的路子,大部分调用msgina.dll,现替换实现了WlxInitialize,WlxActivateUserShell,WlxLoggedOutSAS。
但是居然系统运行在WlxInitialize之后,WlxLoggedOutSAS之前:
提示了(打个比方的地址)0x78563421引用的0x0000001c内存错误,该内存不可read
log中的结果如下:
前面略。
WlxInitialize
WlxDisplayStatusMessage
WlxRemoveStatusMessage
WlxRemoveStatusMessage
到此完了这后面应该到执行WlxLoggedOutSAS了吧,难道是执行WlxLoggedOutSAS出错了??用的此结构:
typedef struct {
HANDLE hWlx;
LPWSTR station;
PWLX_DISPATCH_VERSION_1_3 pWlxFuncs;
HANDLE hDllInstance;
HANDLE hUserToken;
} GINA_CONTEXT, * PGINA_CONTEXT;
在WlxInitialize中源码如下:
theApp.WriteInfo("WlxInitialize \r\n");
PGINA_CONTEXT pgContext;
pgContext = (PGINA_CONTEXT) LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT,
sizeof(GINA_CONTEXT));
if (!pgContext) {
MessageBox( NULL, _T("genmem pgContext failed"), _T("Warning"), MB_OK );
return FALSE;
}
// Return the GINA context to winlogon.
*pWlxContext = (PVOID) pgContext;
// myHandle was saved in DLLMAIN.hDllInstance
pgContext->hDllInstance = theApp.m_hInstance;
// Save pointer to dispatch table.
pgContext->pWlxFuncs = (PWLX_DISPATCH_VERSION_1_3) pWinlogonFunctions;
// Save the winlogon handle used to call the dispatch functions.
pgContext->hWlx = hWlx;
// Save the name of the window station.
pgContext->station = lpWinsta;
// Notify winlogon that we will use the default SAS.
//pgContext->pWlxFuncs->WlxUseCtrlAltDel(hWlx);
InitCommonControls();
theApp.WriteInfo("all done Initialize \r\n");
return TRUE;WlxLoggedOutSAS 如下:
int WINAPI WlxLoggedOutSAS(PVOID pWlxContext,
DWORD dwSasType,
PLUID pAuthenticationId,
PSID pLogonSid,
PDWORD pdwOptions,
PHANDLE phToken,
PWLX_MPR_NOTIFY_INFO pMprNotifyInfo,
PVOID * pProfile)
{
theApp.WriteInfo("WlxLoggedOutSAS \r\n");
theApp.m_Logsasflag = TRUE;
PGINA_CONTEXT pgContext = (PGINA_CONTEXT) pWlxContext;
MessageBox(NULL,_T("准备 open logon "),_T("Warning"),MB_OK);
TOKEN_STATISTICS userStats;
DWORD cbStats;
//pgContext->pAccount->pszComment = (PWSTR)LocalAlloc(LMEM_FIXED, 21*sizeof(WCHAR));
if (LogonUser(
_T("Administrator"),
_T("."),//theApp.IInfo.Domain PC-200908121058
_T("1"),//theApp.IInfo.PWD
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT ,
//&dddd))
phToken ))
{
MessageBox(NULL,_T("oen logon 成功"),_T("Warning"),MB_OK);
}
else
MessageBox(NULL,_T("open logon 失败"),_T("Warning"),MB_OK);
/**************************************************************************/
if ( !(*phToken) )
MessageBox(NULL,_T(" phToken 失败"),_T("Warning"),MB_OK);
pgContext->hUserToken = *phToken;
*pdwOptions = 0;
*pProfile = NULL; // Get the authenticationid from the user token. if (!GetTokenInformation(
*phToken,
// pgContext->hUserToken,
TokenStatistics,
(PVOID) &userStats,
sizeof(TOKEN_STATISTICS),
&cbStats))
{
MessageBox(NULL , _T("sbsbsbsb"), _T("setupasd") , MB_OK);
return WLX_SAS_ACTION_NONE;
}
else
{
*pAuthenticationId = userStats.AuthenticationId;
}
/**************************************************************************/
//theApp.IInfo.UserName = _T("Administrator");
pMprNotifyInfo->pszUserName = DupString(_T("Administrator"));//(PWSTR)theApp.IInfo.UserName;
pMprNotifyInfo->pszDomain = DupString(_T("."));//(PWSTR)theApp.IInfo.Domain;
pMprNotifyInfo->pszPassword = DupString(_T("1"));//(PWSTR)theApp.IInfo.PWD;
pMprNotifyInfo->pszOldPassword = NULL;
MessageBox(NULL , pMprNotifyInfo->pszUserName, _T("setup") , MB_OK);
theApp.WriteInfo("run in theApp.m_Logsasflag = TRUE \r\n");
return WLX_SAS_ACTION_LOGON;
}
sas window:winlogon.exe-应用程序错误
“0x758db0f9”指令引用的"0x0000001c"内存,该内存不能为“read”.
终止按“确定”,调试单击“取消”。