-1
的函數參數我要打電話叫VaultRemoveItem(...)的未公開的函數從系統DLL vaultcli.dll出口。問題是我不知道函數原型,也沒有能夠在網上找到任何信息。逆向工程VaultRemoveItem
任何人有什麼建議,我會如何去發現函數的參數?它們很可能包含指向某個結構體的指針。
A
回答
2
enum VAULT_SCHEMA_ELEMENT_ID {
ElementId_Illegal = 0x0,
ElementId_Resource = 0x1,
ElementId_Identity = 0x2,
ElementId_Authenticator = 0x3,
ElementId_Tag = 0x4,
ElementId_PackageSid = 0x5,
ElementId_AppStart = 0x64,
ElementId_AppEnd = 0x2710
};
enum VAULT_ELEMENT_TYPE {
ElementType_Undefined = 0xffffffff,
ElementType_Boolean = 0x0,
ElementType_Short = 0x1,
ElementType_UnsignedShort = 0x2,
ElementType_Integer = 0x3,
ElementType_UnsignedInteger = 0x4,
ElementType_Double = 0x5,
ElementType_Guid = 0x6,
ElementType_String = 0x7,
ElementType_ByteArray = 0x8,
ElementType_TimeStamp = 0x9,
ElementType_ProtectedArray = 0xa,
ElementType_Attribute = 0xb,
ElementType_Sid = 0xc,
ElementType_Last = 0xd
};
struct _VAULT_CAUB {
ULONG NumBytes;
UCHAR * pByteArray;
};
struct _ATTRIBUTE {
WCHAR * pszName;
ULONG dwFlags;
_VAULT_CAUB Value;
};
struct _VAULT_VARIANT {
VAULT_ELEMENT_TYPE Type;
union {
UCHAR Boolean;
SHORT Short;
USHORT UnsignedShort;
INT Int;
UINT UnsignedInt;
double Double;
_GUID Guid;
const WCHAR * String;
_VAULT_CAUB ByteArray;
_VAULT_CAUB ProtectedArray;
_ATTRIBUTE * Attribute;
PSID Sid;
};
};
struct _VAULT_ITEM_ELEMENT {
VAULT_SCHEMA_ELEMENT_ID SchemaElementId;
_VAULT_VARIANT ItemValue;
};
HRESULT WINAPI VaultOpenVault(const GUID* Store, ULONG Flags, PHANDLE phVault);
HRESULT WINAPI VaultRemoveItem(HANDLE hVault, const GUID* Schema, _VAULT_ITEM_ELEMENT* Resource, _VAULT_ITEM_ELEMENT* Identity, _VAULT_ITEM_ELEMENT* PackageSid OPTIONAL, PVOID OPTIONAL);
HRESULT WINAPI VaultCloseVault(HANDLE hVault);
void RemoveItem(PCWSTR url, PCWSTR login, PSID Sid = 0)
{
struct __declspec(uuid("3CCD5499-87A8-4B10-A215-608888DD3B55")) Vault_Schema_WebPassword;
struct __declspec(uuid("4BF4C442-9B8A-41A0-B380-DD4A704DDB28")) Vault_DefaultVault_ID;
HANDLE hVault;
if (!VaultOpenVault(&__uuidof(Vault_DefaultVault_ID), 0, &hVault))
{
_VAULT_ITEM_ELEMENT
Resource = {ElementId_Resource, ElementType_String },
Identity = {ElementId_Identity, ElementType_String },
PackageSid = {ElementId_PackageSid, ElementType_Sid };
Resource.ItemValue.String = url;
Identity.ItemValue.String = login;
PackageSid.ItemValue.Sid = Sid; // must be SECURITY_MANDATORY_LABEL_AUTHORITY or SECURITY_APP_PACKAGE_AUTHORITY
VaultRemoveItem(hVault, &__uuidof(Vault_Schema_WebPassword), &Resource, &Identity, &PackageSid(/* 0 */), 0);
VaultCloseVault(hVault);
}
}
拆卸功能? – EOF
嘗試查看是否可以從Microsoft符號服務器獲取公共符號。無論如何,如果您想對一段代碼進行反向工程,請嘗試使用32位二進制文件。 64位版本的分析有點難度。 – IInspectable
有一個[ReverseEngineering.SE]網站,您可能會發現它有幫助。當然,你需要在那裏出現一個*特定的問題*,他們可以幫助你。你不能就如何開始提出「建議」。 –