Proxy > Gmail Facebook Yahoo!

Enumerating Windows credentials with CredEnumerate function (Windows XP/2003 Only)



The following code sample enumerates all credentials of the current logged on user, and dump them into the standard output.
First, the CWinCredentials class encapsulates the calls to credentials API functions:

class CWinCredentials
{
protected:

 typedef BOOL (WINAPI *CredReadFuncType)(
  LPCTSTR TargetName, 
  DWORD Type, 
  DWORD Flags, 
  PCREDENTIAL *Credential
  );

 typedef BOOL (WINAPI *CredEnumerateType)(
  LPCTSTR Filter, 
  DWORD Flags, 
  DWORD *Count, 
  PCREDENTIAL **Credentials
  );

 typedef VOID (WINAPI *CredFreeFuncType)(PVOID Buffer);

 
 HMODULE hAdvApi32;
 BOOL bLoaded;
 CredReadFuncType pCredRead;
 CredFreeFuncType pCredFree;
 CredEnumerateType pCredEnumerate;

public:
 CWinCredentials();
 ~CWinCredentials();
 BOOL LoadCredsLibrary();
 void FreeCredsLibrary();
 BOOL IsLoaded();
 BOOL CredRead(
  LPCTSTR TargetName, 
  DWORD Type, 
  DWORD Flags, 
  PCREDENTIAL *Credential
  );

 BOOL CredEnumerate(
  LPCTSTR Filter, 
  DWORD Flags, 
  DWORD *Count, 
  PCREDENTIAL **Credentials
  );

 VOID CredFree(PVOID Buffer);
};


CWinCredentials::CWinCredentials()
{
 hAdvApi32 = NULL;
 bLoaded = FALSE;
}

CWinCredentials::~CWinCredentials()
{
 FreeCredsLibrary();
}

BOOL CWinCredentials::IsLoaded()
{
 return bLoaded;
}


BOOL CWinCredentials::LoadCredsLibrary()
{
 if (bLoaded) return TRUE;

 hAdvApi32 = LoadLibrary(_T("advapi32.dll"));
 if (hAdvApi32 != NULL)
 {
  //Dynamically load CredRead, CredEnumerate, and CredFree API functions.
  pCredRead = (CredReadFuncType)GetProcAddress(hAdvApi32, "CredReadW");
  pCredFree = (CredFreeFuncType)GetProcAddress(hAdvApi32, "CredFree");
  pCredEnumerate = (CredEnumerateType)GetProcAddress(hAdvApi32, "CredEnumerateW");

  //If all 3 functions are available, return TRUE.
  if (pCredRead != NULL && pCredFree != NULL && pCredEnumerate != NULL)
   bLoaded = TRUE;
  else
  {
   //Failed to load the credentials API functions.
   FreeCredsLibrary();
  }
 }

 return bLoaded;
}

void CWinCredentials::FreeCredsLibrary()
{
 //Free advapi32 library, if we previously loaded it.
 if (hAdvApi32 != NULL)
 {
  FreeLibrary(hAdvApi32);
  hAdvApi32 = NULL;
 }

 bLoaded = FALSE;

}


BOOL CWinCredentials::CredRead(
 LPCTSTR TargetName, 
 DWORD Type, 
 DWORD Flags, 
 PCREDENTIAL *Credential
 )
{
 if (bLoaded)
  return pCredRead(TargetName, Type, Flags, Credential);
 else
  return FALSE;
}


BOOL CWinCredentials::CredEnumerate(
 LPCTSTR Filter, 
 DWORD Flags, 
 DWORD *Count, 
 PCREDENTIAL **Credentials
 )
{
 if (bLoaded)
  return pCredEnumerate(Filter, Flags, Count, Credentials);
 else
  return FALSE;
}

VOID CWinCredentials::CredFree(PVOID Buffer)
{
 if (bLoaded)
  pCredFree(Buffer);
}



The main function uses the CWinCredentials class to enumerate the credentials of the current logged on user, and dump the information to the standard output:
int wmain( int argc, wchar_t *argv[])
{
 CWinCredentials WinCredentials;

 //Load Credentials API functions.
 if (WinCredentials.LoadCredsLibrary())
 {

  PCREDENTIAL *pCredArray = NULL;
  DWORD dwCount = 0;

  //Load all credentials into array.
  if (WinCredentials.CredEnumerate(NULL, 0, &dwCount, &pCredArray))
  {

   for (DWORD dwIndex = 0; dwIndex < dwCount; dwIndex++)
   {
    PCREDENTIAL pCredential = pCredArray[dwIndex];

    //Write the Credential information into the standard output.
    printf("*********************************************\r\n");
    printf( "Flags:   %d\r\n"\
      "Type:    %d\r\n"\
      "Name:    %ls\r\n"\
      "Comment: %ls\r\n"\
      "Persist: %d\r\n"\
      "User:    %ls\r\n",
      pCredential->Flags,
      pCredential->Type,
      pCredential->TargetName, 
      pCredential->Comment,
      pCredential->Persist,
      pCredential->UserName);

    
    printf( "Data: \r\n");

    char szHexBuffer[256] = "";
    char szAsciiBuffer[256] = "";
    char szHex[16];
    char szAscii[2];
    DWORD dwByte;

    //Write the credential's data as Hex Dump.
    for (dwByte = 0; dwByte < pCredential->CredentialBlobSize; dwByte++)
    {
     BYTE byte1 = pCredential->CredentialBlob[dwByte];
     sprintf(szHex, "%2.2X ", byte1);
     szAscii[1] = '\0';

     if (byte1 >= 32 && byte1 < 128)
      szAscii[0] = (UCHAR)byte1;
     else
      szAscii[0] = ' ';

     strcat(szHexBuffer, szHex);
     strcat(szAsciiBuffer, szAscii);

     if (dwByte == pCredential->CredentialBlobSize - 1 
      || dwByte % 16 == 15)
     {
      printf("%-50s %s\r\n", szHexBuffer, szAsciiBuffer);
      szHexBuffer[0] = '\0';
      szAsciiBuffer[0] = '\0';
     }


    }

    printf("*********************************************\r\n");
    printf("\r\n\r\n");

   }

   //Free the credentials array.
   WinCredentials.CredFree(pCredArray);
  }
  
 }
 else
 {

  printf("Failed to load the Credentials API functions !\r\n");
 }

 return 0;
}

Download CredView Sample Project

 


Responses

0 Respones to "Enumerating Windows credentials with CredEnumerate function (Windows XP/2003 Only)"


Send mail to your Friends.  

Expert Feed

 
Return to top of page Copyright © 2011 | My Code Logic Designed by Suneel Kumar