Remko Weijnen's Blog (Remko's Blog)
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
2,319 views
Today just some fun stuff with ASM, probably not the most recommended way to do things but for sure the most geeky way π
Get the Current Session Id:
1 2 3 4 5 6 | function GetCurrentSessionId: DWORD; asm mov eax,fs:[$00000018]; // Get TEB mov eax,[eax+$30]; // PPEB mov eax,[eax+$1d4]; // PEB.SessionId end; |
Get the Current Console Session Id:
1 2 3 4 | function GetConsoleSessionId: DWORD; asm mov eax, [$7ffe02d8]; end; |
And… if we can read it we can also write it?
1 2 3 4 5 6 | procedure SetCurrentSessionId(const SessionId: DWORD); asm mov edx,fs:[$00000018]; mov edx,[edx+$30]; mov [edx+$1d4], SessionId; end; |
and
1 2 3 4 5 6 7 8 9 10 | procedure SetConsoleSessionId(const SessionId: DWORD); var p: PDWORD; OldProtect: DWORD; begin p := PDWORD($7ffe02d8); Win32Check(VirtualProtect(p, SizeOf(p), PAGE_READWRITE, @OldProtect)); p^ := SessionId; Win32Check(VirtualProtect(p, SizeOf(p), OldProtect, @OldProtect)); end; |
You can safely try it since it of course affects the current process only, so don’t worry.
And perhaps more usefull
1 2 3 4 5 6 | procedure SetIsDebuggerPresent(const Value: Boolean); asm mov edx,fs:[$00000018]; // TEB mov edx, [edx+$30]; // PPEB mov byte ptr[edx+2], Value; // +0x002 BeingDebugged : UChar end; |
I needed to obtain the Fully Qualified Domain Name (FQDN) for a given NetBios domain name. Eg from MYDOMAIN to dc=mydomain,dc=local.
I did some tests with the TranslateName API and if you append a \ to the domain name it returns the FQDN.
Here is a short example:
If you look into the registry in the key HKLM\System\CurrentControlSet\ProductOptions you will find several licensing related Values.
The ProductType and ProductSuite keys contain the OS Suite and Edition, but the ProductPolicy key is much more interesting. So let’s have a closer look at it, open RegEdit and DoubleClick the key, you will something like the screenshot below, a Binary Value:
As you can see the license names are there as a Unicode string and later on I will show you how we can read the values. But because I didn’t want to extract all the names manually I decided to see if I could reverse the used structure because it didn’t look very complicated. Using a Hex Editor I could determine the important part of the structure.
Again a about post about using the Virtual TreeView component (did I mention it’s brilliant?), this time I will talk about memory leaks.
I often use Records to hold the treedata, and usually the record holds some string data (eg a caption) and an (a reference to) an Interface or Object(List) that holds more data.
If you are familiar with Virtual Tree then you know that you must can the NodeData in the OnFreeNode event.
When working with the Virtual TreeView component the most optimized way of adding (or removing child nodes is by changing the ChildCount.
I often make the mistake of change the ChildCount of a Node using:
1 | Node^.ChildCount := Count; |
If you look into the source you will see why this will not work, the proper way is:
1 | VirtualTree.ChildCount[Node] := Count; |
This is mainly a note to self since I tend to forget it all the time π
Previously I discussed IDirectoryObject, today I will show how to change a user’s password with IDirectoryObject.
I didn’t find any documentation except a kb article describing how to use pure ldap to do it. Of course I could have used IADsUser::SetPassword but I decided not to because of the following reasons:
- IADs interfaces are terribly slow (although for one use you probably wouldn’t really notice).
- IADsUser::SetPassword tries 3 different methods to set the password (ldap over ssl, kerberos and finally NetUserSetInfo) which makes it even slower (most domain controllers do not have an ssl certificate) and unpredictable.
All example code I found was .NET based using the .NET wrappers for Active Directory and seemed to be meant for use in Adam rather than full Active Directory (it set port number to 389 and password mode to cleartext).
In the end it’s not very difficult but nonetheless it took me a while before I got it right.
We can write to the unicodePwd attribute which wants the password as a double quoted unicode string. If you look at this attribute with AdsiEdit you’ll see that the type is Octet String and that it can be written only.
I was tricked with Delphi’s QuotedStr function for a while because it doesn’t return a double but single quoted string π
Below a small snippet from the upcoming JwsclActiveDirectory that shows how to use it: Read the rest of this entry »
A few days ago I wrote about Using Windows Dialogs in your own programs, wouldn’t it be nice to be able to use Windows Resource Strings for the same reasons?
Loading a resource string is not difficult, let’s look at some examples:
1 2 3 4 5 6 7 8 9 10 11 12 | function LoadResourceString(const DllName: String; ResourceId: Integer): String; var hDLL: THandle; Buffer: array[0..MAX_PATH] of Char; begin hDLL := LoadLibrary(PChar(DllName)); if hDLL = 0 then Exit; if LoadString(hDll, ResourceId, Buffer, Length(Buffer)) > 0 then Result := Buffer; end; |
This uses the LoadString api to load a Resource String from an Executable or Dll by it’s resource Id. An Example might call might be:
1 | LoadResourceString('dsadmin.dll', 226) |
This loads the string with ResourceId 226 from dsadmin.dll(.mui):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | STRINGTABLE LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US { 224, "Windows cannot complete the password change for %2 because:\n%1" 225, "Windows cannot access object %2 because:\n%1The object may have been deleted by another administrator in this enterprise." 226, "The New and Confirm passwords must match. Please re-type them." 228, "Object %2 has been disabled." 229, "Windows cannot disable object %2 because:\n%1" 231, "Object %2 has been enabled." 232, "Windows cannot enable object %2 because:\n%1" 233, "Create a new object..." 237, "Mo&ve...\nMoves the selected object" 238, "The password for %2 cannot be set due to insufficient privileges. Windows will attempt to disable this account. If this attempt fails, the account will become a security risk. Contact an administrator as soon as possible to repair this. Before this user can log on, the password should be set, and the account must be enabled." } |
As you can see in this example, some resource strings have identifiers such as %1 and %2 which are used in the FormatMessage Api. How can we use that from Delphi?
I wrote a very simple wrapper for it:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | function FormatMsg(const Source: String; const Args: array of const): String; var i: Integer; ArgArray: array of Pointer; Buffer: PChar; begin for i := Low(Args) to High(Args) do begin SetLength(ArgArray, i+1); case Args[i].VType of vtExtended:; // not supported, should raise Exception else ArgArray[i] := Args[i].VPointer; end; end; if FormatMessage(FORMAT_MESSAGE_FROM_STRING or FORMAT_MESSAGE_ALLOCATE_BUFFER or FORMAT_MESSAGE_ARGUMENT_ARRAY, PChar(Source), 0, 0, @Buffer, 0, @ArgArray[0]) > 0 then begin Result := Buffer; // replace \n (linefeed) with #13#10 Result := StringReplace(Result, '\n', #13#10, [rfReplaceAll]); LocalFree(DWORD(Buffer)); end else begin SetLength(Result, 0); end; end; |
And here is a usage example:
1 2 3 | Memo1.Lines.Add (FormatMsg( 'Windows cannot complete the password change for %2 because:\n%1', ['the password doesn''t meet complexity requirements', 'John Doe'])); |
The Result of this is:
Windows cannot complete the password change for John Doe because:
the password doesn’t meet complexity requirements
Today I reused a unit I wrote a long time ago for TSAdminEx that shows Resource Dialogs from DLL’s or Executables. I wrote it for a couple of reasons:
- Reusing existing dialogs is conventient since the user already knows it.
- Windows takes care of translating it into the user’s language.
- I am too lazy to recreate them π
The code is hardly rocket science and could probably be improved and made more sophisticated but it works for me. I decided to share it since you may find it usefull.
Here is a small usage example that shows the Reset Password dialog from Active Directory Users & Computers. This dialog is in dsadmin.dll (on Windows Vista/7 you will find it in ds.admin.dll.mui in the language subfolder eg %systemroot%\system32\en-US but you can load it using just the dll name).
It looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | 215 DIALOGEX 0, 0, 252, 139 STYLE DS_MODALFRAME | DS_CONTEXTHELP | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_CONTEXTHELP CAPTION "Reset Password" LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US FONT 8, "MS Shell Dlg" { CONTROL "&New password:", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 7, 10, 79, 10 CONTROL "", 220, EDIT, ES_LEFT | ES_PASSWORD | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 92, 7, 153, 14 CONTROL "&Confirm password:", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 7, 28, 79, 10 CONTROL "", 222, EDIT, ES_LEFT | ES_PASSWORD | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 92, 25, 153, 14 CONTROL "&User must change password at next logon", 261, BUTTON, BS_AUTOCHECKBOX | BS_LEFT | BS_TOP | BS_MULTILINE | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 7, 46, 237, 10 CONTROL "The user must logoff and then logon again for the change to take effect.", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 14, 61, 231, 8 CONTROL "", 8327, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 7, 76, 238, 16 CONTROL "Unlock the user's &account", 8328, BUTTON, BS_AUTOCHECKBOX | BS_LEFT | BS_TOP | BS_MULTILINE | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 14, 96, 230, 10 CONTROL "OK", 1, BUTTON, BS_DEFPUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 140, 118, 50, 14 CONTROL "Cancel", 2, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 195, 118, 50, 14 } |
Last time I talked briefly about IDirectoryObject and IDirectorySearch, let’s go into a little more detail today.
IDirectoryObject is an Interface that we can use to query anything in Active Directory, users, groups, organizational units, containers and so on.
I thought the best explanation would be to build a very small sample project, so let’s do that!
First we need some units, so please add the following units to your uses clause:
- ComObj (for EOleException and it calls CoInitialize for us)
- JwaWindows for the proper Adsi declarations
Next declare the following types:
1 2 3 4 5 6 7 | type // For Delphi < 2009 use WideString UString = {$IFDEF UNICODE}UnicodeString{$ELSE}WideString{$ENDIF}; // Array of ADS_ATTR_INFO records TAdsAttrInfoArray = array[0..ANYSIZE_ARRAY-1] of ADS_ATTR_INFO; PAdsAttrInfoArray = ^TAdsAttrInfoArray; |
If you have ever used Adsi you have probably used the IADs interface or derived interfaces such as IADsUser or IADsGroup (maybe even without realising this).
What you need to know is that these interfaces were created to support scripting languages such as VBScript. The reason is that these scripting language have no support at all for structures such as ADSVALUE and don’t work with Pointers.
A typical use of IADs interface would look like this (in Delphi and using Jwa):
1 2 3 4 5 6 7 8 9 10 | var IADsIntf: IADs; hr: HRESULT; begin hr := AdsGetObject( 'LDAP://CN=AUser,CN=Users,DC=domain,DC=local', //lpszPathName IID_IADs, // riid Pointer(IADsIntf)); // ppObject if SUCCEEDED(hr) then ... |
The IADs interfaces are fine when you are working with a single object but they are very, very slow, when working with many objects. I also find them a pain to work with as only a few AD attributes are present as properties. For other attributes you need to call the Get method which doesn’t always work, in which case you probably need to call the GetEx method. Even the GetEx method doesn’t always return the desired result as the property might not be in the Cache in which case we need to call the GetInfoEx method first and then Get or GetEx.
Active Directory has the nasty habit of failing when a an attribute is not set, so if you are reading a eg string attribute you probably expect an empty string but Active Directory returns a failure in such a case. And since Delphi declares Get(Ex) as SafeCall it will raise an Exception so you need to wrap it in try..except.
If we have obtained a value it will always be a variant that we probably need to convert to another type such as a string, datetime or an integer.
My results with implementing IADs interfaces in my Active Directory unit were bad: I wrote a test program that mimics Active Directory Users & Computer and enumerating a Container or OU with about 70 users takes 2-3 seconds. If you need to wait that long when expaning a Tree Node this in simply not acceptable. So I decided to completely drop the IADs interfaces and used the interfaces that are meant for higher level languages such as IDirectoryObject and IDirectorySearch. And guess what? Now my Delphi program, even when running in the debugger, is actually much faster than Active Directory Users & Computers!
To be fair to Microsoft, in the documentation of IDirectoryObject is the following note: The IDirectorySearch interface is a pure COM interface that provides a low overhead method that non-Automation clients can use to perform queries in the underlying directory.
In the next posts I will talk about IDirectoryObject and IDirectorySearch.
Profile
Top Posts
- How rdp passwords are encrypted
- VW RNS 510 Navigation Startup Pictures
- RNS 315: Enable the hidden bluetooth carkit
- RNS 510 Startup Logo–My thoughts
- Default username password HP Storageworks P2000
- Query Active Directory from Excel
- Enable Developer mode on VW Discover Pro with VCDS
- How to launch a process in a Terminal Session #2
Recent Comments
Featured Downloads
- ExeToPosh0.2.zip (9904 downloads)
- AMD Radeon Crimson ReLive (2532 downloads)
- Google Earth Compatibility Fix for Horizon, RDSH and XenApp (3521 downloads)
- test-file (2909 downloads)
- mstsc.exe build 6.1.7600.16385 (43119 downloads)
- mage (4062 downloads)
- DecryptPITFile.zip (4119 downloads)
- rc4.zip (4087 downloads)
- CtxPassCom.zip (4169 downloads)
- SetMixedCode.zip (3213 downloads)
Donate
Blogroll
- Andrew Morgan
- Arnout’s blog
- Assa’s Blog
- Barry Schiffer
- Delphi Praxis
- Ingmar Verheij
- Jedi Api Blog
- Jedi API Library
- Jeroen Tielen
- Kees Baggerman
Categories
- .NET (3)
- Active Directory (28)
- Altiris (36)
- App-V (1)
- Apple (5)
- Application Compatibility (11)
- Automotive (5)
- BootCamp (1)
- C# (5)
- C++ (2)
- Citrix (87)
- Delphi (61)
- Embedded (4)
- Exchange (16)
- General (71)
- iPhone (5)
- Java (8)
- Lync (2)
- NetScaler (1)
- Oracle (4)
- Other (1)
- Packaging (19)
- PowerShell (55)
- Programming (79)
- Quest (1)
- RES (7)
- script (22)
- ShareFile (1)
- SQL Server (10)
- Strange Error (3)
- Terminal Server (68)
- ThinApp (3)
- ThinKiosk (1)
- Unattended Installation (19)
- Uncategorized (47)
- UWP (2)
- Vista (37)
- Visual Studio (1)
- VMWare (25)
- Windows 10 (2)
- Windows 2003 (30)
- Windows 2008 (37)
- Windows 2008 R2 (16)
- Windows 2012 (2)
- Windows 7 (30)
- Windows 8 (4)
- Windows Internals (12)
- Windows XP (16)
Archives
- October 2019 (1)
- March 2018 (1)
- January 2018 (4)
- December 2017 (3)
- April 2017 (1)
- March 2017 (5)
- February 2017 (4)
- May 2016 (3)
- March 2016 (1)
- October 2015 (2)
- September 2015 (1)
- January 2015 (1)
- August 2014 (1)
- July 2014 (8)
- May 2014 (1)
- November 2013 (1)
- October 2013 (2)
- September 2013 (3)
- August 2013 (4)
- June 2013 (2)
- May 2013 (3)
- April 2013 (5)
- March 2013 (5)
- February 2013 (1)
- January 2013 (5)
- December 2012 (9)
- November 2012 (3)
- October 2012 (3)
- August 2012 (4)
- July 2012 (2)
- June 2012 (1)
- May 2012 (6)
- March 2012 (13)
- February 2012 (12)
- January 2012 (9)
- December 2011 (9)
- November 2011 (4)
- October 2011 (5)
- September 2011 (10)
- August 2011 (10)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (14)
- February 2011 (8)
- January 2011 (32)
- December 2010 (23)
- November 2010 (19)
- October 2010 (10)
- September 2010 (6)
- August 2010 (1)
- July 2010 (1)
- June 2010 (6)
- March 2010 (7)
- February 2010 (3)
- December 2009 (3)
- November 2009 (11)
- September 2009 (2)
- July 2009 (1)
- June 2009 (5)
- May 2009 (1)
- April 2009 (2)
- March 2009 (3)
- February 2009 (6)
- January 2009 (3)
- December 2008 (8)
- November 2008 (5)
- October 2008 (3)
- September 2008 (3)
- August 2008 (3)
- June 2008 (6)
- May 2008 (2)
- April 2008 (3)
- March 2008 (5)
- January 2008 (3)
- December 2007 (3)
- November 2007 (13)
- October 2007 (10)