Hi,
I am trying to create a program that would disable a user account on a local computer. I found NetUserSetInfo as the API to be able to do this with USER_INFO_1008. However it does not do the job.
See below:
**************
.data
uflags db "UF_ACCOUNTDISABLE",0
.data?
ui USER_INFO_1008 <>
.start
....
.ELSEIF ax==IDC_DISABLE
mov ui.usri1008_flags, OFFSET uflags
invoke GetDlgItemText,hWnd,IDC_EDIT1,addr userdis,addr buffer
invoke NetUserSetInfo, NULL, addr userdis, 1008, addr ui, NULL
....
******************************
When ran, no errors were shown but it does not do the job to set the account as disabled. Can anybody share some information on what I am missing?
Thank you.
TF
Quote from: msdnNote that setting user account control flags may require certain privileges and control access rights. For more information, see the Remarks section of the NetUserSetInfo function.
Quote from: TriggerFinger on July 12, 2012, 01:26:37 AM
mov ui.usri1008_flags, OFFSET uflags
???
Should be: UF_SCRIPT OR UF_ACCOUNTDISABLE.
There is also an example on msdn - just read it :t
Thanks for the reply.
I tried what you suggested and also changed the code to look like...
**************
.data
uflags db "UF_ACCOUNTDISABLE",0
.data?
ui USER_INFO_1008 <>
.start
....
.ELSEIF ax==IDC_DISABLE
mov ui.usri1008_flags, UF_SCRIPT OR UF_ACCOUNTDISABLE
invoke GetDlgItemText,hWnd,IDC_EDIT1,addr userdis,addr buffer
invoke NetUserSetInfo, NULL, addr userdis, 1008, addr ui.usri1008_flags, NULL
....
******************************
... but still no go when I check the account. I tried looking for the msdn example but I cannot seem to find it. Do you have a link?
Thanks.
TF
For the example see NetUserSetInfo (http://msdn.microsoft.com/en-us/library/windows/desktop/aa370659(v=vs.85).aspx).
Probably you must run your application with administrator rights. Analyzing the return value would also be helpful.
Thanks qWord for the reply.
I checked the examples and I still do not get it. I traced the program in Olly and I got ERROR_IO_PENDING but I am totally clueless how to get the return value of NetUserSetInfo. Any advise on how I can get the return value of NetUserSetInfo?
Thanks.
TF
Quote from: TriggerFinger on July 14, 2012, 05:53:25 AM
Any advise on how I can get the return value of NetUserSetInfo?
WinAPI functions commonly return values (size <= 32Bit) through EAX.
invoke NtUserSetInfo,...
.if eax == NERR_Success
print "done",13,10
.elseif eax == ERROR_ACCESS_DENIED
print "error: access denied",13,10
.elseif eax == NERR_InvalidComputer
print "error: invalid computer",13,10
.elseif eax == NERR_UserNotFound
...
.endif
Hi qWord,
I really appreciate all the help and guidance you are providing.
After adding the code to capture the return value, I end up getting User Not Found errors. I ran it as administrator but I get the same problem.
Just to satisfy my curiosity I changed:
=================
invoke NetUserSetInfo, 0, addr userdis, 1008, addr ui.usri1008_flags, 0
=================
to
=================
invoke NetUserSetInfo, addr comp, addr userdis, 1008, addr ui.usri1008_flags, 0
=================
... specifying my computer's name and to my surprise I did not get any errors at all. I was hoping it did the job but when I checked the profiles it was the same - it did not DISABLE the account. I ran it again in OLLY and all I see is ERROR_NO_UNICODE_TRANSLATION. The only 2 things I can think of having something to do with Unicode is the server name and the user profile in the NetUserSetInfo API. Any advise?
Thanks.
TF
The error messages shown by OllyDbg (=GetLastError), are generally not valid for this functions, because there is no reference in the documentation. However, as in this case, it can give you a hint if the function fails.
The function works only with Unicode string (see definition: LPCWSTR). In the attachment an working example.
qWord
qWord...
Thank you for the guidance (and for the patience). After studying the attached example, I used GetDlgItemTextW instead of the GetDlgItemText and that did the job.
TF