News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Using NetUserSetInfo with MASM32

Started by TriggerFinger, July 12, 2012, 01:26:37 AM

Previous topic - Next topic

TriggerFinger

Hi,

I am trying to create a program that would disable a user account on a local computer.  I found NetUserSetInfo as the API to be able to do this with USER_INFO_1008.  However it does not do the job.

See below:

**************
.data
uflags db "UF_ACCOUNTDISABLE",0

.data?
ui USER_INFO_1008 <>

.start
                         ....
                            .ELSEIF ax==IDC_DISABLE
                              mov ui.usri1008_flags, OFFSET uflags
                              invoke GetDlgItemText,hWnd,IDC_EDIT1,addr userdis,addr buffer
                              invoke NetUserSetInfo, NULL, addr userdis, 1008, addr ui, NULL
                         ....
******************************

When ran, no errors were shown but it does not do the job to set the account as disabled. Can anybody share some information on what I am missing?

Thank  you.
TF

qWord

Quote from: msdnNote that setting user account control flags may require certain privileges and control access rights. For more information, see the Remarks section of the NetUserSetInfo function.

Quote from: TriggerFinger on July 12, 2012, 01:26:37 AM
                              mov ui.usri1008_flags, OFFSET uflags
???
Should be: UF_SCRIPT  OR  UF_ACCOUNTDISABLE.
There is also an example on msdn - just read it   :t
MREAL macros - when you need floating point arithmetic while assembling!

TriggerFinger

Thanks for the reply.

I tried what you suggested and also changed the code to look like...

**************
.data
uflags db "UF_ACCOUNTDISABLE",0

.data?
ui USER_INFO_1008 <>

.start
                         ....
                            .ELSEIF ax==IDC_DISABLE
                              mov ui.usri1008_flags, UF_SCRIPT OR UF_ACCOUNTDISABLE                             
                              invoke GetDlgItemText,hWnd,IDC_EDIT1,addr userdis,addr buffer
                              invoke NetUserSetInfo, NULL, addr userdis, 1008, addr ui.usri1008_flags, NULL
                         ....
******************************

... but still no go when I check the account. I tried looking for the msdn example but I cannot seem to find it. Do you have a link?

Thanks.

TF

qWord

For the example see NetUserSetInfo.
Probably you must run your application with administrator rights. Analyzing the return value would also be helpful.
MREAL macros - when you need floating point arithmetic while assembling!

TriggerFinger

Thanks qWord for the reply.

I checked the examples and I still do not get it. I traced the program in Olly and I got ERROR_IO_PENDING but I am totally clueless how to get the return value of NetUserSetInfo. Any advise on how I can get the return value of NetUserSetInfo?

Thanks.

TF

qWord

Quote from: TriggerFinger on July 14, 2012, 05:53:25 AM
Any advise on how I can get the return value of NetUserSetInfo?
WinAPI functions commonly return values (size <= 32Bit) through EAX.
invoke NtUserSetInfo,...
.if eax == NERR_Success
print "done",13,10
.elseif eax == ERROR_ACCESS_DENIED
print "error: access denied",13,10
.elseif eax == NERR_InvalidComputer
print "error: invalid computer",13,10
.elseif eax == NERR_UserNotFound
...
.endif
MREAL macros - when you need floating point arithmetic while assembling!

TriggerFinger

Hi qWord,

I really appreciate all the help and guidance you are providing.

After adding the code to capture the return value, I end up getting User Not Found errors. I ran it as administrator but I get the same problem.

Just to satisfy my curiosity I changed:
=================
invoke NetUserSetInfo, 0, addr userdis, 1008, addr ui.usri1008_flags, 0
=================
to
=================
invoke NetUserSetInfo, addr comp, addr userdis, 1008, addr ui.usri1008_flags, 0
=================
... specifying my computer's name and to my surprise I did not get any errors at all. I was hoping it did the job but when I checked the profiles it was the same - it did not DISABLE the account. I ran it again in OLLY and all I see is ERROR_NO_UNICODE_TRANSLATION. The only 2 things I can think of having something to do with Unicode is the server name and the user profile in the NetUserSetInfo API. Any advise?

Thanks.

TF


qWord

The error messages shown by OllyDbg (=GetLastError), are generally not valid for this functions, because there is no reference in the documentation. However, as in this case, it can give you a hint if the function fails.
The function works only with Unicode string (see definition: LPCWSTR). In the attachment an working example.

qWord

MREAL macros - when you need floating point arithmetic while assembling!

TriggerFinger

qWord...

Thank you for the guidance (and for the patience). After studying the attached example, I used GetDlgItemTextW instead of the GetDlgItemText and that did the job.

TF