News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Enumerating users

Started by Biterider, February 16, 2025, 08:50:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Biterider

February 16, 2025, 08:50:46 PM
Hi
I marked this post by Vortex for later reading (https://masm32.com/board/index.php?topic=12324.0;topicseen#msg134070
Taking a break from a larger project, I invested some time to clean up and translate the MS example to assembly. I used the ObjAsm infrastructure to get a quick result and it worked quite well.

Code Select
GetNetUsers proc uses xbx xdi pServerNameW:PSTRINGW
  local pBuffer:LPUSER_INFO_0, dLevel:DWORD
  local dEntriesRead:DWORD, dTotalEntries:DWORD
  local hResumeHandle:HANDLE, dTotalCount:DWORD
 
  mov pBuffer, NULL
  mov dLevel, 0
  mov dEntriesRead, 0
  mov dTotalEntries, 0
  mov hResumeHandle, 0
  mov dTotalCount, 0
 
  .if pServerNameW != NULL
    DbgWriteF ,, "User accounts on ¦SU", pServerNameW
  .else
    DbgText "User accounts on local system"
  .endif
  .while TRUE
    invoke NetUserEnum, pServerNameW, dLevel, FILTER_NORMAL_ACCOUNT, addr pBuffer, -1, \
                        addr dEntriesRead, addr dTotalEntries, addr hResumeHandle
    .if eax == NERR_Success
      .if pBuffer != NULL
        ;Loop through the entries.
        xor ebx, ebx
        mov xdi, pBuffer
        .while ebx != dEntriesRead
          ;Print the name of the user account.
          DbgStrW [xdi].USER_INFO_0.usri0_name
          add xdi, sizeof(PSTRINGW)
          inc dTotalCount
          inc ebx
        .endw
      .endif
    .else
      DbgApiError
      DbgWriteF ,, "A system error has occurred: ¦UD", eax
      .if pBuffer != NULL
        invoke NetApiBufferFree, pBuffer
        mov pBuffer, NULL
      .endif
    .endif
    mov eax, dTotalCount
    .break .if eax == dTotalEntries
  .endw
  .if pBuffer != NULL
    invoke NetApiBufferFree, pBuffer
  .endif
  DbgWriteF ,, "Total entries: ¦UD", dTotalCount
  ret
GetNetUsers endp
To get it running you have to add
Code Select
% includelib \netapi32.lib
% include \lmaccess.inc
In case you don't have lmaccess.inc, add these lines
Code Select
NetApiBufferFree  proto :POINTER
NetUserEnum       proto :POINTER, :DWORD, :DWORD, :POINTER, :DWORD, :POINTER, :POINTER, :POINTER
NERR_Success      equ 0
FILTER_NORMAL_ACCOUNT equ 2
USER_INFO_0 struct
  usri0_name  PSTRINGW  ?
USER_INFO_0 ends
LPUSER_INFO_0 typedef ptr USER_INFO_0

The output on my local machine is:
Code Select
User accounts on local system
[xdi].USER_INFO_0.usri0_name -> XXXX
[xdi].USER_INFO_0.usri0_name -> YYYY
[xdi].USER_INFO_0.usri0_name -> ZZZZGroupUser$
[xdi].USER_INFO_0.usri0_name -> WDAGUtilityAccount
Total entries: 4
XXXX, YYYY, ZZZZ were used to hide real names.

Regards, Biterider

Biterider

#1
February 16, 2025, 10:08:28 PM
Hi
In case someone wants to check the users on your system, the binary created with the above code is attached.
DebugCenter is required to see the output. It can be downloaded from here.

Run DebugCenter first and then the UserEnum application.

Regards, Biterider
Print
Go Up Pages1
User actions