Skip to content

Commit

Permalink
fix crash if histories of some account more than 14
Browse files Browse the repository at this point in the history
  • Loading branch information
@zcgonvh
zcgonvh committed Feb 23, 2017
1 parent ebdf7e2 commit 312d0a7
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 15 deletions.
6 changes: 0 additions & 6 deletions NTDSDumpEx/NTDSDumpEx.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,6 @@ void usage()
"-o write output into\n"
"-h dump hash histories(if available)\n"
"-p dump description and path of home directory\n"
//"-i dump disabled accounts\n"
"-m dump machine accounts\n"
"-u USE UPPER-CASE-HEX\n"
"\n"
Expand Down Expand Up @@ -204,11 +203,6 @@ int main(int argc, char *argv[]) {
{
chFmt = 'X';
}
/*else if ((stricmp(argv[i], "-i") == 0))
{
hasInactive = true;
i++;
}*/
else
{
usage();
Expand Down
18 changes: 9 additions & 9 deletions NTDSDumpEx/ntds.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@ BOOL NTDS::IsAccountMachine(DWORD dwUserCtrl) {
}

DWORD NTDS::GetColumnData(ULONG columnId, PVOID pbBuffer, DWORD cbBufSize) {
ZeroMemory(pbBuffer, cbBufSize);
if (pbBuffer){ ZeroMemory(pbBuffer, cbBufSize); }
DWORD dwSize = 0;

err = JetRetrieveColumn(sesId, tableId, columnId,
Expand Down Expand Up @@ -555,8 +555,6 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO
BYTE lmHash[256], ntHash[256], lmHistory[256], ntHistory[256], sid[256];
DWORD rid, dwUserCtrl;
DWORD dwAcc, dwMac, dwEnt, dwHis;
LPBYTE plmHist = (LPBYTE)malloc(256);
LPBYTE pntHist = (LPBYTE)malloc(256);
// get column ids corresponding to user attributes
ULONG uacId = GetColumnId(ATT_USER_ACCOUNT_CONTROL);
ULONG sidId = GetColumnId(ATT_OBJECT_SID);
Expand Down Expand Up @@ -671,10 +669,12 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO
//dump histories
if (bHistory)
{
ZeroMemory(plmHist, 256);
ZeroMemory(pntHist, 256);
DWORD dwlmhSize = GetColumnData(lmHistId, plmHist, 256);
DWORD dwnthSize = GetColumnData(ntHistId, pntHist, 256);
DWORD dwlmhSize = GetColumnData(lmHistId, 0, 0);
DWORD dwnthSize = GetColumnData(ntHistId, 0, 0);
LPBYTE plmHist = (LPBYTE)malloc(dwlmhSize);
LPBYTE pntHist = (LPBYTE)malloc(dwnthSize);
GetColumnData(lmHistId, plmHist, dwlmhSize);
GetColumnData(ntHistId, pntHist, dwlmhSize);
DWORD max = dwlmhSize > dwnthSize ? dwlmhSize : dwnthSize;
if ((max > 0) && (max - 24 >= 16))
{
Expand Down Expand Up @@ -715,6 +715,8 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO
dwHis++;
}
}
free(plmHist);
free(pntHist);
}
if (IsAccountMachine(dwUserCtrl))
{
Expand All @@ -740,7 +742,5 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO
}
// close table
err = JetCloseTable(sesId, tableId);
free(plmHist);
free(pntHist);
return err == JET_errSuccess;
}

0 comments on commit 312d0a7

Please sign in to comment.