From 312d0a70ca651ca99ca43956f242bbb9e6a678cf Mon Sep 17 00:00:00 2001 From: zcgonvh Date: Thu, 23 Feb 2017 19:03:19 +0800 Subject: [PATCH] fix crash if histories of some account more than 14 --- NTDSDumpEx/NTDSDumpEx.cpp | 6 ------ NTDSDumpEx/ntds.cpp | 18 +++++++++--------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/NTDSDumpEx/NTDSDumpEx.cpp b/NTDSDumpEx/NTDSDumpEx.cpp index 1249d23..f384af5 100644 --- a/NTDSDumpEx/NTDSDumpEx.cpp +++ b/NTDSDumpEx/NTDSDumpEx.cpp @@ -123,7 +123,6 @@ void usage() "-o write output into\n" "-h dump hash histories(if available)\n" "-p dump description and path of home directory\n" - //"-i dump disabled accounts\n" "-m dump machine accounts\n" "-u USE UPPER-CASE-HEX\n" "\n" @@ -204,11 +203,6 @@ int main(int argc, char *argv[]) { { chFmt = 'X'; } - /*else if ((stricmp(argv[i], "-i") == 0)) - { - hasInactive = true; - i++; - }*/ else { usage(); diff --git a/NTDSDumpEx/ntds.cpp b/NTDSDumpEx/ntds.cpp index 020f35a..ecd89b1 100644 --- a/NTDSDumpEx/ntds.cpp +++ b/NTDSDumpEx/ntds.cpp @@ -517,7 +517,7 @@ BOOL NTDS::IsAccountMachine(DWORD dwUserCtrl) { } DWORD NTDS::GetColumnData(ULONG columnId, PVOID pbBuffer, DWORD cbBufSize) { - ZeroMemory(pbBuffer, cbBufSize); + if (pbBuffer){ ZeroMemory(pbBuffer, cbBufSize); } DWORD dwSize = 0; err = JetRetrieveColumn(sesId, tableId, columnId, @@ -555,8 +555,6 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO BYTE lmHash[256], ntHash[256], lmHistory[256], ntHistory[256], sid[256]; DWORD rid, dwUserCtrl; DWORD dwAcc, dwMac, dwEnt, dwHis; - LPBYTE plmHist = (LPBYTE)malloc(256); - LPBYTE pntHist = (LPBYTE)malloc(256); // get column ids corresponding to user attributes ULONG uacId = GetColumnId(ATT_USER_ACCOUNT_CONTROL); ULONG sidId = GetColumnId(ATT_OBJECT_SID); @@ -671,10 +669,12 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO //dump histories if (bHistory) { - ZeroMemory(plmHist, 256); - ZeroMemory(pntHist, 256); - DWORD dwlmhSize = GetColumnData(lmHistId, plmHist, 256); - DWORD dwnthSize = GetColumnData(ntHistId, pntHist, 256); + DWORD dwlmhSize = GetColumnData(lmHistId, 0, 0); + DWORD dwnthSize = GetColumnData(ntHistId, 0, 0); + LPBYTE plmHist = (LPBYTE)malloc(dwlmhSize); + LPBYTE pntHist = (LPBYTE)malloc(dwnthSize); + GetColumnData(lmHistId, plmHist, dwlmhSize); + GetColumnData(ntHistId, pntHist, dwlmhSize); DWORD max = dwlmhSize > dwnthSize ? dwlmhSize : dwnthSize; if ((max > 0) && (max - 24 >= 16)) { @@ -715,6 +715,8 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO dwHis++; } } + free(plmHist); + free(pntHist); } if (IsAccountMachine(dwUserCtrl)) { @@ -740,7 +742,5 @@ BOOL NTDS::GetHashes(char fmt, BOOL bHistory, BOOL bInactive, BOOL bMachines, BO } // close table err = JetCloseTable(sesId, tableId); - free(plmHist); - free(pntHist); return err == JET_errSuccess; }