修改开机密码那种敲竹杠。
只要修改用户(权限,密码等)都是在这里 \Device\NamedPipe\samr
[mw_shl_code=html,true]4.9.2. samr interface
The samr interface is used to communicate with the SAM (Security Account Manager) subsystem.
Before Windows 2000, the samr interface is only available on the samr named pipe endpoint:
C:\> ifids -p ncacn_np -e \pipe\samr \\.
Interfaces: 4
[...]
12345778-1234-abcd-ef00-0123456789ac v0.0
[...]
In Active Directory domains (and particularly, Active Directory domain controllers), the samr interface is also available (and used) over a TCP endpoint:
C:\> ifids -p ncacn_ip_tcp -e 1025 127.0.0.1
Interfaces: 12
[...]
12345778-1234-abcd-ef00-0123456789ac v0.0
[...]
During Active Directory domain joins, the creation of computer accounts is implemented with samr operations called on the TCP endpoint of Active Directory domain controllers.
IDL (Interface Definition Language) for the samr interface is available in Samba 4 [55].
Table 4.16. samr operations
Interface Operation number Operation name
12345778-1234-abcd-ef00-0123456789ac v1.0: samr
0x00 SamrConnect
0x01 SamrCloseHandle
0x02 SamrSetSecurityObject
0x03 SamrQuerySecurityObject
0x04 SamrShutdownSamServer
0x05 SamrLookupDomainInSamServer
0x06 SamrEnumerateDomainsInSamServer
0x07 SamrOpenDomain
0x08 SamrQueryInformationDomain
0x09 SamrSetInformationDomain
0x0a SamrCreateGroupInDomain
0x0b SamrEnumerateGroupsInDomain
0x0c SamrCreateUserInDomain
0x0d SamrEnumerateUsersInDomain
0x0e SamrCreateAliasInDomain
0x0f SamrEnumerateAliasesInDomain
0x10 SamrGetAliasMembership
0x11 SamrLookupNamesInDomain
0x12 SamrLookupIdsInDomain
0x13 SamrOpenGroup
0x14 SamrQueryInformationGroup
0x15 SamrSetInformationGroup
0x16 SamrAddMemberToGroup
0x17 SamrDeleteGroup
0x18 SamrRemoveMemberFromGroup
0x19 SamrGetMembersInGroup
0x1a SamrSetMemberAttributesOfGroup
0x1b SamrOpenAlias
0x1c SamrQueryInformationAlias
0x1d SamrSetInformationAlias
0x1e SamrDeleteAlias
0x1f SamrAddMemberToAlias
0x20 SamrRemoveMemberFromAlias
0x21 SamrGetMembersInAlias
0x22 SamrOpenUser
0x23 SamrDeleteUser
0x24 SamrQueryInformationUser
0x25 SamrSetInformationUser
0x26 SamrChangePasswordUser
0x27 SamrGetGroupsForUser
0x28 SamrQueryDisplayInformation
0x29 SamrGetDisplayEnumerationIndex
0x2a SamrTestPrivateFunctionsDomain
0x2b SamrTestPrivateFunctionsUser
0x2c SamrGetUserDomainPasswordInformation
> Windows 2000 0x2d SamrRemoveMemberFromForeignDomain
- 0x2e SamrQueryInformationDomain2
- 0x2f SamrQueryInformationUser2
- 0x30 SamrQueryDisplayInformation2
- 0x31 SamrGetDisplayEnumerationIndex2
- 0x32 SamrCreateUser2InDomain
- 0x33 SamrQueryDisplayInformation3
- 0x34 SamrAddMultipleMembersToAlias
- 0x35 SamrRemoveMultipleMembersFromAlias
- 0x36 SamrOemChangePasswordUser2
- 0x37 SamrUnicodeChangePasswordUser2
- 0x38 SamrGetDomainPasswordInformation
- 0x39 SamrConnect2
- 0x3a SamrSetInformationUser2
- 0x3b SamrSetBootKeyInformation
- 0x3c SamrGetBootKeyInformation
- 0x3d SamrConnect3
- 0x3e SamrConnect4
- 0x3f SamrUnicodeChangePasswordUser3
> Windows XP and Windows Server 2003 0x40 SamrConnect5
- 0x41 SamrRidToSid
- 0x42 SamrSetDSRMPassword
- 0x43 SamrValidatePassword
> Windows Vista 0x44 SamrQueryLocalizableAccountsInDomain
- 0x45 SamrPerformGenericOperation
To connect to the SAM server, one of the following operations are used:
SamrConnect (0x00)
SamrConnect2 (0x39)
SamrConnect3 (0x3d)
SamrConnect4 (0x3e)
SamrConnect5 (0x40)
Then, available domains in the SAM server can be enumerated(枚举) using the following operation:
SamrEnumerateDomainsInSamServer (0x06)
The following operation is used to obtain the SID of a domain, given its name:
SamrLookupDomainInSamServer (0x05)
This operation typically returns the BUILTIN domain (S-1-5-32) and the machine domain (local domain for a non-domain controller machine, NT 4 or Active Directory domain for a domain controller machine).
The domain SID can then be used to open a given domain:
SamrOpenDomain (0x07)
General information about the opened domain can be obtained or set with the following operations:
SamrQueryInformationDomain (0x08)
SamrQueryInformationDomain2 (0x2e)
SamrSetInformationDomain (0x09)
Once a domain is opened, it is possible to enumerate groups, aliases and users, using the following operations:
SamrEnumerateGroupsInDomain (0x0b)
SamrEnumerateAliasesInDomain (0x0f)
SamrEnumerateUsersInDomain (0x0d)
RID and names resolution inside an opened domain are implemented by the following operations:
SamrLookupNamesInDomain (0x11)
SamrLookupIdsInDomain (0x12)
Domain password policies can be obtained with the following operations:
SamrGetUserDomainPasswordInformation (0x2c)
SamrGetDomainPasswordInformation (0x38)
To create a new group, alias or user in the opened domain, the following operations can be used:
SamrCreateGroupInDomain (0x0a)
SamrCreateAliasInDomain (0x0e)
SamrCreateUserInDomain (0x0c)
SamrCreateUser2InDomain (0x32)
To open an existing group, alias or user in the opened domain, the following operations exist:
SamrOpenGroup (0x13)
SamrOpenAlias (0x1b)
SamrOpenUser (0x22)
To delete an existing group, alias or user in the opened domain, the following operations exist:
SamrDeleteGroup (0x17)
SamrDeleteAlias (0x1e)
SamrDeleteUser (0x23)
To obtain a list of members in groups or aliases, the following operations can be used:
SamrGetMembersInGroup (0x19)
SamrGetMembersInAlias (0x21)
To add or remove a member to a group or alias, the following operations are available:
SamrAddMemberToGroup (0x16)
SamrAddMemberToAlias (0x1f)
SamrRemoveMemberFromGroup (0x18)
SamrRemoveMemberFromAlias (0x20)
For aliases, it is also possible to add or remove multiple members to or from an alias:
SamrAddMultipleMembersToAlias (0x34)
SamrRemoveMultipleMembersFromAlias (0x35)
To obtain or set information about a given group or alias, the following operations exist:
SamrQueryInformationGroup (0x14)
SamrQueryInformationAlias (0x1c)
SamrSetInformationGroup (0x15)
SamrSetInformationAlias (0x1d)
Similar operations exist for accounts management:
SamrQueryInformationUser (0x24)
SamrQueryInformationUser2 (0x2f)
SamrSetInformationUser (0x25)
SamrSetInformationUser2 (0x3a)
A list of groups containing a given user can be obtained with the following operation:
SamrGetGroupsForUser (0x27)
Finally, handles returned by the following operations are supposed to be closed, using the SamrCloseHandle (0x01) operation:
SamrConnect (0x00)
SamrConnect2 (0x39)
SamrConnect3 (0x3d)
SamrConnect4 (0x3e)
SamrConnect5 (0x40)
SamrOpenDomain (0x07)
SamrOpenGroup (0x13)
SamrOpenAlias (0x1b)
SamrOpenUser (0x22)
SamrCreateUserInDomain (0x0c)
SamrCreateUser2InDomain (0x32)
SamrCreateAliasInDomain (0x0e)
SamrCreateGroupInDomain (0x0a)[/mw_shl_code] |