I'm in need of migrating many local computer accounts from Windows 2003 to Windows 2008 x64. In the past, I've used copypwd from SystemTools and it's worked great. However, it doesn't support x64. However there is a post on the forums containing source code to a x64 version.
I've downloaded this source and loaded it in Visual Studio 2013. I've converted the project to x64 project and compiled successfully. However, I'm getting an error (which shows up in EventViewer -> System):
Application popup: Pop Msg : WriteProcessMemory failed: 299
I've traced it to the WriteProcessMemory line directly below the "Write code to the proc" comment.
void InjectDll (HANDLE hProc, BOOL Dumping, LPCSTR szPipeName, LPCSTR szCurrentDirectory)
{
DWORD dwFuncSize;
DWORD dwBytesToAlloc;
LPVOID pRemoteAlloc = NULL;
REMOTE_INFO remInfo;
HINSTANCE hKernel32;
CHAR szDllName[MAX_PATH];
DWORD dwBytesWritten;
HANDLE hRemoteThread = 0;
DWORD dwIgnored;
// Prepare the info to send across
hKernel32 = LoadLibrary ("Kernel32");
remInfo.pLoadLibrary = (pLoadLib_t) GetProcAddress (hKernel32, "LoadLibraryA");
remInfo.pGetProcAddress = (pGetProcAddr_t) GetProcAddress (hKernel32, "GetProcAddress");
remInfo.pFreeLibrary = (pFreeLib_t) GetProcAddress (hKernel32, "FreeLibrary");
GetModuleFileName (NULL, szDllName, sizeof (szDllName));
strcpy (strrchr (szDllName, '\\') + 1, "copypwd.dll");
strncpy (remInfo.szDllName, szDllName, sizeof (remInfo.szDllName));
if (Dumping)
strncpy (remInfo.szProcName, "DumpSam", sizeof (remInfo.szProcName));
else
strncpy (remInfo.szProcName, "SetPass", sizeof (remInfo.szProcName));
strncpy(remInfo.szPipeName, szPipeName, sizeof (remInfo.szPipeName));
strncpy(remInfo.szCurrentDirectory, szCurrentDirectory, sizeof (remInfo.szCurrentDirectory));
// Determine amount of memory to allocate
dwFuncSize = (DWORD)DummyFunc - (DWORD)RemoteFunction;
dwBytesToAlloc = dwFuncSize + sizeof (REMOTE_INFO) + 4;
// Allocate memory in remote proc
pRemoteAlloc = VirtualAllocEx (hProc, NULL, dwBytesToAlloc, MEM_COMMIT, PAGE_EXECUTE_READWRITE); // fix in v1.1, previously was PAGE_READWRITE
if (pRemoteAlloc == NULL)
{
PopMsgSrv("VirtualAllocEx failed: %d\n", GetLastError ());
return;
}
// Write data to the proc
if (!WriteProcessMemory (hProc, pRemoteAlloc, &remInfo, sizeof (remInfo),
&dwBytesWritten))
{
PopMsgSrv("WriteProcessMemory failed: %d\n", GetLastError ());
goto exit;
}
// Write code to the proc
if (!WriteProcessMemory (hProc,
(PBYTE)pRemoteAlloc + sizeof (REMOTE_INFO) + 4,
(LPVOID)(DWORD)RemoteFunction, dwFuncSize,
&dwBytesWritten))
{
PopMsgSrv("WriteProcessMemory failed: %d\n", GetLastError ());
goto exit;
}
// Create the remote thread
hRemoteThread = CreateRemoteThread (hProc, NULL, 524288, //0,
(LPTHREAD_START_ROUTINE)((PBYTE) pRemoteAlloc + sizeof (REMOTE_INFO) + 4),
pRemoteAlloc, 0, &dwIgnored);
if (!hRemoteThread)
{
PopMsgSrv("CreateRemoteThread failed: %d\n", GetLastError ());
goto exit;
}
// Wait for the thread
WaitForSingleObject (hRemoteThread, INFINITE);
exit:
if (hRemoteThread)
CloseHandle (hRemoteThread);
// Free the memory
if (pRemoteAlloc)
VirtualFreeEx (hProc, pRemoteAlloc, 0, MEM_RELEASE);
}
Any help would be greatly appreciated. Someone told me that ManagedRED Software offers a program called ADUM ADMigrator that uses SystemTools copypwd implementation and it works on Windows 2008 x64 (it uses the same file names as this package, copypwd.exe, cppwdsvc.exe, copypwd.dll). So it seems I should be able to get this to work (since they obviously did and are selling it). I'm not opposed to buying it but it seems pretty cheap to me that they've modified free software and are selling it at a premium.
Edit: It appears ManagedRed is no longer a company and was bought by BinaryTree.
Aucun commentaire:
Enregistrer un commentaire