Hi All
i need to intercept LsaLogonUser call that is stored on secur32.dll, howned by lsass.exe process
i think to use madcodehook to do this, by injecting my code in the main process lsass.exe.
it's right?
any suggestion ?
apreciated.
Injection
Well, if you know that lsass.exe is the only process you need to hook, then just put the LsaLogonUser hook (HookAPI('secur32.dll', 'LsaLogonUser', ...)) into a little dll and inject that to lsass.exe (InjectLibrary(lsassProcessHandle, 'yourHook.dll')). Quite easy. But you need enough privileges to get a process handle to lsass.exe, probably you need admin rights for that.
-
- Posts: 2
- Joined: Tue Apr 20, 2004 11:03 am
Right, that's ok. i try now.
for your info, i need only to intercept, in some way, failed logon attempts and relative username (not from the network, only from the people wants to use the station directly).
obviously, w/out write custom gina or auth. pakage.
I try some way, without success. finally i decide to intercept LsaLogonUser, i hope that aren't hardest...
if this fails, i try to hijack winlogon.exe
Thanks A Lot
if you have some tip, please let me.
Thanks,
Joe
for your info, i need only to intercept, in some way, failed logon attempts and relative username (not from the network, only from the people wants to use the station directly).
obviously, w/out write custom gina or auth. pakage.
I try some way, without success. finally i decide to intercept LsaLogonUser, i hope that aren't hardest...
if this fails, i try to hijack winlogon.exe
Thanks A Lot
if you have some tip, please let me.
Thanks,
Joe