BigDaddyO Posted December 12, 2017 Posted December 12, 2017 I've been working with the Windows Credentials store to store credentials for lots of RDP connections. I'm also using this code in other scripts to store and retrieve "legacy" credentials for my scripts that have a Save Password checkbox. All goes well, until someone requests a button to display a list of all saved credentials. I found the CredEnumerate call and it looks like it's working but the Target and UserName field that I want is stored inside an array of pointers and I can't figure out how to get data from inside that. I found a post from 2009 that talks about this, but there was never a solution. Below are my functions put into an example script. the _Credentials_Enumerate() is where i'm having problems. Anybody have some ideas? Thanks, Mike expandcollapse popup;Credentials Manager #include <array.au3> #include <WinAPI.au3> ;Needed for the _WinAPI_GetLastError() ;------------------------------------------------------------------------ ;----- Add items into the Credentials Store ---------------------------- ;------------------------------------------------------------------------ ;~ _Cred_Add("MyCredStored", "ItsMe", "Secret1", "", 1) ;Add a Local Credentials so we can test the retrieval of a password ;~ $aAddCred = _Cred_Add("MyServer", "Domain\adminAccount", "MyS3cr3+P@ssw0rd") ;Add domain Credentials that can only be used with RDP and other such items ;~ _ArrayDisplay($aAddCred, "AddCred") ;------------------------------------------------------------------------ ;------------------------------------------------------------------------ ;----- Retrieve Credentials from the Credentials Store ----------------- ;------------------------------------------------------------------------ ;~ $aCreds = _Cred_Get("MyServer", 2) ;Retrieve Domain Cred's, won't have password in it ;~ _ArrayDisplay($aCreds, "Credentials") $aCreds = _Credentials_Enumerate() ;Get a list of all credentials currently stored on the system **(DOES NOT WORK)** ;------------------------------------------------------------------------ ;------------------------------------------------------------------------ ;----- Delete a Credential from the Credentials Store ------------------ ;------------------------------------------------------------------------ ;~ _Cred_Delete("MyServer") ;Delete the specified item from the Credential Store ;~ For $d = 1 to UBound($aCreds) - 1 ;~ _Cred_Delete($aCreds[$d][0]) ;Loop to delete all items found. **(DOES NOT WORK)** ;~ Next ;------------------------------------------------------------------------ ;================================================================================================ ;===== Add a Credential into the Credentials Store ============================================= ;================================================================================================ Func _Cred_Add($sTarget, $sUser, $sPassword, $sComm = "", $iType = 2) ;Type: 2=Domain, 1=Local Local $structTarget = DllStructCreate("wchar[100]") ; Create a structure to hold the Target object name DllStructSetData($structTarget, 1, $sTarget) ; Insert the target name into that Structure Local $structUser = DllStructCreate("wchar[100]") ; Create a structure to hold the UserName to use DllStructSetData($structUser, 1, $sUser) ; Insert the user name into the structure Local $structPwd = DllStructCreate("wchar[100]") ; Create a structure to hole the password to use DllStructSetData($structPwd, 1, $sPassword) ; Insert the password into the structure Local $structComment = DllStructCreate("wchar[100]") ; I don't see where this is used, but was in all the examples DllStructSetData($structComment, 1, $sComm) Local $structCREDENTIAL= "" & _ "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" Local $NewCred = DllStructCreate($structCREDENTIAL) If @error Then MsgBox(0, "NewCred", "Error in DllStructCreate " & @error); Exit EndIf DllStructSetData($NewCred,"Flags",0) DllStructSetData($NewCred,"Type",$iType) ;2 = Domain, 1 = Generic DllStructSetData($NewCred,"TargetName",DllStructGetPtr($structTarget)) DllStructSetData($NewCred,"Persist",3) DllStructSetData($NewCred,"AttributeCount",0) DllStructSetData($NewCred,"UserName",DllStructGetPtr($structUser)) DllStructSetData($NewCred,"CredentialBlob",DllStructGetPtr($structPwd)) DllStructSetData($NewCred,"CredintialBlobSize",StringLen($sPassword)*2) DllStructSetData($NewCred,"Comment",DllStructGetPtr($structComment)) Local $hAdvapi32 = DllOpen("Advapi32.dll") If $hAdvapi32 = -1 Then Msgbox(0, "Error", "Failed to connect to the Credentials Store") Exit Endif $Ret = DllCall($hAdvapi32, 'bool', 'CredWriteW', 'ptr', DllStructGetPtr($NewCred), 'dword', 0) $NewCred = 0 If IsArray($Ret) Then Return $Ret Else Return SetError(1) EndIf EndFunc ;_Cred_Add ;================================================================================================ ;===== Retrieve the Credentials for the specified item ========================================= ;================================================================================================ Func _Cred_Get($sTarget, $iType = 1) ;Type: 2=Domain, 1=Local. CAN'T RETURN DOMAIN PASSWORDS!!! Local $FuncRet[3] Local $structTarget = DllStructCreate("wchar[100]") DllStructSetData($structTarget,1,$sTarget) Local $hAdvapi32 = DllOpen("Advapi32.dll") If $hAdvapi32 = -1 Then Msgbox(0, "Error", "Failed to connect to the Credentials Store") Exit Endif Local $Ret = DllCall($hAdvapi32, 'bool', 'CredReadW', 'ptr', DllStructGetPtr($structTarget), 'dword', $iType, 'dword', 0, 'ptr*', 0) if $ret[0]=0 then Return SetError(1,0,$FuncRet) Local $structCREDENTIAL= "" & _ "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "Ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" Local $tdata=DllStructCreate($structCREDENTIAL, $Ret[4]) Local $userName = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'Username')) Local $User = DllStructGetData($userName, 1) Local $CredentialBlobSize = DllStructGetData($tdata, 'CredintialBlobSize') Local $credentialBlob = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'CredentialBlob')) Local $Password = StringLeft(DllStructGetData($credentialBlob, 1), $CredentialBlobSize/2) Local $Comment = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'Comment')) Local $Comm = DllStructGetData($Comment, 1) Dim $FuncRet[] = [$User, $Password, $Comm] Return $FuncRet EndFunc ;_Cred_Get ;================================================================================================ ;===== Delete a specified item from the Credentials Store ====================================== ;================================================================================================ Func _Cred_Delete($sTarget, $iType = 2) ;Type: 2=Domain, 1=Local Local $structTarget = DllStructCreate("wchar[100]") ;Create a structure to hold the object name we want to delete DllStructSetData($structTarget, 1, $sTarget) ;Insert the Object Name into the Structure Local $hAdvapi32 = DllOpen("Advapi32.dll") If $hAdvapi32 = -1 Then Msgbox(0, "Error", "Failed to connect to the Credentials Store") Exit Endif ;Now send all the info into the DLL to delete the item $Ret = DllCall($hAdvapi32, 'bool', 'CredDeleteW', 'ptr', DllStructGetPtr($structTarget), 'dword', $iType, 'dword', 0) ;$iType 2 = Domain, 1 = Local EndFunc ;_Cred_Delete ;================================================================================================ ;===== Return a 2D array with the Target, UserName, Password for every item ==================== ;===== in the Credentials Store ==================== ;================================================================================================ Func _Credentials_Enumerate() ;https://msdn.microsoft.com/en-us/library/windows/desktop/aa374794(v=vs.85).aspx ;https://www.autoitscript.com/forum/topic/99705-credenumerate-function-call/?do=findComment&comment=715159 Local $aResult Local $structCREDENTIAL = "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "Ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" $aResult = DllCall('advapi32.dll', 'int', 'CredEnumerateW', _ ;Call the Unicode version of CredEnumerate 'wstr', Null, _ ;Don't use any filter since I want everything returned 'uint', 1, _ ;1 = CRED_ENUMERATE_ALL_CREDENTIALS 'uint*', '', _ ;Return the Count of all stored credentials 'ptr*', '') ;Returns a pointer to an Array of pointers? If @error Or ($aResult[0] = 0) Then ConsoleWrite('Error: ' & @error & @TAB & 'Extended: ' & @extended & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @CRLF) ;1168 = Nothing matches the filter, 1312 = no credential set for this user, 1004 = Flag/Filter options are wrong Return SetError(1) EndIf ConsoleWrite("DllCall Returned = " & $aResult[0] & @CRLF & "Credential Count = " & $aResult[3] & @CRLF & "Pointer to Creds Array = " & $aResult[4] & @CRLF) For $c = 2 to $aResult[3] ;Create enough struct for each item in each credential found $structCREDENTIAL &= "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "Ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" Next Local $tdata = DllStructCreate($structCREDENTIAL, $aResult[4]) ;Insert all the data from the array of pointers into this struct Local $FullTarget = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'TargetName')) ;Create and Get the array storing TargetName Local $userName = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'Username')) ;Create and Get the array storing Username Local $CredentialBlobSize = DllStructGetData($tdata, 'CredintialBlobSize') ;Get the password blob Local $credentialBlob = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'CredentialBlob')) ;Create and get the password text Local $Comment = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'Comment')) ;Don't see a need for comments ;Retrieve the data For $c = 1 to $aResult[3] Local $Target = DllStructGetData($FullTarget, $c) ;Retrieve the Target Name from the item # Local $User = DllStructGetData($userName, $c) ;Retrieve the User Name from the item # Local $Password = StringLeft(DllStructGetData($credentialBlob, $c), $CredentialBlobSize/2) ;Retrieve the password, Only works for 1, legacy. domain creds will not return passwords Local $Comm = DllStructGetData($Comment, $c) ;Don't need comments but getting it since it's in all the examples ConsoleWrite("Loop = " & $c & ": Target = " & $Target & ": UserName = " & $User & ": Comment = " & $Comm & @CRLF) Next If $aResult[3] > 0 Then $aCreds = DllCall('advapi32.dll', 'none', 'CredFree', 'ptr', $aResult[4]) ;This is just used to release the pointer. Call when done EndIf EndFunc ;_Credentials_Enumerate
BigDaddyO Posted December 12, 2017 Author Posted December 12, 2017 I have a workaround for now which uses the cmdkey.exe with stdoutread. Not as graceful as using the DLL calls, but it gets me what I want. expandcollapse popupFunc _Credentials_Enumerate() Local $sCredList Local $iCred = -1 Local $aCredList[10000][2] ;set max number of Creds initally to 10,000, will be reDimed down before returning the array $iPID = Run(@SystemDir & "\cmdkey.exe /list", @SystemDir, @SW_HIDE, $STDOUT_CHILD) ProcessWaitClose($iPID) $sOutput = StdoutRead($iPID) If StringInStr($sOutput, "Currently stored credentials:") Then $aSplit = StringSplit($sOutput, @CRLF) For $c = 1 to $aSplit[0] If StringInStr($aSplit[$c], "Target:") Then $sCredList = StringStripWS(StringRight($aSplit[$c], StringLen($aSplit[$c]) - StringInStr($aSplit[$c], "=")), 3) ;Get the Target Server name $iCred += 1 ;Increase the Credential counter by 1 $aCredList[$iCred][0] = $sCredList ;Store the credential target in the 2D array For $d = $c to $aSplit[0] ;Continue searching the output for this credentials UserName If StringInStr($aSplit[$d], "User:") Then $sCredList = StringStripWS(StringRight($aSplit[$d], StringLen($aSplit[$d]) - StringInStr($aSplit[$d], ":")), 3) ;Get the UserName $aCredList[$iCred][1] = $sCredList ;Store the credential UserName in the 2D array ExitLoop ;We found the UserName, so exit out of this loop to look for the next Credential Target line EndIf Next $c = $d ;Set the C loop to where we found the UserName line to speed it up a little EndIf Next Else MsgBox(0, "Stored Creds", "No stored credentials were found") EndIf ReDim $aCredList[$iCred][2] Return $aCredList EndFunc ;_Credentials_Enumerate If anyone does know how to get the DLL call to work, I'd love to see it. Thanks, Mike
HighlanderSword Posted January 31, 2023 Posted January 31, 2023 Anyone have any luck getting the DLL call to work ?
Nine Posted January 31, 2023 Posted January 31, 2023 (edited) That seems to be working fine : #include <Array.au3> #include <WinAPIDiag.au3> $aResult = DllCall('advapi32.dll', 'int', 'CredEnumerateW', _ ;Call the Unicode version of CredEnumerate 'wstr', Null, _ ;Don't use any filter since I want everything returned 'uint', 1, _ ;1 = CRED_ENUMERATE_ALL_CREDENTIALS 'uint*', 0, _ ;Return the Count of all stored credentials 'ptr*', 0) ;Returns a pointer to an Array of pointers? _ArrayDisplay($aResult) $tPointer = DllStructCreate("ptr list[" & $aResult[3] & "]", $aResult[4]) _WinAPI_DisplayStruct($tPointer, "ptr list[" & $aResult[3] & "]") Local $tagCREDENTIAL= "" & _ "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" $tCredential = DllStructCreate($tagCREDENTIAL, $tPointer.list((1))) _WinAPI_DisplayStruct($tCredential, $tagCREDENTIAL) $tName = DllStructCreate("wchar string[100]", $tCredential.Username) MsgBox(0, "", "[" & $tName.string & "]") DllCall('advapi32.dll', 'NONE', 'CredFree', 'ptr', $aResult[4]) Edited January 31, 2023 by Nine more complete example “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Debug Messages Monitor UDF Screen Scraping Round Corner GUI UDF Multi-Threading Made Easy Interface Object based on Tag
HighlanderSword Posted January 31, 2023 Posted January 31, 2023 Great that works, so how do I get other elements from the Tagcredential was able to do - $tTargetname = DllStructCreate("wchar string[100]", $tCredential.TargetName) and that worked But below returns nothing and no @error is set as well $tPersist = DllStructCreate("wchar string[100]", $tCredential.Persist) This is my first time working with DllStructiure
Nine Posted January 31, 2023 Posted January 31, 2023 Unless it is a ptr (which means pointer), you can use it directly. For persist it is : Local $iPersist = $tCredential.Persist “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Debug Messages Monitor UDF Screen Scraping Round Corner GUI UDF Multi-Threading Made Easy Interface Object based on Tag
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now