 |
KiXforms The Forum for the KiXforms Community
|
|
View previous topic :: View next topic |
Author |
Message |
benny69 KiXforms Advocate


Joined: 30 Oct 2003 Posts: 567 Location: Lincoln, Ne
|
Posted: Wed Jun 01, 2005 7:43 pm Post subject: Accessing functions in a .dll? |
|
|
Dose anybody know how one might access a function inside a .dll?
I know this is not really a KiXforms question, but I was hoping to draw upon Shawn’s or someone’s knowledge. Where am I going with this you ask? Well ultimately I would like to be able to come up with a script that would allow us to pass a login name and password through windows for authentication, to be used local and or domain (AD). The reason I ask about functions in .dll's is because I think that msgina.dll is one of the files used to authenticate Users. Maybe I could be so lucky that one of you have already worked this out and have a script I could use. _________________ Wait don't order yet,... get KiXforms Designer .NET 2.0 (Beta)
KiXforms Designer .NET 2.0 (Beta) |
|
Back to top |
|
 |
Shawn KiXforms Developer


Joined: 22 Feb 2003 Posts: 1983 Location: Canada
|
Posted: Wed Jun 01, 2005 9:58 pm Post subject: |
|
|
First off, I no security expert, but I will put my two cents in ...
tbh, I dont think Windows will allow you to do this. It breaks "the rules" of proper security (unless msgina doesn't follow the rules).
One security "principle" is that plain-text passwords should never be exposed in "user memory" (programs/dlls/script running in user memory) ... if it did allow this, than dlls loaded into the same space could "steal" the password.
I think Windows will authenticate "for you", but I dont think you can pass a username and (more importantly) a password to Windows for authentication.
These comments are based on my loose understanding of how things work. Would love to be proved wrong.
-Shawn |
|
Back to top |
|
 |
Shawn KiXforms Developer


Joined: 22 Feb 2003 Posts: 1983 Location: Canada
|
Posted: Wed Jun 01, 2005 10:13 pm Post subject: |
|
|
Ona more constructive note, I've seen RUNDLL used to call functions in DLL's with much success. Also have seen some COM objects that have attempted to "map" functions in DLLs, and "map" the parameters as well. If interested can try to look them up (this was quite some time ago). |
|
Back to top |
|
 |
benny69 KiXforms Advocate


Joined: 30 Oct 2003 Posts: 567 Location: Lincoln, Ne
|
Posted: Wed Jun 01, 2005 11:16 pm Post subject: |
|
|
Any direction Rundll, functions, what ever you can give me would be great, thanks. You mentioned letting windows do it for me how would someone utilize that? I have seen software that at least at outward appearance authenticates somehow with windows, maybe its all done with windows, but the form you put the user name and password in is not windows, maybe that is just a cosmetic thing. _________________ Wait don't order yet,... get KiXforms Designer .NET 2.0 (Beta)
KiXforms Designer .NET 2.0 (Beta) |
|
Back to top |
|
 |
Stevie KiXforms Supporter

Joined: 04 Jun 2003 Posts: 109
|
Posted: Thu Jun 02, 2005 12:45 am Post subject: |
|
|
Rundll is something that I've never really played with so I don't know the extent to which you can pass parameters in and get parameters back out. Having said that, here's something that may set you in the right direction...
Windows allows you to logon as another user even in the middle of an interactive logon session. There are several ways to accomplish this but the easiest for you to use with rundll is an api function called LogonUser which is located in advapi32.dll. The method signature (in VB-speak) is as follows:
Code: | LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long |
The first three params are username, password and domain, which are straightforward enough. The final argument (phToken) is a reference type and is returning a handle to the user's token. In your case, you can just provide a variable reference and then ignore it since you won't need to use it. The return type is a number. If it's 0 then the call failed and you weren't able to logon as the user. If it's anything other than 0, then it succeeded. Here's a big problem, though... If it fails, you won't know why. It might be a bad username/password. It might be an expired account, you won't know since you can't call GetLastError(). The only things to really worry about are dwLogonType and dwLogonProvider. I don't really know exactly what you're doing so you'll need to research the options for those arguments and put in the number that corresponds to your choices. More detail on the LogonUser api function, and the valid choices for those parameters, can be found here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp
Again, I don't know anything about rundll and I don't know if this will work for you but hopefully this will help. Good luck!
________
MAINE MARIJUANA DISPENSARIES
Last edited by Stevie on Wed Feb 23, 2011 5:09 am; edited 1 time in total |
|
Back to top |
|
 |
krabourn KiXforms Aficionado

Joined: 05 Mar 2003 Posts: 273 Location: San Antonio. TX
|
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|