 |
KiXforms
The Forum for the KiXforms Community
|
|
| View previous topic :: View next topic |
| Author |
Message |
benny69
KiXforms Advocate
Joined: 30 Oct 2003
Posts: 567
Location: Lincoln, Ne
|
 Posted: Wed Jun 01, 2005 7:43 pm Post subject: Accessing functions in a .dll? |
 |
|
Dose anybody know how one might access a function inside a .dll?
I know this is not really a KiXforms question, but I was hoping to draw upon Shawn’s or someone’s knowledge. Where am I going with this you ask? Well ultimately I would like to be able to come up with a script that would allow us to pass a login name and password through windows for authentication, to be used local and or domain (AD). The reason I ask about functions in .dll's is because I think that msgina.dll is one of the files used to authenticate Users. Maybe I could be so lucky that one of you have already worked this out and have a script I could use.
_________________
Wait don't order yet,... get KiXforms Designer .NET 2.0 (Beta)
KiXforms Designer .NET 2.0 (Beta) |
|
| Back to top |
|
 |
Shawn
KiXforms Developer
Joined: 22 Feb 2003
Posts: 1983
Location: Canada
|
| Posted: Wed Jun 01, 2005 9:58 pm Post subject: |
|
|
First off, I no security expert, but I will put my two cents in ...
tbh, I dont think Windows will allow you to do this. It breaks "the rules" of proper security (unless msgina doesn't follow the rules).
One security "principle" is that plain-text passwords should never be exposed in "user memory" (programs/dlls/script running in user memory) ... if it did allow this, than dlls loaded into the same space could "steal" the password.
I think Windows will authenticate "for you", but I dont think you can pass a username and (more importantly) a password to Windows for authentication.
These comments are based on my loose understanding of how things work. Would love to be proved wrong.
-Shawn |
|
| Back to top |
|
|
Shawn
KiXforms Developer
Joined: 22 Feb 2003
Posts: 1983
Location: Canada
|
| Posted: Wed Jun 01, 2005 10:13 pm Post subject: |
|
|
| Ona more constructive note, I've seen RUNDLL used to call functions in DLL's with much success. Also have seen some COM objects that have attempted to "map" functions in DLLs, and "map" the parameters as well. If interested can try to look them up (this was quite some time ago). |
|
| Back to top |
|
|
benny69
KiXforms Advocate
Joined: 30 Oct 2003
Posts: 567
Location: Lincoln, Ne
|
| Posted: Wed Jun 01, 2005 11:16 pm Post subject: |
|
|
Any direction Rundll, functions, what ever you can give me would be great, thanks. You mentioned letting windows do it for me how would someone utilize that? I have seen software that at least at outward appearance authenticates somehow with windows, maybe its all done with windows, but the form you put the user name and password in is not windows, maybe that is just a cosmetic thing.
_________________
Wait don't order yet,... get KiXforms Designer .NET 2.0 (Beta)
KiXforms Designer .NET 2.0 (Beta) |
|
| Back to top |
|
|
Stevie
KiXforms Supporter
Joined: 04 Jun 2003
Posts: 109
|
| Posted: Thu Jun 02, 2005 12:45 am Post subject: |
|
|
Rundll is something that I've never really played with so I don't know the extent to which you can pass parameters in and get parameters back out. Having said that, here's something that may set you in the right direction...
Windows allows you to logon as another user even in the middle of an interactive logon session. There are several ways to accomplish this but the easiest for you to use with rundll is an api function called LogonUser which is located in advapi32.dll. The method signature (in VB-speak) is as follows:
| Code: | | LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long |
The first three params are username, password and domain, which are straightforward enough. The final argument (phToken) is a reference type and is returning a handle to the user's token. In your case, you can just provide a variable reference and then ignore it since you won't need to use it. The return type is a number. If it's 0 then the call failed and you weren't able to logon as the user. If it's anything other than 0, then it succeeded. Here's a big problem, though... If it fails, you won't know why. It might be a bad username/password. It might be an expired account, you won't know since you can't call GetLastError(). The only things to really worry about are dwLogonType and dwLogonProvider. I don't really know exactly what you're doing so you'll need to research the options for those arguments and put in the number that corresponds to your choices. More detail on the LogonUser api function, and the valid choices for those parameters, can be found here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp
Again, I don't know anything about rundll and I don't know if this will work for you but hopefully this will help. Good luck!
________
MAINE MARIJUANA DISPENSARIES
Last edited by Stevie on Wed Feb 23, 2011 5:09 am; edited 1 time in total |
|
| Back to top |
|
|
krabourn
KiXforms Aficionado
Joined: 05 Mar 2003
Posts: 273
Location: San Antonio. TX
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
