Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- static volatile UCHAR guz;
- void PrintRefCount(HKEY hKey)
- {
- ULONG Type, RefCount, cb = sizeof(DWORD);
- if (!RegQueryValueExW(hKey, L"RefCount", 0, &Type, (PBYTE)&RefCount, &cb) &&
- Type == REG_DWORD && cb == sizeof(DWORD))
- {
- DbgPrint("RefCount = %x\n", RefCount);
- }
- }
- void ProfileTest(HANDLE hToken)
- {
- PVOID stack = alloca(guz);
- ULONG cb = 0, rcb = 32, len;
- union {
- PVOID buf;
- PTOKEN_USER ptu;
- PWSTR szSubKey;
- PBYTE pb;
- };
- do
- {
- if (cb < rcb) cb = RtlPointerToOffset(buf = alloca(rcb - cb), stack);
- if (GetTokenInformation(hToken, ::TokenUser, buf, cb, &rcb))
- {
- PWSTR szSid;
- if (ConvertSidToStringSid(ptu->User.Sid, &szSid))
- {
- STATIC_WSTRING(ProfileList, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\");
- rcb = sizeof(ProfileList) + (len = (ULONG)wcslen(szSid) * sizeof(WCHAR));
- if (cb < rcb) cb = RtlPointerToOffset(buf = alloca(rcb - cb), stack);
- memcpy(pb, ProfileList, sizeof(ProfileList) - sizeof(WCHAR));
- memcpy(pb + sizeof(ProfileList) - sizeof(WCHAR), szSid, len);
- LocalFree(szSid);
- HKEY hKey;
- if (!RegOpenKeyExW(HKEY_LOCAL_MACHINE, szSubKey, 0, KEY_READ|KEY_WOW64_64KEY, &hKey))
- {
- PrintRefCount(hKey);
- PROFILEINFO pi = { sizeof(pi), 0, L"*" };
- if (LoadUserProfileW(hToken, &pi))
- {
- PrintRefCount(hKey);
- UnloadUserProfile(hToken, pi.hProfile);
- }
- PrintRefCount(hKey);
- RegCloseKey(hKey);
- }
- }
- break;
- }
- } while (GetLastError() == ERROR_INSUFFICIENT_BUFFER);
- }
- void ProfileTest()
- {
- HANDLE hToken;
- if (OpenProcessToken(NtCurrentProcess(), TOKEN_QUERY|TOKEN_IMPERSONATE|TOKEN_DUPLICATE, &hToken))
- {
- ProfileTest(hToken);
- CloseHandle(hToken);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
