In Python, the pywin32 library provides a module named win32crypt which has a method called CryptUnpotectData to decrypt Windows encrypted data by using the Windows API.
This is how I have applied it in Python:
import win32crypt
# ...
password = win32crypt.CryptUnprotectData(EncrytedPassword, None, None, None, 0)
I have found a binding for the winapi but I can't find the CryptUnprotectData function, the closest I found to an equivalent is the CryptDecrypt function.
Here is my implementation of it in Rust:
extern crate winapi;
let decrypted_password = winapi::um::wincrypt::CryptDecrypt(/* ???? */);
I am not sure how to make use of this function and if it will decrypt my encrypted password string and return it. I would love if more experienced Rust users could shed some light on this for me using an example or explanation.
If you go to the documentation for winapi (linked from the crate page as well as the README), you will find a large search box:
If you type "CryptUnprotectData" into that search box, you will receive 3 results:
Clicking on the first result will lead you to the specific function, CryptUnprotectData. As described in Cannot call CryptDecrypt from the WinApi crate because it could not find the module, you need to use the appropriate feature flag to enable the function (dpapi).
As the README states:
Why is there no documentation on how to use anything?
This crate is nothing more than raw bindings to Windows API. If you
wish to know how to use the various functionality in Windows API, you
can look up the various items on MSDN which is full of detailed
documentation.
Usage of this function is described on MSDN.
Related
Are the Windows NLS API Locale Information Constants available anywhere in the winapi-rs crate or elsewhere in the Rust ecosystem?
I need to call GetLocaleInformationEx from Rust and have found it available in the um::winnls module of the winapi-rs crate (here).
The LCType input is a Locale Information Constant -- and I have not been able to find these defined anywhere in the crate.
As a workaround, I have looked up the numerical values and hard-coded them, but I have a nagging feeling that I am missing something.
There are a few constants defined in ntdef.rs. If you wanted to use what is not available there, you would need to look up the values via Locale Information Constants and either pass the raw values or preferably define them yourself.
use self::winapi::shared::ntdef::{LOCALE_SYSTEM_DEFAULT, LOCALE_USER_DEFAULT};
Also, be sure to configure to use winnls in Cargo.toml, or you'll get an unresolved import error when trying to use GetLocaleInformationEx.
[dependencies]
winapi = {version = "0.3", features = ["winuser", "std", "libloaderapi", "errhandlingapi", "winnls"] }
I had browsed internet, but hadn't found an answer.
Previously we used static linking using def file.
Currently this approach is not suitable, because there are cases when dll is not accessible.
So now we need to load dynamically function with unlimited function arguments.
Is there a common approach? Just push in right direction or some topic related for that is OK.
GetProcAddress does not care about the number of arguments the function has. If you use C++ and your problem is name mangling, you can either mark the functions with extern "C" or pass the mangled name to GetProcAddress.
Can anyone point me to documentation for CodeAuthzpComputeImageHash() in advapi32.dll?
I can't seem to find documentation anywhere.
The reason you can't find documentation for this function is that this function is undocumented.
Not all winapi functions are documented, unfortunately.
There is a mention of the function at http://technet.microsoft.com/en-us/library/cc786941(v=WS.10).aspx, though:
ItemData (REG_BINARY). The actual hash to the file. This value should always be 16 bytes and is generated with a call to CodeAuthzpComputeImageHash().
Also, you can use a trampoline to hook the function, and if you know how to cause it to be executed, you can then try to see its arguments and return type.
Also, try searching at WINE if they have implemented it. Ask in their mailing list. Since they try to implement winapi, they need to implement the undocumented parts, too, there's a good chance they have some understanding about the function.
I've been looking recently into creating a new native language. I understand the (very) basics of the PE format and I've grabbed an assembler with a fairly kind interface off the webs, which I've successfully used to implement some simple functions. But I've run into a problem using functions from a library. The only way that I've called library functions from a dynamically compiled function previously is to pass in the function pointer manually- something I can't do if I create PE files and execute them in their own process. Now, I'm not planning on using the CRT, but I will need access to the Win API to implement my own standard libraries. How do I generate a reference to a WinAPI function so that the PE loader will patch it up?
You need to write an import table. It's basically a list of function names that you wish to use in your application. It's pointed to by the PE header. The loader loads the DLL files into the process memory space for you, finds the requested function in their export table and leaves the address for it in the import table. You then usually dereference that and jmp there.
Check out Izelion's assembly tutorial for the full details and for asm examples.
How about starting by emitting C instead of assembly? Then writing directly to ASM is just an optimization.
I'm not being facetious: most compilers turn out some kind of intermediate code before the final native code pass.
I realize you're trying to get away from all the null-delmited rigmarole, but you'll need that for the WinAPI functions anyway.
Re-reading your question: you do realize that you can get the WinAPI function addresses by calling LoadLibrary(), then calling GetProcAddress(), and then setting up the call...right?
If you want to see how to bootstrap this from pure assembly: the old SDKs had ASM sample code, probably the new ones still do. If they don't, the DDK will.
I want to create a replacement for the app switcher (aka 'cmd + tab').
I know that it's possible because Lite Switch X does it.
What I've got achieved so far:
By force quitting the dock and calling CPSRegisterForKey() (which is a private API function) I can prevent the default cmd+tab from working.
The second step is two register the hot key for my app. The standard way of doing this, RegisterEventHotKey(), doesn't work. A bit of googling and GDBing suggests that the Dock and Lite Switch X use CGSSetHotKeyEnabled() and CGSSetHotKey() (both of these are private API functions). The problem I have is that I do not know what arguments these functions take.
How can I determine the arguments for a private API function?
Update:
I've got a little further with CGSSetHotKey():
OSErr setupResult = CGSSetHotKey(_CGSDefaultConnection(), unknownArg, unknownArg, unknownArg, kCGEventFlagMaskCommand, ???, ???, ...);
Have you tried using class-dump? It's usually pretty helpful.