diff -u -b -B -r chntpw-070409.orig/Makefile chntpw-070409/Makefile --- chntpw-070409.orig/Makefile 2007-04-09 06:17:42.000000000 -0700 +++ chntpw-070409/Makefile 2007-07-15 22:00:45.000000000 -0700 @@ -12,7 +12,7 @@ OSSLINC=$(OSSLPATH)/include CC=gcc -CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall # This is to link with whatever we have, SSL crypto lib we put in static diff -u -b -B -r chntpw-070409.orig/chntpw.c chntpw-070409/chntpw.c --- chntpw-070409.orig/chntpw.c 2007-04-09 06:17:42.000000000 -0700 +++ chntpw-070409/chntpw.c 2007-07-15 22:03:41.000000000 -0700 @@ -51,6 +51,8 @@ #include #include #include +#include +#include #include #include @@ -136,7 +138,7 @@ * Function to convert the RID to the first decrypt key. */ -void sid_to_key1(unsigned long sid,unsigned char deskey[8]) +void sid_to_key1(uint32_t sid,unsigned char deskey[8]) { unsigned char s[7]; @@ -155,7 +157,7 @@ * Function to convert the RID to the second decrypt key. */ -void sid_to_key2(unsigned long sid,unsigned char deskey[8]) +void sid_to_key2(uint32_t sid,unsigned char deskey[8]) { unsigned char s[7]; @@ -1224,7 +1226,7 @@ } if (v->len < 0xcc) { - printf("Value <%s> is too short (only %ld bytes) to be a SAM user V-struct!\n", + printf("Value <%s> is too short (only %d bytes) to be a SAM user V-struct!\n", s, vkkey->len_data); } else { change_pw( (char *)&v->data , rid, v->len, 0); Only in chntpw-070409.orig: chntpw.static diff -u -b -B -r chntpw-070409.orig/cpnt.c chntpw-070409/cpnt.c --- chntpw-070409.orig/cpnt.c 2007-04-09 06:17:42.000000000 -0700 +++ chntpw-070409/cpnt.c 2007-07-15 22:03:41.000000000 -0700 @@ -30,6 +30,7 @@ #include #include #include +#include #define BUFSIZE 16384 Only in chntpw-070409: make.out diff -u -b -B -r chntpw-070409.orig/ntreg.c chntpw-070409/ntreg.c --- chntpw-070409.orig/ntreg.c 2007-04-09 06:17:42.000000000 -0700 +++ chntpw-070409/ntreg.c 2007-07-15 22:10:33.000000000 -0700 @@ -39,6 +39,7 @@ #include #include #include +#include #include "ntreg.h" @@ -381,13 +382,13 @@ #define D_OFFS(o) ( (void *)&(key->o)-(void *)hdesc->buffer-vofs ) key = (struct nk_key *)(hdesc->buffer + vofs); - printf("%04x type = 0x%02x %s\n", D_OFFS(type) , key->type, + printf("%04x type = 0x%02x %s\n", D_OFFS(type) ,key->type, (key->type == KEY_ROOT ? "ROOT_KEY" : "") ); printf("%04x timestamp skipped\n", D_OFFS(timestamp) ); printf("%04x parent key offset = 0x%0lx\n", D_OFFS(ofs_parent) ,key->ofs_parent); - printf("%04x number of subkeys = %ld\n", D_OFFS(no_subkeys),key->no_subkeys); + printf("%04x number of subkeys = %d\n", D_OFFS(no_subkeys),key->no_subkeys); printf("%04x lf-record offset = 0x%0lx\n",D_OFFS(ofs_lf),key->ofs_lf); - printf("%04x number of values = %ld\n", D_OFFS(no_values),key->no_values); + printf("%04x number of values = %d\n", D_OFFS(no_values),key->no_values); printf("%04x val-list offset = 0x%0lx\n",D_OFFS(ofs_vallist),key->ofs_vallist); printf("%04x sk-record offset = 0x%0lx\n",D_OFFS(ofs_sk),key->ofs_sk); printf("%04x classname offset = 0x%0lx\n",D_OFFS(ofs_classnam),key->ofs_classnam); @@ -415,7 +416,7 @@ key = (struct vk_key *)(hdesc->buffer + vofs); printf("%04x name length = %d (0x%0x)\n", D_OFFS(len_name), key->len_name, key->len_name ); - printf("%04x length of data = %ld (0x%0lx)\n", D_OFFS(len_data), + printf("%04x length of data = %d (0x%0lx)\n", D_OFFS(len_data), key->len_data, key->len_data ); printf("%04x data offset = 0x%0lx\n",D_OFFS(ofs_data),key->ofs_data); printf("%04x value type = 0x%0lx %s\n", D_OFFS(val_type), key->val_type, @@ -445,9 +446,9 @@ printf("%04x *unused?* = %d\n" , D_OFFS(dummy1), key->dummy1 ); printf("%04x Offset to prev sk = 0x%0lx\n", D_OFFS(ofs_prevsk), key->ofs_prevsk); printf("%04x Offset to next sk = 0x%0lx\n", D_OFFS(ofs_nextsk), key->ofs_nextsk); - printf("%04x Usage counter = %ld (0x%0lx)\n", D_OFFS(no_usage), + printf("%04x Usage counter = %d (0x%0lx)\n", D_OFFS(no_usage), key->no_usage,key->no_usage); - printf("%04x Security data len = %ld (0x%0lx)\n", D_OFFS(len_sk), + printf("%04x Security data len = %d (0x%0lx)\n", D_OFFS(len_sk), key->len_sk,key->len_sk); printf("== End of key info.\n"); @@ -1209,9 +1210,9 @@ { struct vk_key *vkkey; int i,vkofs; - long *vlistkey; + int32_t *vlistkey; - vlistkey = (long *)(hdesc->buffer + vlistofs); + vlistkey = (int32_t *)(hdesc->buffer + vlistofs); for (i = 0; i < numval; i++) { vkofs = vlistkey[i] + 0x1004; @@ -1242,7 +1243,7 @@ struct li_key *likey; struct ri_key *rikey; - long *vlistkey; + int32_t *vlistkey; int newnkofs, plen, i, lfofs, vlistofs, adjust, r, ricnt, subs; char *buf; char part[ABSPATHLEN+1]; @@ -1291,7 +1292,7 @@ if (!path[plen] && type == 1 && key->no_values) { /* printf("VK namematch for <%s>\n",part); */ vlistofs = key->ofs_vallist + 0x1004; - vlistkey = (long *)(buf + vlistofs); + vlistkey = (int32_t *)(buf + vlistofs); i = vlist_find(hdesc, vlistofs, key->no_values, part); if (i != -1) { return(vlistkey[i] + 0x1000); @@ -1390,7 +1391,7 @@ } - printf("Node has %ld subkeys and %ld values",key->no_subkeys,key->no_values); + printf("Node has %d subkeys and %d values",key->no_subkeys,key->no_values); if (key->len_classnam) printf(", and class-data of %d bytes",key->len_classnam); printf("\n"); @@ -1754,7 +1755,7 @@ void del_allvalues(struct hive *hdesc, int nkofs) { int vlistofs, o, vkofs; - long *vlistkey; + int32_t *vlistkey; struct nk_key *nk; nk = (struct nk_key *)(hdesc->buffer + nkofs); @@ -1769,7 +1770,7 @@ } vlistofs = nk->ofs_vallist + 0x1004; - vlistkey = (long *)(hdesc->buffer + vlistofs); + vlistkey = (int32_t *)(hdesc->buffer + vlistofs); /* Loop through index and delete all vk's */ for (o = 0; o < nk->no_values; o++) { @@ -1794,7 +1795,7 @@ int del_value(struct hive *hdesc, int nkofs, char *name) { int vlistofs, slot, o, n, vkofs, newlistofs; - long *vlistkey, *tmplist, *newlistkey; + int32_t *vlistkey, *tmplist, *newlistkey; struct nk_key *nk; char *blank=""; @@ -1814,7 +1815,7 @@ } vlistofs = nk->ofs_vallist + 0x1004; - vlistkey = (long *)(hdesc->buffer + vlistofs); + vlistkey = (int32_t *)(hdesc->buffer + vlistofs); slot = vlist_find(hdesc, vlistofs, nk->no_values, name); @@ -1828,21 +1829,21 @@ del_vk(hdesc, vkofs); /* Copy out old index list */ - CREATE(tmplist,long,nk->no_values); - memcpy(tmplist, vlistkey, nk->no_values * sizeof(long)); + CREATE(tmplist,int32_t,nk->no_values); + memcpy(tmplist, vlistkey, nk->no_values * sizeof(int32_t)); free_block(hdesc,vlistofs-4); /* Get rid of old list */ nk->no_values--; if (nk->no_values) { - newlistofs = alloc_block(hdesc, vlistofs, nk->no_values * sizeof(long)); + newlistofs = alloc_block(hdesc, vlistofs, nk->no_values * sizeof(int32_t)); if (!newlistofs) { printf("del_value: FATAL: Was not able to alloc new index list\n"); abort(); } /* Now copy over, omitting deleted entry */ - newlistkey = (long *)(hdesc->buffer + newlistofs + 4); + newlistkey = (int32_t *)(hdesc->buffer + newlistofs + 4); for (n = 0, o = 0; o < nk->no_values+1; o++, n++) { if (o == slot) o++; newlistkey[n] = tmplist[o]; @@ -1876,7 +1877,7 @@ struct lf_key *newlf = NULL, *oldlf; struct li_key *newli = NULL, *oldli; struct nk_key *key, *newnk, *onk; - long hash; + int32_t hash; key = (struct nk_key *)(hdesc->buffer + nkofs); @@ -2405,7 +2406,7 @@ } #if 0 - printf("Node has %ld subkeys and %ld values\n",key->no_subkeys,key->no_values); + printf("Node has %d subkeys and %d values\n",key->no_subkeys,key->no_values); #endif if (key->no_subkeys) { while ((ex_next_n(hdesc, nkofs, &count, &countri, &ex) > 0)) { @@ -2426,7 +2427,7 @@ /* Get and copy keys CLASS-data (if any) to buffer - * Returns a buffer with the data (first long is size). see ntreg.h + * Returns a buffer with the data (first int32_t is size). see ntreg.h * NOTE: caller must deallocate buffer! a simple free(keyval) will suffice. */ struct keyval *get_class(struct hive *hdesc, @@ -2574,7 +2575,7 @@ struct hive *hdesc; int fmode,r,vofs; struct stat sbuf; - unsigned long pofs; + uint32_t pofs; /* off_t l; */ char *c; struct hbin_page *p; diff -u -b -B -r chntpw-070409.orig/ntreg.h chntpw-070409/ntreg.h --- chntpw-070409.orig/ntreg.h 2007-04-09 06:17:42.000000000 -0700 +++ chntpw-070409/ntreg.h 2007-07-15 21:56:07.000000000 -0700 @@ -58,19 +58,19 @@ struct regf_header { - long id; /* 0x00000000 D-Word ID: ASCII-"regf" = 0x66676572 */ - long unknown1; /* 0x00000004 D-Word ???? */ - long unknown2; /* 0x00000008 D-Word ???? Always the same value as at 0x00000004 */ + int32_t id; /* 0x00000000 D-Word ID: ASCII-"regf" = 0x66676572 */ + int32_t unknown1; /* 0x00000004 D-Word ???? */ + int32_t unknown2; /* 0x00000008 D-Word ???? Always the same value as at 0x00000004 */ char timestamp[8]; /* 0x0000000C Q-Word last modify date in WinNT date-format */ - long unknown3; /* 0x00000014 D-Word 1 */ - long unknown4; /* 0x00000018 D-Word 3 - probably version #. 2 in NT3.51 */ - long unknown5; /* 0x0000001C D-Word 0 */ - long unknown6; /* 0x00000020 D-Word 1 */ - long ofs_rootkey; /* 0x00000024 D-Word Offset of 1st key record */ - long filesize; /* 0x00000028 D-Word Size of the data-blocks (Filesize-4kb) */ - long unknown7; /* 0x0000002C D-Word 1 */ + int32_t unknown3; /* 0x00000014 D-Word 1 */ + int32_t unknown4; /* 0x00000018 D-Word 3 - probably version #. 2 in NT3.51 */ + int32_t unknown5; /* 0x0000001C D-Word 0 */ + int32_t unknown6; /* 0x00000020 D-Word 1 */ + int32_t ofs_rootkey; /* 0x00000024 D-Word Offset of 1st key record */ + int32_t filesize; /* 0x00000028 D-Word Size of the data-blocks (Filesize-4kb) */ + int32_t unknown7; /* 0x0000002C D-Word 1 */ char name[0x1fc-0x2c]; /* Seems like the hive's name is buried here, max len unknown */ - long checksum; /* 0x000001FC D-Word Sum of all D-Words from 0x00000000 to 0x000001FB */ + int32_t checksum; /* 0x000001FC D-Word Sum of all D-Words from 0x00000000 to 0x000001FB */ }; /* The page header, I don't know if the 14 "dummy" bytes has a meaning, @@ -79,11 +79,11 @@ struct hbin_page { - long id; /* 0x0000 D-Word ID: ASCII-"hbin" = 0x6E696268 */ - long ofs_from1; /* 0x0004 D-Word Offset from the 1st hbin-Block */ - long ofs_next; /* 0x0008 D-Word Offset to the next hbin-Block (from THIS ONE) */ + int32_t id; /* 0x0000 D-Word ID: ASCII-"hbin" = 0x6E696268 */ + int32_t ofs_from1; /* 0x0004 D-Word Offset from the 1st hbin-Block */ + int32_t ofs_next; /* 0x0008 D-Word Offset to the next hbin-Block (from THIS ONE) */ char dummy1[14]; - long len_page; /* 0x001C D-Word Block-size??? Don't look like it, + int32_t len_page; /* 0x001C D-Word Block-size??? Don't look like it, I only use the next-offset in this program */ char data[1]; /* 0x0020 First data block starts here */ @@ -110,10 +110,10 @@ short id; /* 0x0000 Word ID: ASCII-"sk" = 0x6B73 */ short dummy1; /* 0x0002 Word Unused */ - long ofs_prevsk; /* 0x0004 D-Word Offset of previous "sk"-Record */ - long ofs_nextsk; /* 0x0008 D-Word Offset of next "sk"-Record */ - long no_usage; /* 0x000C D-Word usage-counter */ - long len_sk; /* 0x0010 D-Word Size of "sk"-record in bytes */ + int32_t ofs_prevsk; /* 0x0004 D-Word Offset of previous "sk"-Record */ + int32_t ofs_nextsk; /* 0x0008 D-Word Offset of next "sk"-Record */ + int32_t no_usage; /* 0x000C D-Word usage-counter */ + int32_t len_sk; /* 0x0010 D-Word Size of "sk"-record in bytes */ char data[4]; /* Security data up to len_sk bytes */ }; @@ -134,7 +134,7 @@ union { struct lf_hash { - long ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */ + int32_t ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */ char name[4]; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */ } hash[1]; @@ -142,8 +142,8 @@ /* padded with 0's. Case sensitiv! */ struct lh_hash { - long ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */ - long hash; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */ + int32_t ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */ + int32_t hash; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */ } lh_hash[1]; }; @@ -158,7 +158,7 @@ short no_keys; /* 0x0002 Word number of keys */ /* 0x0004 ???? Hash-Records */ struct li_hash { - long ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */ + int32_t ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */ } hash[1]; }; @@ -179,7 +179,7 @@ short no_lis; /* 0x0002 Word number of pointers to li */ /* 0x0004 ???? Hash-Records */ struct ri_hash { - long ofs_li; /* 0x0000 D-Word Offset of corresponding "li"-Record */ + int32_t ofs_li; /* 0x0000 D-Word Offset of corresponding "li"-Record */ } hash[1]; }; @@ -198,9 +198,9 @@ /* Offset Size Contents */ short id; /* 0x0000 Word ID: ASCII-"vk" = 0x6B76 */ short len_name; /* 0x0002 Word name length */ - long len_data; /* 0x0004 D-Word length of the data */ - long ofs_data; /* 0x0008 D-Word Offset of Data */ - long val_type; /* 0x000C D-Word Type of value */ + int32_t len_data; /* 0x0004 D-Word length of the data */ + int32_t ofs_data; /* 0x0008 D-Word Offset of Data */ + int32_t val_type; /* 0x000C D-Word Type of value */ short flag; /* 0x0010 Word Flag */ short dummy1; /* 0x0012 Word Unused (data-trash) */ char keyname[1]; /* 0x0014 ???? Name */ @@ -220,17 +220,17 @@ short id; /* 0x0000 Word ID: ASCII-"nk" = 0x6B6E */ short type; /* 0x0002 Word for the root-key: 0x2C, otherwise 0x20 */ char timestamp[12]; /* 0x0004 Q-Word write-date/time in windows nt notation */ - long ofs_parent; /* 0x0010 D-Word Offset of Owner/Parent key */ - long no_subkeys; /* 0x0014 D-Word number of sub-Keys */ + int32_t ofs_parent; /* 0x0010 D-Word Offset of Owner/Parent key */ + int32_t no_subkeys; /* 0x0014 D-Word number of sub-Keys */ char dummy1[4]; - long ofs_lf; /* 0x001C D-Word Offset of the sub-key lf-Records */ + int32_t ofs_lf; /* 0x001C D-Word Offset of the sub-key lf-Records */ char dummy2[4]; - long no_values; /* 0x0024 D-Word number of values */ - long ofs_vallist; /* 0x0028 D-Word Offset of the Value-List */ - long ofs_sk; /* 0x002C D-Word Offset of the sk-Record */ - long ofs_classnam; /* 0x0030 D-Word Offset of the Class-Name */ + int32_t no_values; /* 0x0024 D-Word number of values */ + int32_t ofs_vallist; /* 0x0028 D-Word Offset of the Value-List */ + int32_t ofs_sk; /* 0x002C D-Word Offset of the sk-Record */ + int32_t ofs_classnam; /* 0x0030 D-Word Offset of the Class-Name */ char dummy3[16]; - long dummy4; /* 0x0044 D-Word Unused (data-trash) */ + int32_t dummy4; /* 0x0044 D-Word Unused (data-trash) */ short len_name; /* 0x0048 Word name-length */ short len_classnam; /* 0x004A Word class-name length */ char keyname[1]; /* 0x004C ???? key-name */ diff -u -b -B -r chntpw-070409.orig/sam.h chntpw-070409/sam.h --- chntpw-070409.orig/sam.h 2007-04-09 06:17:42.000000000 -0700 +++ chntpw-070409/sam.h 2007-07-15 22:00:07.000000000 -0700 @@ -22,6 +22,9 @@ #ifndef _INCLUDE_SAM_H #define _INCLUDE_SAM_H 1 +#include +#include + /* This contains some policy settings for the account database */ #define ACCOUNTDB_F_PATH "\\SAM\\Domains\\Account\\F" @@ -30,7 +33,7 @@ struct accountdb_F { char unknown1[8]; /* 0 */ char unknown2[8]; /* 8 */ - unsigned long updatecnt; /* 10 Number of times policy data updated */ + uint32_t updatecnt; /* 10 Number of times policy data updated */ char unknown3[4]; /* 14 */ char t_maxpwage[8]; /* 18 Maximum password age, GUI shows only days */ char t_minpwage[8]; /* 20 Minimum password age, GUI shows only days */ @@ -38,8 +41,8 @@ char t_lockdur[8]; /* 30 Account lockout duration, GUI shows minutes */ char t_lockrel[8]; /* 38 Release account lockout after, GUI show minutes */ char unknown5[8]; /* 40 */ - unsigned long rid; /* 48 RID of user doing last edit? */ - unsigned long flags; /* 4c Some flags & options, see below */ + uint32_t rid; /* 48 RID of user doing last edit? */ + uint32_t flags; /* 4c Some flags & options, see below */ unsigned short minpwlen; /* 50 Minimum password lenght */ unsigned short numhist; /* 52 How many passwords to keep in history */ unsigned short locklimit; /*54 How many tries before lockout */ @@ -63,7 +66,7 @@ char t_creation[8]; /* Time of account creation */ char unknown3[8]; char t_login[8]; /* Time of last login */ - long rid; + int32_t rid; char unknown4[4]; unsigned short ACB_bits; /* Account type and status flags */ char unknown5[6];