How old is your computer?

  • Article

You can determine the last time your Administrator password was changed, which could have been the first time you started your computer (if you haven’t formatted your hard disk or changed the admin password)

This code calls NetUserGetInfo to get user information and uses the SYS(2600)function to read memory directly.

#define USER_PRIV_GUEST 0

#define USER_PRIV_USER 1

#define USER_PRIV_ADMIN 2

DECLARE integer NetUserGetInfo in netapi32 integer,string,integer, integer @

DECLARE integer NetApiBufferFree in netapi32 integer

ShowPrivLevel("administrator")

ShowPrivLevel("IUSR_"+GETENV("COMPUTERNAME")) && internet guest account (If you have IIS installed)

ShowPrivLevel("guest")

PROCEDURE ShowPrivLevel(cUser)

      cUserU=STRCONV(cUser+CHR(0),5) && NullTerm, convert to Unicode

      dw = 0

      n=NetUserGetInfo(0, cUserU, 2, @dw) && 0 = local machine

      IF n = 0

            ch=sys(2600,dw,4*24) && USER_INFO_2 is 24 4 byte words

            ?

            ?cUser

#if 0

From lmaccess.h

typedef struct _USER_INFO_2 {

    LPWSTR usri2_name;

    LPWSTR usri2_password;

    DWORD usri2_password_age;

    DWORD usri2_priv;

    LPWSTR usri2_home_dir;

    LPWSTR usri2_comment;

    DWORD usri2_flags;

    LPWSTR usri2_script_path;

    DWORD usri2_auth_flags;

    LPWSTR usri2_full_name;

    LPWSTR usri2_usr_comment;

   LPWSTR usri2_parms;

    LPWSTR usri2_workstations;

    DWORD usri2_last_logon;

    DWORD usri2_last_logoff;

    DWORD usri2_acct_expires;

    DWORD usri2_max_storage;

    DWORD usri2_units_per_week;

    PBYTE usri2_logon_hours;

    DWORD usri2_bad_pw_count;

    DWORD usri2_num_logons;

    LPWSTR usri2_logon_server;

    DWORD usri2_country_code;

    DWORD usri2_code_page;

}USER_INFO_2, *PUSER_INFO_2, *LPUSER_INFO_2;

   

#endif

            pwd=CTOBIN(SUBSTR(ch,2*4+1,4),"4rs")/60/60/24 && 4 byte word #2 , convert to years

            ?" Password Changed =",IIF(pwd=0,0,DATE()-pwd)

            ?" Privilege Level=",CTOBIN(SUBSTR(ch,3*4+1,4),"4rs") && 4 byte word #3

            ?" Home Dir: ",GetStr(CTOBIN(SUBSTR(ch,4*4+1,4),"4rs")) && 4 byte word #4

            ?" Comment: ",GetStr(CTOBIN(SUBSTR(ch,5*4+1,4),"4rs")) && 4 byte word #5

            ?" FullName: ",GetStr(CTOBIN(SUBSTR(ch,9*4+1,4),"4rs")) && 4 byte word #9

            ?" UsrComment: ",GetStr(CTOBIN(SUBSTR(ch,10*4+1,4),"4rs")) && 4 byte word #10

            llog=CTOBIN(SUBSTR(ch,13*4+1,4),"4rs")/60/60/24 && 4 byte word #13

            ?" LastLogon: ",IIF(llog=0,0,{^1970/1/1}+llog)

            ?" Num Logons=",CTOBIN(SUBSTR(ch,20*4+1,4),"4rs") && 4 byte word #20

           

            NetApiBufferFree(dw)

      ELSE

            ?cUser," User not found",n

      ENDIF

RETURN

PROCEDURE GetStr(nAddr as Integer) as String && given an address, get the nullterm UNICODE string

      LOCAL ch,cStr

      cStr=""

      DO WHILE .t.

            ch = SYS(2600,nAddr,2)

            IF ch = CHR(0)+CHR(0)

                  RETURN STRCONV(cStr,6) && convert from unicode

            ENDIF

            cStr=cStr+ch

            nAddr=nAddr+2

      ENDDO

RETURN