0

I was tried for writing a application that use a function that nobody uses(CredUICmdLinePromptForCredentials). But the result is wrong, the user and pass variable is output as hex values.

This is my code:

#include <windows.h>
#include <wincred.h>
#include <iostream>
#pragma comment(lib,"Credui.lib")
int main()
{
    DWORD dwErr;
    WCHAR szUserName[CREDUI_MAX_USERNAME_LENGTH] = {NULL};
    WCHAR szPassword[CREDUI_MAX_PASSWORD_LENGTH] = {NULL};
    BOOL fSave;
    DWORD dwAuthError=1223;

    dwErr = CredUICmdLinePromptForCredentials(
        L".",
        NULL,
        dwAuthError,
        (PWSTR)&szUserName,
        CREDUI_MAX_USERNAME_LENGTH + 1,
        (PWSTR)&szPassword,
        CREDUI_MAX_PASSWORD_LENGTH + 1,
        &fSave,
        CREDUI_FLAGS_DO_NOT_PERSIST|CREDUI_FLAGS_EXCLUDE_CERTIFICATES
    );

    if (dwErr == ERROR_SUCCESS)
    {
        std::cout << "User Name: " << szUserName << std::endl;
        std::cout << "Password : " << szPassword << std::endl;
    }
    else if (dwErr == ERROR_CANCELLED)
    {
        std::cout << "User cancelled the operation." << std::endl;
    }
    else
    {
        std::cout << "Error occurred: " << dwErr << std::endl;
    }

    return 0;
}

This is the result:

User Name: 000000C5402FED80

Password : 000000C5402FF1B0

If I change the trigger code of ERROR_SUCCESS to:

        std::cout << "User Name: " << char(szUserName[0]) << std::endl;
        std::cout << "Password : " << char(szPassword[0]) << std::endl;

all working successfully, with the chars display correctly.

winapiadmin
  • 13
  • 1
  • 7
  • 1
    CredUICmdLinePromptForCredentials is not documented for using GetLastError so don't rely on that at all. Only the return value must be checked. – Simon Mourier Jul 21 '23 at 06:31
  • *user and pass variables return hex-values, not string* - this is false. – RbMm Jul 21 '23 at 07:17
  • and what you want ? `CredUICmdLinePromptForCredentials` work ok. ask better how use debugger or how dump string data – RbMm Jul 22 '23 at 15:05
  • of course you pass wrong buffer size to `CredUICmdLinePromptForCredentials` which can lead to data overflow/corrupt in stack, but this not affect your result in concrete case – RbMm Jul 22 '23 at 15:07

0 Answers0