Hans Leidekker wrote:
+NTSTATUS WINAPI SystemFunction006( LPCSTR password, LPSTR hash ) +{ + unsigned char buffer[16]; + + hash = CRYPT_LMhash( buffer, password, strlen(password) ); + + return STATUS_SUCCESS; +}
I don't think this will work properly. The returned pointer from CRYPT_LMHash() will never be passed out to the caller of the function. There should be probably a function call before the return of the function along the lines of
memcpy(hash, buffer, 16);
The question here would also be why use an intermediate buffer at all in the first place?
Also the use of strcmp() for comparing a hash in the according test seems a little misplaced to me. Or is a DES hash guaranteed to never contain 0x00 bytes? It doesn't occur in the test case so it is not a big problem in this case but principially it seems not right to me.
Rolf Kalbermatter