MaggieKong

windows has RDP service and control over RDP service required Admin User.the most obvious way to list all local users is net.exe,net1.exe and lusrmgr.msc. hooking NetUserEnum can hide users from...

hooking NetUserEnum would do the trick about(net.exe user or net1.exe user),but not for "net.exe localgroup administrators" or "net1.exe localgroup administrators" command.trying NetGroupGetUsers,NetLocalGroupGetMembers and NetQueryDisplayInformation,but no luck.

I will try

there is an issue by hook NdrClientCall3 CLIENT_CALL_RETURN RPC_VAR_ENTRY NdrClientCall3( MIDL_STUBLESS_PROXY_INFO *pProxyInfo, unsigned long nProcNum, void *pReturnValue, ... ); static CLIENT_CALL_RETURN RPC_VAR_ENTRY HookedNdrClientCall3(MIDL_STUBLESS_PROXY_INFO* pProxyInfo, unsigned long nProcNum, void* pReturnValue, ...)...

the NdrClientCall3 definetion is from rpcndr.h NdrpClientCall3 is not exported in any dll. still lwarning how to use IDA .

found an issue today.After install the rootkit, "net.exe localgroup" will always return the error "System error 234 has occurred.More data is available." It occurs in all Windows Server,but Windows 10...