January 2, 2009

Ex MAPI LPPROVIDERADMIN OpenProfileSection

LPPROVIDERADMIN OpenProfileSection fails to retrieve profiles from the Windows mail subsystem, if we are executing as a client executable.

This function works well if we are a service.

But... in our client executable prior to executing the OpenProfileSection, we can impersonate our self as a service executable by performing the following:

//Makes MAPI think we are a service and not a client.
//MAPI grants us Service Access. This makes it all possible... :)
*(((BYTE*)lpProviderAdmin) + 0x60) = 0x2; //LPPROVIDERADMIN lpProviderAdmin

Try this it works.
No comments:
Subscribe to: Posts (Atom)