Ask for the PIN of the card using the PIN Windows Dialog


Reverse engineering

When asking for the PIN, the BaseCSP component calls CredUIPromptForWindowsCredentials with KERB_CERTIFICATE_LOGON and CREDUIWIN_IN_CRED_ONLY

 DWORD WINAPI CredUIPromptForWindowsCredentials(
   __in_opt     PCREDUI_INFO pUiInfo,
   __in         DWORD dwAuthError,
   __inout      ULONG *pulAuthPackage,
   __in_opt     LPCVOID pvInAuthBuffer,
   __in         ULONG ulInAuthBufferSize,
   __out        LPVOID *ppvOutAuthBuffer,
   __out        ULONG *pulOutAuthBufferSize,
   __inout_opt  BOOL *pfSave,
   __in         DWORD dwFlags

Arguments : (by order)

  • a PCREDUI_INFO for the labels (conforms to the specifications)
  • 0
  • 0xffffeb34 (always the same)
  • see below for KERB_CERTIFICATE_LOGON and for the memory dump
  • (the size of the KERB_CERTIFICATE_LOGON)
  • output variable
  • output variable
  • NULL





The flag changes everytime a smart card is inserted. In this example, its value is 0x50001.

Here is the formula to compute this field : (1 | dwActivityCount <<16) where dwActivityCount = (dwState >>16) and dwState is from SCardStatus The first time the card is inserted, its value is 0x10001. The second time, its value is 0x30001, then 0x50001, …


If it is not set, when the PIN is validated, an error about the removal of the smart card is shown.

The PIN is checked directly within the PIN Dialog. Only a valid PIN can be returned.

Then it can be retrieved as an ANSI buffer into the Pin field (which is an UNICODE_STRING).

Memory dump


call stack :