Reverse engineering
When asking for the PIN, the BaseCSP component calls CredUIPromptForWindowsCredentials with KERB_CERTIFICATE_LOGON and CREDUIWIN_IN_CRED_ONLY
DWORD WINAPI CredUIPromptForWindowsCredentials( __in_opt PCREDUI_INFO pUiInfo, __in DWORD dwAuthError, __inout ULONG *pulAuthPackage, __in_opt LPCVOID pvInAuthBuffer, __in ULONG ulInAuthBufferSize, __out LPVOID *ppvOutAuthBuffer, __out ULONG *pulOutAuthBufferSize, __inout_opt BOOL *pfSave, __in DWORD dwFlags );
Arguments : (by order)
- a PCREDUI_INFO for the labels (conforms to the specifications)
- 0
- 0xffffeb34 (always the same)
- see below for KERB_CERTIFICATE_LOGON and for the memory dump
- (the size of the KERB_CERTIFICATE_LOGON)
- output variable
- output variable
- NULL
- 0x20 (CREDUIWIN_IN_CRED_ONLY)
The flag changes everytime a smart card is inserted. In this example, its value is 0x50001.
Here is the formula to compute this field : (1 | dwActivityCount <<16) where dwActivityCount = (dwState >>16) and dwState is from SCardStatus The first time the card is inserted, its value is 0x10001. The second time, its value is 0x30001, then 0x50001, …
Behaviour
If it is not set, when the PIN is validated, an error about the removal of the smart card is shown.
The PIN is checked directly within the PIN Dialog. Only a valid PIN can be returned.
Then it can be retrieved as an ANSI buffer into the Pin field (which is an UNICODE_STRING).
Memory dump
call stack :
