You can determine the last time your Administrator password was changed, which could have been the first time you started your computer (if you haven’t formatted your hard disk or changed the admin password)

This code calls NetUserGetInfo to get user information and uses the SYS(2600)function to read memory directly.

 

 

 

#define USER_PRIV_GUEST     0

#define USER_PRIV_USER      1

#define USER_PRIV_ADMIN     2

 

DECLARE integer NetUserGetInfo in netapi32 integer,string,integer, integer @

DECLARE integer NetApiBufferFree in netapi32 integer

 

 

ShowPrivLevel("administrator")

ShowPrivLevel("IUSR_"+GETENV("COMPUTERNAME"))   && internet guest account (If you have IIS installed)

ShowPrivLevel("guest")

 

PROCEDURE ShowPrivLevel(cUser)

      cUserU=STRCONV(cUser+CHR(0),5)      && NullTerm, convert to Unicode

      dw = 0

      n=NetUserGetInfo(0, cUserU, 2, @dw) && 0 = local machine

      IF n = 0

            ch=sys(2600,dw,4*24)    && USER_INFO_2 is 24 4 byte words

            ?

            ?cUser

#if 0

From lmaccess.h

typedef struct _USER_INFO_2 {

    LPWSTR   usri2_name;

    LPWSTR   usri2_password;

    DWORD    usri2_password_age;

    DWORD    usri2_priv;

    LPWSTR   usri2_home_dir;

    LPWSTR   usri2_comment;

    DWORD    usri2_flags;

    LPWSTR   usri2_script_path;

    DWORD    usri2_auth_flags;

    LPWSTR   usri2_full_name;

    LPWSTR   usri2_usr_comment;

    LPWSTR   usri2_parms;

    LPWSTR   usri2_workstations;

    DWORD    usri2_last_logon;

    DWORD    usri2_last_logoff;

    DWORD    usri2_acct_expires;

    DWORD    usri2_max_storage;

    DWORD    usri2_units_per_week;

    PBYTE    usri2_logon_hours;

    DWORD    usri2_bad_pw_count;

    DWORD    usri2_num_logons;

    LPWSTR   usri2_logon_server;

    DWORD    usri2_country_code;

    DWORD    usri2_code_page;

}USER_INFO_2, *PUSER_INFO_2, *LPUSER_INFO_2;

   

#endif           

            pwd=CTOBIN(SUBSTR(ch,2*4+1,4),"4rs")/60/60/24   &&  4 byte word #2 , convert to years

            ?"    Password Changed =",IIF(pwd=0,0,DATE()-pwd)

            ?"    Privilege Level=",CTOBIN(SUBSTR(ch,3*4+1,4),"4rs")    && 4 byte word #3

            ?"    Home Dir: ",GetStr(CTOBIN(SUBSTR(ch,4*4+1,4),"4rs"))  && 4 byte word #4

            ?"    Comment: ",GetStr(CTOBIN(SUBSTR(ch,5*4+1,4),"4rs"))   && 4 byte word #5

            ?"    FullName: ",GetStr(CTOBIN(SUBSTR(ch,9*4+1,4),"4rs"))  && 4 byte word #9

            ?"    UsrComment: ",GetStr(CTOBIN(SUBSTR(ch,10*4+1,4),"4rs"))     && 4 byte word #10

            llog=CTOBIN(SUBSTR(ch,13*4+1,4),"4rs")/60/60/24 && 4 byte word #13

            ?"    LastLogon: ",IIF(llog=0,0,{^1970/1/1}+llog)

            ?"    Num Logons=",CTOBIN(SUBSTR(ch,20*4+1,4),"4rs")  && 4 byte word #20

           

            NetApiBufferFree(dw)

      ELSE

            ?cUser," User not found",n

      ENDIF

 

RETURN

PROCEDURE GetStr(nAddr as Integer) as String    && given an address, get the nullterm UNICODE string

      LOCAL ch,cStr

      cStr=""

      DO WHILE .t.

            ch = SYS(2600,nAddr,2)

            IF ch = CHR(0)+CHR(0)

                  RETURN STRCONV(cStr,6)  && convert from unicode

            ENDIF

            cStr=cStr+ch

            nAddr=nAddr+2

      ENDDO

RETURN