I’m trying to hook local account creation and block it if needed (I’m building

Question

0

Asked: June 10, 20262026-06-10T05:24:55+00:00 2026-06-10T05:24:55+00:00

I’m trying to hook local account creation and block it if needed (I’m building

0

I’m trying to hook local account creation and block it if needed (I’m building a small security tool which will even block administrators from messing around with configurations).

I’ve figured out that I must inject to LSASS, But I’m not really sure what is the exact function I need to detour.
Currently I’m testing on XP SP3, But I’m looking for a solution that will work on every windows from XP to 8 .

I’ve tried to detour SAM’s functions SamrCreateUserInDomain but it hasn’t been called when I’ve created a local user using lusrmgr.msc.
I’ve also tried LsarCreateAccount. But it hasn’t been called as well.

I figured that I probably need to hook some Active Directory function but I’m not sure which one is it.

Any help?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T05:24:57+00:00

Editorial Team

2026-06-10T05:24:57+00:00Added an answer on June 10, 2026 at 5:24 am

I’ve solved my problem.
I hooked the wrong function.

I should have hooked SAM’s SamrCreateUser2InDomain, not SamrCreateUserInDomain.

Fixing that, and everything is working perfectly.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to hook local account creation and block it if needed (I’m building

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply