What is FakeGINA? 

FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. If you have more questions about it, take a look at the FakeGINA FAQ. 

How do I use this tool? 

Download the zip file and extract the DLL. Copy it to the system32 directory (on most systems c:\winnt\system32). Next start regedt32 and go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon". Look for a value called "GinaDLL". If this value exists and contains something else than "msgina" or "msgina.dll", please do not continue the installation process. If the value doesn't exist, create "GinaDLL" as a "REG_SZ" and set it to "fakegina.dll". If it does exist and is "msgina" or "msgina.dll", then change it to "fakegina.dll". The next time the system is rebooted, FakeGINA will start to capture passwords into the text file "passlist.txt", which will be located in the system32 directory. 
