大家一提到Windows2000/XP系統的安全性,很快就會想到NULL Session(空會話)。這可以算是微軟安置的一個後門,很多簡單而容易的攻擊都是基於空會話而實現的。在此,我們不討論如何攻陷一台Windows2000/XP系統,而是要談談在建立空會話之後,我們可以得到遠程主機的哪些NetBIOS信息。(由於本文是針對Windows2000/XP系統,所以使用了UNICODE編碼)。
一、NetBIOS信息
在我們和遠程Windows2000/XP主機建立了空會話之後,我們就有權枚舉系統裡的各項NetBIOS信息了。當然在某些選項中需要較高的權利,不過我們只執行那些匿名用戶可以獲得的絕大多數系統信息。
時間:探測遠程主機的當前日期和時間信息。它會返回一個數據結構,包括年,月,日,星期,時,分,秒等等。不過得到的是GMT標准時間,當然對於我們來說就應該換算為GMT+8:00了。由此可以判斷出主機所在的時區信息。
操作系統指紋:探測遠程主機的操作系統指紋信息。一共有三種級別的探測(100,101,102),我們使用的是101級,它會返回一個數據結構,可以獲取遠程主機的平台標識,服務器名稱,操作系統的主次版本(Windows2000為5.0,WindowsXP為5.1,而最新操作系統Longhorn的版本為6.0),服務器類型(每台主機可能同時包含多種類型信息)和注釋。
共享列表:探測遠程主機的共享列表。我們可以獲得一個數據結構指針,枚舉遠程主機的所有共享信息(隱藏的共享列表在內)。其中包括共享名稱,類型與備注。類型可分為:磁盤驅動器,打印隊列,通訊設備,進程間通訊與特殊設備。
用戶列表: 探測遠程主機的用戶列表,返回一個數據結構指針,枚舉所有用戶信息。可獲取用戶名,全名,用戶標識符,說明與標識信息。標識信息可以探測用戶的訪問權限。
本地組列表: 探測遠程主機的本地組列表信息。枚舉所有本地組信息,包含本地組名稱和注釋信息。
組列表: 探測遠程主機的組列表信息。枚舉所有的組信息,包括組名稱,注釋,組標識符與屬性。在此基礎上,我們可以枚舉組內的所有用戶信息。
組用戶列表: 探測特定組內的用戶信息。我們可以獲得組內所有用戶的名稱。當我門獲得了所有的用戶列表,下一步就應該很清楚了,那就是掛一個字典進行破解了。
傳輸協議列表: 探測遠程主機的傳輸協議信息,枚舉所有的傳輸列表。可以獲得每個傳輸協議的名稱,地址,網絡地址和當前與本傳輸協議連接的用戶數目。
會話列表: 探測遠程主機的當前會話列表。枚舉每個會話的相關信息,包括客戶端主機的名稱,當前用戶的名稱,活動時間和空閒時間。這可以幫助我們了解遠程主機用戶的喜好等等。
二、主要函數與相關數據結構分析
1. 建立空會話
WNetAddConnection2(&nr,username,password,0);
//nr為NETRESOURCE數據結構的對象;
//username為建立空會話的用戶名,在此將用戶名設置為NULL;
//password為登陸密碼,在此將密碼設置為NULL;
2. 撤消空會話
WNetCancelConnection2(ipc,0,TRUE);
//ipc為TCHAR的指針,我們可以這樣獲得:
//swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]),argv[1]為主機名或地址;
3. 探測主機時間
nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
//參數server為主機的名稱或地址;
//pBuf為TIME_OF_DAY_INFO數據結構的指針;
//nStatus為NET_API_STATUS成員;
4. 探測操作系統指紋
NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
//dwLevel為等級數,我們選擇的是101級;
//pBuf是SERVER_INFO_101數據結構的指針;
5. 探測共享列表
NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//dwLevel的等級數為1級;
//pBuf是SHARE_INFO_1數據結構的指針;
//MAX_PREFERRED_LENGTH指定返回數據的長度;
//er指明返回的實際可以枚舉的成員數目;
//tr返回所有的成員數目;
//resume用於繼續進行共享搜索;
6. 探測用戶列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);
//dwLevel的等級數為1級;
//i為枚舉的索引;
//dwRec返回獲取的信息數目;
//pBuf為NET_DISPLAY_USER數據結構的指針;
7. 探測本地組列表
NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,-1,&er,&tr,&resume);
//dwLevel的等級是1;
//pBuf返回LOCALGROUP_INFO_1數據結構的指針;
8. 探測組列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);
//dwLevel的等級為3;
//pGBuf返回NET_DISPLAY_GROUP的數據結構指針;
9. 探測組內的用戶
NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//pGBuffer->grpi3_name為組的名稱;
//pUBuf返回GROUP_USERS_INFO_0數據結構的指針;
10.探測傳輸協議列表
NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//dwLevel的等級為0級;
//pBuf返回SERVER_TRANSPORT_INFO_0數據結構的指針;
11.探測會話列表
NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//pszClient指定客戶的地址;
//pszUser指定用戶名;
//dwLevel的等級是10級;
//pBuf返回SESSION_INFO_10數據結構的指針;
12.釋放內存
NetApiBufferFree(pBuf);
//釋放由系統分配的內存空間。
三、 如何防止NetBIOS信息的洩露
我們可以安裝防火牆來禁止空會話的建立,或者我們可以在網絡連接屬性裡禁用TCP/IP上的NetBIOS,當然也可以在IP安全策略裡禁用445/tcp端口來實現。只要空會話不能成功建立,那就很難獲得上面提到的各項信息了。
四、 源代碼
#define UNICODe
#define _UNICODe
#include <windows.h>
#include <winnetwk.h>
#include <tchar.h>
#include "include\lmaccess.h"
#include "include\lmserver.h"
#include "include\lmshare.h"
#include <lm.h>
#pragma comment (lib,"mpr")
#pragma comment (lib,"netapi32")
void start();
void usage();
int datetime(PTSTR server);
int fingerprint(PTSTR server);
int netbios(PTSTR server);
int users(PTSTR server);
int localgroup(PTSTR server);
int globalgroup(PTSTR server);
int transport(PTSTR server);
int session(PTSTR server);
int wmain(int argc,TCHAR *argv[])
{
NETRESOURCE nr;
DWORD ret;
TCHAR username[100]=_T("");
TCHAR password[100]=_T("");
TCHAR ipc[100]=_T("");
system("cls.exe");
start();
if(argc!=2)
{
usage();
return -1;
}
swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]);
nr.lpLocalName=NULL;
nr.lpProvider=NULL;
nr.dwType=RESOURCETYPE_ANY;
nr.lpRemoteName=ipc;
ret=WNetAddConnection2(&nr,username,password,0);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("\nIPC$ Connect Failed.\n"));
return -1;
}
datetime(argv[1]);
fingerprint(argv[1]);
netbios(argv[1]);
users(argv[1]);
localgroup(argv[1]);
globalgroup(argv[1]);
transport(argv[1]);
session(argv[1]);
ret=WNetCancelConnection2(ipc,0,TRUE);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("IPC$ Disconnect Failed.\n"));
return -1;
}
return 0;
}
void start()
{
_tprintf(_T("=====[ T-SMB Scan, by TOo2y ]=====\n"));
_tprintf(_T("=====[ E-mail: [email protected] ]=====\n"));
_tprintf(_T("=====[ HomePage: www.safechina.net ]=====\n"));
_tprintf(_T("=====[ Date: 12-12-2002 ]=====\n"));
}
void usage()
{
_tprintf(_T("\nUsage:\t T-SMB Remoteip"));
_tprintf(_T("\nRequest: Remote host must be opening port 445/tcp of Microsoft-DS.\n"));
}
int datetime(PTSTR server)
{
PTIME_OF_DAY_INFO pBuf=NULL;
NET_API_STATUS nStatus;
DWORD lerror;
_tprintf(_T("\n*** Date and Time ***\n"));
nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
if(nStatus==NERR_Success)
{
if(pBuf!=NULL)
{
_tprintf(_T("\nCurrent date:\t%.2d-%.2d-%d"),pBuf->tod_month,pBuf->tod_day,pBuf->tod_year);
_tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT)"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds);
pBuf->tod_hours=(pBuf->tod_hours+8)%24;
_tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT+08:00)\n"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds);
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nDateTime:\tOverlapped I/O operation is in progress. \n"));
}
else
{
_tprintf(_T("\nDatetime Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
return 0;
}
int fingerprint(PTSTR server)
{
DWORD dwlength;
DWORD dwLevel;
NET_API_STATUS nStatus;
PSERVER_INFO_101 pBuf;
DWORD lerror;
dwLevel=101;
pBuf=NULL;
dwlength=_tcslen(server);
_tprintf(_T("\n**** Fingerprint ****\n"));
nStatus=NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
if(nStatus==NERR_Success)
{
_tprintf(_T("\nComputername:\t%s"),pBuf->sv101_name);
_tprintf(_T("\nComment:\t%s"),pBuf->sv101_comment);
_tprintf(_T("\nPlatform:\t%d"),pBuf->sv101_platform_id);
_tprintf(_T("\nVersion:\t%d.%d"),pBuf->sv101_version_major,pBuf->sv101_version_minor);
_tprintf(_T("\nType:"));
if(pBuf->sv101_type & SV_TYPE_NOVELL)
{
_tprintf(_T("\t\tNovell server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_XENIX_SERVER)
{
_tprintf(_T("\t\tXenix server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_ENUM)
{
_tprintf(_T("\t\tPrimary domain .\n"));
}
if(pBuf->sv101_type & SV_TYPE_TERMINALSERVER)
{
_tprintf(_T("\t\tTerminal Server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_WINDOWS)
{
_tprintf(_T("\t\tWindows 95 or later.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SERVER)
{
_tprintf(_T("\t\tA LAN Manager server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_WORKSTATION)
{
_tprintf(_T("\t\tA LAN Manager workstation.\n"));
}
if(pBuf->sv101_type & SV_TYPE_PRINTQ_SERVER)
{
_tprintf(_T("\t\tServer sharing print queue.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL)
{
_tprintf(_T("\t\tPrimary domain controller.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL)
{
_tprintf(_T("\t\tBackup domain controller.\n"));
}
if(pBuf->sv101_type & SV_TYPE_AFP)
{
_tprintf(_T("\t\tApple File Protocol server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_MEMBER)
{
_tprintf(_T("\t\tLAN Manager 2.x domain member.\n"));
}
if(pBuf->sv101_type & SV_TYPE_LOCAL_LIST_ONLY)
{
_tprintf(_T("\t\tServers maintained by the browser.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DIALIN_SERVER)
{
_tprintf(_T("\t\tServer running dial-in service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_TIME_SOURCE)
{
_tprintf(_T("\t\tServer running the Timesource service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SERVER_MFPN)
{
_tprintf(_T("\t\tMicrosoft File and Print for NetWare.\n"));
}
if(pBuf->sv101_type & SV_TYPE_NT)
{
_tprintf(_T("\t\tWindows NT/2000/XP workstation or server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_WFW)
{
_tprintf(_T("\t\tServer running Windows for Workgroups.\n"));
}
if(pBuf->sv101_type & SV_TYPE_POTENTIAL_BROWSER)
{
_tprintf(_T("\t\tServer that can run the browser service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_BACKUP_BROWSER)
{
_tprintf(_T("\t\tServer running a browser service as backup.\n"));
}
if(pBuf->sv101_type & SV_TYPE_MASTER_BROWSER)
{
_tprintf(_T("\t\tServer running the master browser service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_MASTER)
{
_tprintf(_T("\t\tServer running the domain master browser.\n"));
}
if(pBuf->sv101_type & SV_TYPE_CLUSTER_NT)
{
_tprintf(_T("\t\tServer clusters available in the domain.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SQLSERVER)
{
_tprintf(_T("\t\tAny server running with Microsoft SQL Server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SERVER_NT)
{
_tprintf(_T("\t\tWindows NT/2000 server that is not a domain controller.\n"));
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nFingerprint:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nFingerprint Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
return 0;
}
int netbios(PTSTR server)
{
DWORD er,tr,resume;
DWORD i,dwLength,dwLevel;
PSHARE_INFO_1 pBuf,pBuffer;
NET_API_STATUS nStatus;
DWORD lerror;
er=0;
tr=0;
resume=1;
dwLevel=1;
dwLength=_tcslen(server);
_tprintf(_T("\n****** Netbios ******\n"));
do
{
nStatus=NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=1;i<=er;i++)
{
_tprintf(_T("\nName:\t\t%s"),pBuffer->shi1_netname);
_tprintf(_T("\nRemark:\t\t%s"),pBuffer->shi1_remark);
_tprintf(_T("\nType:\t\t"));
if(pBuffer->shi1_type==STYPE_DISKTREE)
{
_tprintf(_T("Disk drive.\n"));
}
else if(pBuffer->shi1_type==STYPE_PRINTQ)
{
_tprintf(_T("Print queue.\n"));
}
else if(pBuffer->shi1_type==STYPE_DEVICE)
{
_tprintf(_T("Communication device.\n"));
}
else if(pBuffer->shi1_type==STYPE_IPC)
{
_tprintf(_T("Interprocess communication (IPC).\n"));
}
else if(pBuffer->shi1_type==STYPE_SPECIAL)
{
_tprintf(_T("Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$).\n"));
}
else
{
_tprintf(_T("\n"));
}
pBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nNetbios:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nNetbios Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}
while(nStatus==ERROR_MORE_DATA);
return 0;
}
int users(PTSTR server)
{
PNET_DISPLAY_USER pBuf,pBuffer;
DWORD nStatus;
DWORD dwRec;
DWORD i=0;
DWORD lerror;
DWORD dwLevel;
dwLevel=1;
_tprintf(_T("\n******* Users *******\n"));
do
{
nStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);
if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(;dwRec>0;dwRec--)
{
_tprintf(_T("\nName:\t\t%s"),pBuffer->usri1_name);
_tprintf(_T("\nFull Name:\t%s"),pBuffer->usri1_full_name);
_tprintf(_T("\nUser ID:\t%u"),pBuffer->usri1_user_id);
_tprintf(_T("\nComment: \t%s"),pBuffer->usri1_comment);
_tprintf(_T("\nFlag:"));
if(pBuffer->usri1_flags & UF_ACCOUNTDISABLE)
{
_tprintf(_T("\t\tThe user''s account is disabled.\n"));
}
if(pBuffer->usri1_flags & UF_TRUSTED_FOR_DELEGATION)
{
_tprintf(_T("\t\tThe account is enabled for delegation. \n"));
}
if(pBuffer->usri1_flags & UF_LOCKOUT)
{
_tprintf(_T("\t\tThe account is currently locked out (blocked).\n"));
}
if(pBuffer->usri1_flags & UF_SMARTCARD_REQUIRED)
{
_tprintf(_T("\t\tRequires the user to log on to the user account with a smart card. \n"));
}
if(pBuffer->usri1_flags & UF_DONT_REQUIRE_PREAUTH)
{
_tprintf(_T("\t\tThis account does not require Kerberos preauthentication for logon.\n"));
}
if(pBuffer->usri1_flags & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)
{
_tprintf(_T("\t\tThe user''s password is stored under reversible encryption in the Active Directory. \n"));
}
if(pBuffer->usri1_flags & UF_NOT_DELEGATED)
{
_tprintf(_T("\t\tMarks the account as \"sensitive\"; other users cannot act as delegates of this user account.\n"));
}
if(pBuffer->usri1_flags & UF_USE_DES_KEY_ONLY)
{
_tprintf(_T("\t\tRestrict this principal to use only Data Encryption Standard (DES) encryption types for keys.\n"));
}
if(pBuffer->usri1_flags & UF_HOMEDIR_REQUIRED)
{
_tprintf(_T("\t\tThe home directory is required. Windows NT/Windows 2000/Windows XP ignores this value.\n"));
}
if(pBuffer->usri1_flags & UF_SCRIPT)
{
_tprintf(_T("\t\tThe logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/2000/XP.\n"));
}
i=pBuffer->usri1_next_index;
pBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nUsers:\t\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nUsers Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
return 0;
}
int localgroup(PTSTR server)
{
NET_API_STATUS nStatus;
PLOCALGROUP_INFO_1 pBuf,pBuffer;
DWORD i,dwLevel;
DWORD er,tr,resume;
DWORD lerror;
resume=0;
dwLevel=1;
_tprintf(_T("\n**** Local Group ****\n"));
do
{
nStatus=NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=1;i<=er;i++)
{
_tprintf(_T("\nName:\t\t%s"),pBuffer->lgrpi1_name);
_tprintf(_T("\nComment:\t%s"),pBuffer->lgrpi1_comment);
_tprintf(_T("\n"));
pBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nLocal Group:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nLocal Group Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
return 0;
}
int globalgroup(PTSTR server)
{
PNET_DISPLAY_GROUP pGBuf,pGBuffer;
PGROUP_USERS_INFO_0 pUBuf,pUBuffer;
DWORD nGStatus,nUStatus;
DWORD i;
DWORD dwLevel,dwRec;
DWORD k;
DWORD er,tr,resume;
DWORD lerror;
i=0;
dwLevel=3;
er=0;
tr=0;
resume=0;
_tprintf(_T("\n**** Global group ****\n"));
do
{
nGStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);
if((nGStatus==ERROR_SUCCESS) || (nGStatus==ERROR_MORE_DATA))
{
pGBuffer=pGBuf;
for(;dwRec>0;dwRec--)
{
_tprintf(_T("\nName:\t\t%s"),pGBuffer->grpi3_name);
_tprintf(_T("\nComment:\t%s"),pGBuffer->grpi3_comment);
_tprintf(_T("\nGroup ID:\t%u"),pGBuffer->grpi3_group_id);
_tprintf(_T("\nAttributs:\t%u"),pGBuffer->grpi3_attributes);
_tprintf(_T("\nMembers:\t"));
nUStatus=NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if(nUStatus==NERR_Success)
{
pUBuffer=pUBuf;
for(k=1;k<=er;k++)
{
_tprintf(_T("%s "),pUBuffer->grui0_name);
pUBuffer++;
}
if(pUBuf!=NULL)
{
NetApiBufferFree(pUBuf);
}
}
_tprintf(_T("\n"));
i=pGBuffer->grpi3_next_index;
pGBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nGlobal Group:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nGlobal Group Error:\t%d\n"),lerror);
}
}
if(pGBuf!=NULL)
{
NetApiBufferFree(pGBuf);
}
}while(nGStatus==ERROR_MORE_DATA);
return 0;
}
int transport(PTSTR server)
{
NET_API_STATUS nStatus;
PSERVER_TRANSPORT_INFO_0 pBuf,pBuffer;
DWORD dwLevel;
DWORD i;
DWORD er,tr,resume;
DWORD dwTotalCount;
DWORD dwLength;
DWORD lerror;
er=0;
tr=0;
resume=0;
dwLevel=0;
dwTotalCount=0;
_tprintf(_T("\n***** Transport *****\n"));
dwLength=_tcslen(server);
do
{
nStatus=NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=0;i<er;i++)
{
_tprintf(_T("\nTransport:\t%s"),pBuffer->svti0_transportname);
_tprintf(_T("\nNetworkAddr:\t%s"),pBuffer->svti0_networkaddress);
_tprintf(_T("\nActiveClient:\t%d User(s)\n"),pBuffer->svti0_numberofvcs);
pBuffer++;
dwTotalCount++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nTransport:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nTransport Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
_tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount);
return 0;
}
int session(PTSTR server)
{
PSESSION_INFO_10 pBuf,pBuffer;
NET_API_STATUS nStatus;
DWORD i,dwLevel;
DWORD er,tr,resume;
DWORD dwTotalCount;
DWORD dwLength;
PTSTR pszClient;
PTSTR pszUser;
DWORD lerror;
_tprintf(_T("\n****** Session ******\n"));
dwLevel=10;
dwTotalCount=0;
pszClient=NULL;
pszUser=NULL;
er=0;
tr=0;
resume=0;
dwLength=_tcslen(server);
do
{
nStatus=NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=0;i<er;i++)
{
if(pBuffer==NULL)
{
_tprintf(_T("An access violation has occurred.\n"));
break;
}
_tprintf(_T("\nClient:\t\t%s"),pBuffer->sesi10_cname);
_tprintf(_T("\nUser:\t\t%s"),pBuffer->sesi10_username);
_tprintf(_T("\nSeconds Active:\t%d"),pBuffer->sesi10_time);
_tprintf(_T("\nSeconds Idle:\t%d\n"),pBuffer->sesi10_idle_time);
pBuffer++;
dwTotalCount++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nSession:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nSession Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
_tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount);
return 0;
}
(全文完)
本文配套源碼
