Chinaunix首页 | 论坛 | 博客
  • 博客访问: 607202
  • 博文数量: 945
  • 博客积分: 52360
  • 博客等级: 大将
  • 技术积分: 13070
  • 用 户 组: 普通用户
  • 注册时间: 2008-08-08 11:12
文章分类

全部博文(945)

文章存档

2011年(1)

2008年(944)

我的朋友

分类: C/C++

2008-08-08 11:32:14

下载本文示例代码
一 NetBIOS信息
二 主要函数与相关数据结构分析
三 如何防止NetBIOS信息的泄露
四 源代码

大家一提到Windows2000/XP系统的安全性,很快就会想到NULL Session(空会话)。这可以算是微软安置的一个后门,很多简单而容易的攻击都是基于空会话而实现的。在此,我们不讨论如何攻陷一台Windows2000/XP系统,而是要谈谈在建立空会话之后,我们可以得到远程主机的哪些NetBIOS信息。(由于本文是针对Windows2000/XP系统,所以使用了UNICODE编码)。

一、NetBIOS信息
在我们和远程Windows2000/XP主机建立了空会话之后,我们就有权枚举系统里的各项NetBIOS信息了。当然在某些选项中需要较高的权利,不过我们只执行那些匿名用户可以获得的绝大多数系统信息。

时间:探测远程主机的当前日期和时间信息。它会返回一个数据结构,包括年,月,日,星期,时,分,秒等等。不过得到的是GMT标准时间,当然对于我们来说就应该换算为GMT 8:00了。由此可以判断出主机所在的时区信息。

操作系统指纹:探测远程主机的操作系统指纹信息。一共有三种级别的探测(100,101,102),我们使用的是101级,它会返回一个数据结构,可以获取远程主机的平台标识,服务器名称,操作系统的主次版本(Windows2000为5.0,WindowsXP为5.1,而最新操作系统Longhorn的版本为6.0),服务器类型(每台主机可能同时包含多种类型信息)和注释。

共享列表:探测远程主机的共享列表。我们可以获得一个数据结构指针,枚举远程主机的所有共享信息(隐藏的共享列表在内)。其中包括共享名称,类型与备注。类型可分为:磁盘驱动器,打印队列,通讯设备,进程间通讯与特殊设备。

用户列表: 探测远程主机的用户列表,返回一个数据结构指针,枚举所有用户信息。可获取用户名,全名,用户标识符,说明与标识信息。标识信息可以探测用户的访问权限。

本地组列表: 探测远程主机的本地组列表信息。枚举所有本地组信息,包含本地组名称和注释信息。

组列表: 探测远程主机的组列表信息。枚举所有的组信息,包括组名称,注释,组标识符与属性。在此基础上,我们可以枚举组内的所有用户信息。

组用户列表: 探测特定组内的用户信息。我们可以获得组内所有用户的名称。当我门获得了所有的用户列表,下一步就应该很清楚了,那就是挂一个字典进行破解了。

传输协议列表: 探测远程主机的传输协议信息,枚举所有的传输列表。可以获得每个传输协议的名称,地址,网络地址和当前与本传输协议连接的用户数目。

会话列表: 探测远程主机的当前会话列表。枚举每个会话的相关信息,包括客户端主机的名称,当前用户的名称,活动时间和空闲时间。这可以帮助我们了解远程主机用户的喜好等等。

二、主要函数与相关数据结构分析

1. 建立空会话
WNetAddConnection2(&nr,username,password,0);
//nr为NETRESOURCE数据结构的对象;
//username为建立空会话的用户名,在此将用户名设置为NULL;
//password为登陆密码,在此将密码设置为NULL;

2. 撤消空会话
WNetCancelConnection2(ipc,0,TRUE);
//ipc为TCHAR的指针,我们可以这样获得:
//swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]),argv[1]为主机名或地址;

3. 探测主机时间
nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
//参数server为主机的名称或地址;
//pBuf为TIME_OF_DAY_INFO数据结构的指针;
//nStatus为NET_API_STATUS成员;

4. 探测操作系统指纹
NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
//dwLevel为等级数,我们选择的是101级;
//pBuf是SERVER_INFO_101数据结构的指针;

5. 探测共享列表
NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//dwLevel的等级数为1级;
//pBuf是SHARE_INFO_1数据结构的指针;
//MAX_PREFERRED_LENGTH指定返回数据的长度;
//er指明返回的实际可以枚举的成员数目;
//tr返回所有的成员数目;
//resume用于继续进行共享搜索;

6. 探测用户列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);
//dwLevel的等级数为1级;
//i为枚举的索引;
//dwRec返回获取的信息数目;
//pBuf为NET_DISPLAY_USER数据结构的指针;

7. 探测本地组列表
NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,-1,&er,&tr,&resume);
//dwLevel的等级是1;
//pBuf返回LOCALGROUP_INFO_1数据结构的指针;

8. 探测组列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);
//dwLevel的等级为3;
//pGBuf返回NET_DISPLAY_GROUP的数据结构指针;

9. 探测组内的用户
NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//pGBuffer->grpi3_name为组的名称;
//pUBuf返回GROUP_USERS_INFO_0数据结构的指针;

10.探测传输协议列表
NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//dwLevel的等级为0级;
//pBuf返回SERVER_TRANSPORT_INFO_0数据结构的指针;

11.探测会话列表
NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//pszClient指定客户的地址;
//pszUser指定用户名;
//dwLevel的等级是10级;
//pBuf返回SESSION_INFO_10数据结构的指针;

12.释放内存
NetApiBufferFree(pBuf);
//释放由系统分配的内存空间。

三、 如何防止NetBIOS信息的泄露

我们可以安装防火墙来禁止空会话的建立,或者我们可以在网络连接属性里禁用TCP/IP上的NetBIOS,当然也可以在IP安全策略里禁用445/tcp端口来实现。只要空会话不能成功建立,那就很难获得上面提到的各项信息了。

四、 源代码

#define  UNICODE

#define  _UNICODE



#include 

#include 

#include 

#include "include\lmaccess.h"

#include "include\lmserver.h"

#include "include\lmshare.h"

#include 



#pragma  comment (lib,"mpr")

#pragma  comment (lib,"netapi32")

 

void start();

void usage();

int  datetime(PTSTR server);

int  fingerprint(PTSTR server);

int  netbios(PTSTR server);

int  users(PTSTR server);

int  localgroup(PTSTR server);

int  globalgroup(PTSTR server);

int  transport(PTSTR server);

int  session(PTSTR server);



int wmain(int argc,TCHAR *argv[])

{ 

	NETRESOURCE nr;

	DWORD       ret;

	TCHAR       username[100]=_T("");

	TCHAR       password[100]=_T("");

	TCHAR       ipc[100]=_T("");



	system("cls.exe");

	start();

	if(argc!=2)

	{

		usage();

		return -1;

	}

	swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]);

	nr.lpLocalName=NULL;

	nr.lpProvider=NULL;

	nr.dwType=RESOURCETYPE_ANY;

	nr.lpRemoteName=ipc;

	ret=WNetAddConnection2(&nr,username,password,0);

	if(ret!=ERROR_SUCCESS)

	{

		_tprintf(_T("\nIPC$ Connect Failed.\n"));

		return -1;

	}



   	datetime(argv[1]);

       fingerprint(argv[1]);

   	netbios(argv[1]);

   	users(argv[1]);

   	localgroup(argv[1]);

   	globalgroup(argv[1]);

   	transport(argv[1]);

   	session(argv[1]);



	ret=WNetCancelConnection2(ipc,0,TRUE);    

	if(ret!=ERROR_SUCCESS)

	{

		_tprintf(_T("IPC$ Disconnect Failed.\n"));

		return -1;

	}

	return 0;

}



void start()

{

	_tprintf(_T("=====[ T-SMB Scan, by TOo2y        ]=====\n"));

	_tprintf(_T("=====[ E-mail: TOo2y@safechina.net ]=====\n"));

	_tprintf(_T("=====[ HomePage:  ]=====\n"));

	_tprintf(_T("=====[ Date: 12-12-2002            ]=====\n"));

}



void usage()

{

	_tprintf(_T("\nUsage:\t  T-SMB  Remoteip"));

	_tprintf(_T("\nRequest:  Remote host must be opening port 445/tcp of Microsoft-DS.\n"));

}



int datetime(PTSTR server)

{

	PTIME_OF_DAY_INFO  pBuf=NULL;

	NET_API_STATUS     nStatus;

	DWORD              lerror;



	_tprintf(_T("\n*** Date and Time ***\n"));

	nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf); 

	if(nStatus==NERR_Success)

	{ 

		if(pBuf!=NULL)

		{

			_tprintf(_T("\nCurrent date:\t%.2d-%.2d-%d"),pBuf->tod_month,pBuf->tod_day,pBuf->tod_year);

			_tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT)"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds);

			pBuf->tod_hours=(pBuf->tod_hours 8)$;

			_tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT 08:00)\n"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds);

		}   

	}

	else

	{

		lerror=GetLastError();

		if(lerror==997)

		{

			_tprintf(_T("\nDateTime:\tOverlapped I/O operation is in progress. \n"));

		}

		else                            

		{

     		_tprintf(_T("\nDatetime Error:\t%d\n"),lerror);

		}

	}

	if(pBuf!=NULL)

	{

		NetApiBufferFree(pBuf);

	}

	return 0;

}



int fingerprint(PTSTR server)  

{ 

       DWORD              dwlength; 

	DWORD              dwLevel; 

	NET_API_STATUS     nStatus;

	PSERVER_INFO_101   pBuf;

	DWORD              lerror;

 

	dwLevel=101;

	pBuf=NULL; 

	dwlength=_tcslen(server);



	_tprintf(_T("\n**** Fingerprint ****\n"));

	nStatus=NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);

	if(nStatus==NERR_Success)

	{

		_tprintf(_T("\nComputername:\t%s"),pBuf->sv101_name);

		_tprintf(_T("\nComment:\t%s"),pBuf->sv101_comment);

		_tprintf(_T("\nPlatform:\t%d"),pBuf->sv101_platform_id);

		_tprintf(_T("\nVersion:\t%d.%d"),pBuf->sv101_version_major,pBuf->sv101_version_minor);

		_tprintf(_T("\nType:")); 

		if(pBuf->sv101_type & SV_TYPE_NOVELL)

		{

			_tprintf(_T("\t\tNovell server.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_XENIX_SERVER)

		{

			_tprintf(_T("\t\tXenix server.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_DOMAIN_ENUM)

		{

			_tprintf(_T("\t\tPrimary domain .\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_TERMINALSERVER)

		{

			_tprintf(_T("\t\tTerminal Server.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_WINDOWS)

		{

			_tprintf(_T("\t\tWindows 95 or later.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_SERVER)

		{

			_tprintf(_T("\t\tA LAN Manager server.\n"));

		}

              if(pBuf->sv101_type & SV_TYPE_WORKSTATION)       

		{

     		_tprintf(_T("\t\tA LAN Manager workstation.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_PRINTQ_SERVER)

		{

			_tprintf(_T("\t\tServer sharing print queue.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL)

		{

			_tprintf(_T("\t\tPrimary domain controller.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL)

		{

			_tprintf(_T("\t\tBackup domain controller.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_AFP)

		{

			_tprintf(_T("\t\tApple File Protocol server.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_DOMAIN_MEMBER)

		{

			_tprintf(_T("\t\tLAN Manager 2.x domain member.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_LOCAL_LIST_ONLY)

		{

			_tprintf(_T("\t\tServers maintained by the browser.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_DIALIN_SERVER)

		{

			_tprintf(_T("\t\tServer running dial-in service.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_TIME_SOURCE)

		{

			_tprintf(_T("\t\tServer running the Timesource service.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_SERVER_MFPN)

		{

			_tprintf(_T("\t\tMicrosoft File and Print for NetWare.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_NT)

		{

			_tprintf(_T("\t\tWindows NT/2000/XP workstation or server.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_WFW)

		{

			_tprintf(_T("\t\tServer running Windows for Workgroups.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_POTENTIAL_BROWSER)

		{

			_tprintf(_T("\t\tServer that can run the browser service.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_BACKUP_BROWSER)

		{

			_tprintf(_T("\t\tServer running a browser service as backup.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_MASTER_BROWSER)

		{

			_tprintf(_T("\t\tServer running the master browser service.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_DOMAIN_MASTER)

		{

			_tprintf(_T("\t\tServer running the domain master browser.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_CLUSTER_NT)

		{

			_tprintf(_T("\t\tServer clusters available in the domain.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_SQLSERVER)

		{

			_tprintf(_T("\t\tAny server running with Microsoft SQL Server.\n"));

		}

		if(pBuf->sv101_type & SV_TYPE_SERVER_NT)

		{

			_tprintf(_T("\t\tWindows NT/2000 server that is not a domain controller.\n"));

		}

	}

	else

	{

		lerror=GetLastError();

		if(lerror==997)

		{

			_tprintf(_T("\nFingerprint:\tOverlapped I/O operation is in progress.\n"));

		}

		else

		{

           		_tprintf(_T("\nFingerprint Error:\t%d\n"),lerror);

		}

	}

 	if(pBuf!=NULL)

	{

		NetApiBufferFree(pBuf);

	}

	return 0;

}



int netbios(PTSTR server)      

{

	DWORD              er,tr,resume;

	DWORD              i,dwLength,dwLevel;

	PSHARE_INFO_1      pBuf,pBuffer;

	NET_API_STATUS     nStatus;

	DWORD              lerror;



	er=0;             

	tr=0;

	resume=1;

	dwLevel=1;

	dwLength=_tcslen(server);



       _tprintf(_T("\n****** Netbios ******\n"));

	do

	{                                                

		nStatus=NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);

		if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))

		{

	            	pBuffer=pBuf;

	           	for(i=1;i<=er;i  )  

			{

				_tprintf(_T("\nName:\t\t%s"),pBuffer->shi1_netname);

				_tprintf(_T("\nRemark:\t\t%s"),pBuffer->shi1_remark);

				_tprintf(_T("\nType:\t\t")); 

				if(pBuffer->shi1_type==STYPE_DISKTREE)     

				{ 

					_tprintf(_T("Disk drive.\n"));

				}

				else if(pBuffer->shi1_type==STYPE_PRINTQ)  

				{

					_tprintf(_T("Print queue.\n"));

				}

				else if(pBuffer->shi1_type==STYPE_DEVICE)

				{

					_tprintf(_T("Communication device.\n"));

				}

				else if(pBuffer->shi1_type==STYPE_IPC)   

				{

					_tprintf(_T("Interprocess communication (IPC).\n"));  

				}

				else if(pBuffer->shi1_type==STYPE_SPECIAL) 

				{

					_tprintf(_T("Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$).\n"));

				}

				else

				{

					_tprintf(_T("\n"));

				}

				pBuffer  ;

			}

		}

		else

		{

			lerror=GetLastError();

			if(lerror==997)

			{

				_tprintf(_T("\nNetbios:\tOverlapped I/O operation is in progress.\n"));

			}

			else 

			{

				_tprintf(_T("\nNetbios Error:\t%d\n"),lerror);

			}

		}

           	if(pBuf!=NULL)

		{

           	    	NetApiBufferFree(pBuf);

		}

	}

	while(nStatus==ERROR_MORE_DATA);

	return 0;

}



int users(PTSTR server) 

{

	PNET_DISPLAY_USER  pBuf,pBuffer;

	DWORD              nStatus;

	DWORD              dwRec;

	DWORD              i=0;

	DWORD              lerror;

	DWORD              dwLevel;



	dwLevel=1;



	_tprintf(_T("\n******* Users *******\n"));

	do

	{

		nStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);

		if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))

		{

			pBuffer=pBuf;

			for(;dwRec>0;dwRec--)

			{

				_tprintf(_T("\nName:\t\t%s"),pBuffer->usri1_name);

				_tprintf(_T("\nFull Name:\t%s"),pBuffer->usri1_full_name);

				_tprintf(_T("\nUser ID:\t%u"),pBuffer->usri1_user_id);

				_tprintf(_T("\nComment: \t%s"),pBuffer->usri1_comment);

				_tprintf(_T("\nFlag:"));  

				if(pBuffer->usri1_flags & UF_ACCOUNTDISABLE)

				{

					_tprintf(_T("\t\tThe user''s account is disabled.\n"));

				}

				if(pBuffer->usri1_flags & UF_TRUSTED_FOR_DELEGATION)

				{

					_tprintf(_T("\t\tThe account is enabled for delegation. \n"));

				}

				if(pBuffer->usri1_flags & UF_LOCKOUT)

				{

					_tprintf(_T("\t\tThe account is currently locked out (blocked).\n"));

				}

				if(pBuffer->usri1_flags & UF_SMARTCARD_REQUIRED)

				{

					_tprintf(_T("\t\tRequires the user to log on to the user account with a smart card. \n"));

				}

				if(pBuffer->usri1_flags & UF_DONT_REQUIRE_PREAUTH)

				{

					_tprintf(_T("\t\tThis account does not require Kerberos preauthentication for logon.\n"));

				}

				if(pBuffer->usri1_flags & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)

				{

					_tprintf(_T("\t\tThe user''s password is stored under reversible encryption in the Active Directory. \n"));

				}

				if(pBuffer->usri1_flags & UF_NOT_DELEGATED)

				{

					_tprintf(_T("\t\tMarks the account as \"sensitive\"; other users cannot act as delegates of this user account.\n"));

				}

				if(pBuffer->usri1_flags & UF_USE_DES_KEY_ONLY)

				{

					_tprintf(_T("\t\tRestrict this principal to use only Data Encryption Standard (DES) encryption types for keys.\n"));

				}

				if(pBuffer->usri1_flags & UF_HOMEDIR_REQUIRED)

				{

					_tprintf(_T("\t\tThe home directory is required. Windows NT/Windows 2000/Windows XP ignores this value.\n"));

				}

				if(pBuffer->usri1_flags & UF_SCRIPT)

				{

					_tprintf(_T("\t\tThe logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/2000/XP.\n"));

				}

				i=pBuffer->usri1_next_index;

				pBuffer  ;

			}

		}

		else

		{  

			lerror=GetLastError();

			if(lerror==997)

			{

				_tprintf(_T("\nUsers:\t\tOverlapped I/O operation is in progress.\n"));

			}

			else

			{

				_tprintf(_T("\nUsers Error:\t%d\n"),lerror);

			}

		}

  		if(pBuf!=NULL)

		{

	           	NetApiBufferFree(pBuf);

		}

	}while(nStatus==ERROR_MORE_DATA);

	return 0;

}



int localgroup(PTSTR server)  

{

	NET_API_STATUS      nStatus;

	PLOCALGROUP_INFO_1  pBuf,pBuffer;

	DWORD               i,dwLevel;

       DWORD               er,tr,resume; 

	DWORD               lerror;



	resume=0;

	dwLevel=1; 



	_tprintf(_T("\n**** Local Group ****\n"));

	do

	{                                                    

		nStatus=NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);

		if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))

		{

			pBuffer=pBuf;

			for(i=1;i<=er;i  )

			{

				_tprintf(_T("\nName:\t\t%s"),pBuffer->lgrpi1_name);

				_tprintf(_T("\nComment:\t%s"),pBuffer->lgrpi1_comment);

				_tprintf(_T("\n"));

				pBuffer  ;

			}

		}

		else

		{

			lerror=GetLastError();

			if(lerror==997)

			{

				_tprintf(_T("\nLocal Group:\tOverlapped I/O operation is in progress.\n"));

			}

			else

			{

				_tprintf(_T("\nLocal Group Error:\t%d\n"),lerror);

			}

		}

		if(pBuf!=NULL)

		{

	       	NetApiBufferFree(pBuf);

		}

	}while(nStatus==ERROR_MORE_DATA);

	return 0;

} 



int globalgroup(PTSTR server)  

{

	PNET_DISPLAY_GROUP   pGBuf,pGBuffer;

	PGROUP_USERS_INFO_0  pUBuf,pUBuffer;

	DWORD                nGStatus,nUStatus;

	DWORD                i;

	DWORD                dwLevel,dwRec;

	DWORD                k;

	DWORD                er,tr,resume;

	DWORD                lerror;

	

	i=0;

	dwLevel=3;

	er=0;

	tr=0;

	resume=0;

	_tprintf(_T("\n**** Global group ****\n"));

       do

	{

		nGStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);

             if((nGStatus==ERROR_SUCCESS) || (nGStatus==ERROR_MORE_DATA))

		{

			pGBuffer=pGBuf;

			for(;dwRec>0;dwRec--)

			{

				_tprintf(_T("\nName:\t\t%s"),pGBuffer->grpi3_name);

	           		_tprintf(_T("\nComment:\t%s"),pGBuffer->grpi3_comment);

	       	      	_tprintf(_T("\nGroup ID:\t%u"),pGBuffer->grpi3_group_id);

	                	_tprintf(_T("\nAttributs:\t%u"),pGBuffer->grpi3_attributes);

				_tprintf(_T("\nMembers:\t"));



	           		nUStatus=NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);

				if(nUStatus==NERR_Success)

				{

					pUBuffer=pUBuf;

					for(k=1;k<=er;k  )

					{

						_tprintf(_T("%s  "),pUBuffer->grui0_name);

       					pUBuffer  ;

					}

       				if(pUBuf!=NULL)

					{

			        	    	NetApiBufferFree(pUBuf);

					}

				}

				_tprintf(_T("\n"));

				i=pGBuffer->grpi3_next_index;

				pGBuffer  ;

			}

		}

		else

		{

			lerror=GetLastError();

			if(lerror==997)

			{

				_tprintf(_T("\nGlobal Group:\tOverlapped I/O operation is in progress.\n"));

			}

			else

			{

				_tprintf(_T("\nGlobal Group Error:\t%d\n"),lerror);

			}

		}

		if(pGBuf!=NULL)

		{

    	         	NetApiBufferFree(pGBuf);

		}

	}while(nGStatus==ERROR_MORE_DATA);

    return 0;

}



int transport(PTSTR server)  

{

	NET_API_STATUS           nStatus;

	PSERVER_TRANSPORT_INFO_0 pBuf,pBuffer;

	DWORD                    dwLevel;

	DWORD                    i;

       DWORD                    er,tr,resume;

       DWORD                    dwTotalCount;

	DWORD                    dwLength;

	DWORD                    lerror;



       er=0;

	tr=0;

	resume=0;

	dwLevel=0;

	dwTotalCount=0;



	_tprintf(_T("\n***** Transport *****\n"));

	dwLength=_tcslen(server);

	do

	{

		nStatus=NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);

		if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))

		{

                     pBuffer=pBuf;

			for(i=0;isvti0_transportname);

				_tprintf(_T("\nNetworkAddr:\t%s"),pBuffer->svti0_networkaddress);

				_tprintf(_T("\nActiveClient:\t%d User(s)\n"),pBuffer->svti0_numberofvcs);

                   		pBuffer  ;

	         	     	dwTotalCount  ; 

			}

		}

		else

		{

			lerror=GetLastError();

			if(lerror==997)

			{

				_tprintf(_T("\nTransport:\tOverlapped I/O operation is in progress.\n"));

			}

			else

			{

				_tprintf(_T("\nTransport Error:\t%d\n"),lerror);

			}

		}

	      if(pBuf!=NULL)

		{

                  	NetApiBufferFree(pBuf);

		}

	}while(nStatus==ERROR_MORE_DATA);

	_tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount);

	return 0;

}

	

int session(PTSTR server)   

{

	PSESSION_INFO_10   pBuf,pBuffer;

	NET_API_STATUS     nStatus;

	DWORD              i,dwLevel;

	DWORD              er,tr,resume;

	DWORD              dwTotalCount;

	DWORD              dwLength;

	PTSTR              pszClient;

	PTSTR              pszUser;

	DWORD              lerror;



	_tprintf(_T("\n****** Session ******\n"));

	dwLevel=10;

	dwTotalCount=0;

	pszClient=NULL;

	pszUser=NULL;

	er=0;

	tr=0;

	resume=0;

	dwLength=_tcslen(server);



	do

	{

		nStatus=NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);

		if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))

		{

			pBuffer=pBuf;

			for(i=0;isesi10_cname);

				_tprintf(_T("\nUser:\t\t%s"),pBuffer->sesi10_username);

				_tprintf(_T("\nSeconds Active:\t%d"),pBuffer->sesi10_time);

				_tprintf(_T("\nSeconds Idle:\t%d\n"),pBuffer->sesi10_idle_time);

				pBuffer  ;

				dwTotalCount  ;

			}

		}

		else

		{

			lerror=GetLastError();

			if(lerror==997)

			{

				_tprintf(_T("\nSession:\tOverlapped I/O operation is in progress.\n"));

			}

			else

			{

				_tprintf(_T("\nSession Error:\t%d\n"),lerror);

			}

		}

		if(pBuf!=NULL)

		{

			NetApiBufferFree(pBuf);

		}

	}while(nStatus==ERROR_MORE_DATA);

   	_tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount);

	return 0;

}

(全文完) 下载本文示例代码
阅读(89) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~