探测远程Windows主机的NetBIOS信息


发布日期:2003-03-27


文摘内容:


原创:TOo2y(夜色)




探测远程Windows主机的NetBIOS信息



Author: TOo2y[原创]



Homepage:

www.safechina.net


Date: 12-25-2002


注:


    本文相关程序 T-SMB 可探测远程主机的NetBIOS信息,包括操作系统指纹,共享目录,用户与组,传输列表及其他信息。您可以在中华安全网(SafeChina)下载此软件。


    下载链接:<

http://www.safechina.net/download/click.php?type=本站原创&id=1040000080 >



    大家一提到Windows2000/XP系统的安全性,很快就会想到NULL Session(空会话)。这可以算是微软安置的一个后门,很多简单而容易的攻击都是基于空会话而实现的。在此,我们不讨论如何攻陷一台Windows2000/XP系统,而是要谈谈在建立空会话之后,我们可以得到远程主机的哪些NetBIOS信息。(由于本文是针对Windows2000/XP系统,所以使用了UNICODE编码)。



一)NetBIOS信息  


    在我们和远程Windows2000/XP主机建立了空会话之后,我们就有权枚举系统里的各项NetBIOS信息了。当然在某些选项中需要较高的权利,不过我们只执行那些匿名用户可以获得的绝大多数系统信息。



    时间:探测远程主机的当前日期和时间信息。它会返回一个数据结构,包括年,月,日,星期,时,分,秒等等。不过得到的是GMT标准时间,当然对于我们来说就应该换算为GMT+8:00了。由此可以判断出主机所在的时区信息。



    操作系统指纹:探测远程主机的操作系统指纹信息。一共有三种级别的探测(100,101,102),我们使用的是101级,它会返回一个数据结构,可以获取远程主机的平台标识,服务器名称,操作系统的主次版本(Windows2000为5.0,WindowsXP为5.1,而最新操作系统Longhorn的版本为6.0),服务器类型(每台主机可能同时包含多种类型信息)和注释。



    共享列表:探测远程主机的共享列表。我们可以获得一个数据结构指针,枚举远程主机的所有共享信息(隐藏的共享列表在内)。其中包括共享名称,类型与备注。类型可分为:磁盘驱动器,打印队列,通讯设备,进程间通讯与特殊设备。



    用户列表: 探测远程主机的用户列表,返回一个数据结构指针,枚举所有用户信息。可获取用户名,全名,用户标识符,说明与标识信息。标识信息可以探测用户的访问权限。



    本地组列表: 探测远程主机的本地组列表信息。枚举所有本地组信息,包含本地组名称和注释信息。



    组列表: 探测远程主机的组列表信息。枚举所有的组信息,包括组名称,注释,组标识符与属性。在此基础上,我们可以枚举组内的所有用户信息。



    组用户列表: 探测特定组内的用户信息。我们可以获得组内所有用户的名称。当我门获得了所有的用户列表,下一步就应该很清楚了,那就是挂一个字典进行破解了。



    传输协议列表: 探测远程主机的传输协议信息,枚举所有的传输列表。可以获得每个传输协议的名称,地址,网络地址和当前与本传输协议连接的用户数目。



    会话列表: 探测远程主机的当前会话列表。枚举每个会话的相关信息,包括客户端主机的名称,当前用户的名称,活动时间和空闲时间。这可以帮助我们了解远程主机用户的喜好等等。



二)主要函数与相关数据结构分析


    1. 建立空会话

WNetAddConnection2(&nr,username,password,0); 

    //nr为NETRESOURCE数据结构的对象; 

    //username为建立空会话的用户名,在此将用户名设置为NULL; 

    //password为登陆密码,在此将密码设置为NULL;


    2. 撤消空会话


WNetCancelConnection2(ipc,0,TRUE); 

    //ipc为TCHAR的指针,我们可以这样获得: 

    //swprintf(ipc,_T("%s//ipc$"),argv[1]),argv[1]为主机名或地址;

    3. 探测主机时间


nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf); 

    //参数server为主机的名称或地址; 

    //pBuf为TIME_OF_DAY_INFO数据结构的指针; 

    //nStatus为NET_API_STATUS成员;




    4. 探测操作系统指纹


NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf); 

    //dwLevel为等级数,我们选择的是101级; 

    //pBuf是SERVER_INFO_101数据结构的指针;

    5. 探测共享列表


NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

    //dwLevel的等级数为1级; 

    //pBuf是SHARE_INFO_1数据结构的指针; 

    //MAX_PREFERRED_LENGTH指定返回数据的长度; 

    //er指明返回的实际可以枚举的成员数目; 

    //tr返回所有的成员数目; 

    //resume用于继续进行共享搜索;


    6. 探测用户列表


NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf); 

    //dwLevel的等级数为1级; 

    //i为枚举的索引; 

    //dwRec返回获取的信息数目; 

    //pBuf为NET_DISPLAY_USER数据结构的指针;

    7. 探测本地组列表


 


NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,-1,&er,&tr,&resume); 

    //dwLevel的等级是1; 

    //pBuf返回LOCALGROUP_INFO_1数据结构的指针;

    8. 探测组列表


  


NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf); 

    //dwLevel的等级为3; 

    //pGBuf返回NET_DISPLAY_GROUP的数据结构指针;

    9. 探测组内的用户


NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

    //pGBuffer->grpi3_name为组的名称; 

    //pUBuf返回GROUP_USERS_INFO_0数据结构的指针;


    10.探测传输协议列表


NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

    //dwLevel的等级为0级; 

    //pBuf返回SERVER_TRANSPORT_INFO_0数据结构的指针;


    11.探测会话列表


NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

    //pszClient指定客户的地址; 

    //pszUser指定用户名; 

    //dwLevel的等级是10级; 

    //pBuf返回SESSION_INFO_10数据结构的指针;


    12.释放内存


 

NetApiBufferFree(pBuf); 

     //释放由系统分配的内存空间。



三) 如何防止NetBIOS信息的泄露


    我们可以安装防火墙来禁止空会话的建立,或者我们可以在网络连接属性里禁用TCP/IP上的NetBIOS,当然也可以在IP安全策略里禁用445/tcp端口来实现。只要空会话不能成功建立,那就很难获得上面提到的各项信息了。



四) 源代码



#define  UNICODE 

#define  _UNICODE 


#include <windows.h> 

#include <winnetwk.h> 

#include <tchar.h> 

#include <lm.h> 


#pragma  comment (lib,"mpr") 

#pragma  comment (lib,"netapi32") 


void start(); 

void usage(); 

int  datetime(PTSTR server); 

int  fingerprint(PTSTR server); 

int  netbios(PTSTR server); 

int  users(PTSTR server); 

int  localgroup(PTSTR server); 

int  globalgroup(PTSTR server); 

int  transport(PTSTR server); 

int  session(PTSTR server); 


int wmain(int argc,TCHAR *argv[]) 

{ 

    NETRESOURCE nr; 

    DWORD       ret; 

    TCHAR       username[100]=_T(""); 

    TCHAR       password[100]=_T(""); 

    TCHAR       ipc[100]=_T(""); 


    system("cls.exe"); 

    start(); 

    if(argc!=2) 

    { 

        usage(); 

        return -1; 

    } 

    swprintf(ipc,_T("%s//ipc$"),argv[1]); 

    nr.lpLocalName=NULL; 

    nr.lpProvider=NULL; 

    nr.dwType=RESOURCETYPE_ANY; 

    nr.lpRemoteName=ipc; 

    ret=WNetAddConnection2(&nr,username,password,0); 

    if(ret!=ERROR_SUCCESS) 

    { 

        _tprintf(_T("/nIPC$ Connect Failed./n")); 

        return -1; 

    } 


       datetime(argv[1]); 

         fingerprint(argv[1]); 

       netbios(argv[1]); 

       users(argv[1]); 

       localgroup(argv[1]); 

       globalgroup(argv[1]); 

       transport(argv[1]); 

       session(argv[1]); 


    ret=WNetCancelConnection2(ipc,0,TRUE);     

    if(ret!=ERROR_SUCCESS) 

    { 

        _tprintf(_T("IPC$ Disconnect Failed./n")); 

        return -1; 

    } 

    return 0; 

} 


void start() 

{ 

    _tprintf(_T("=====[ T-SMB Scan, by TOo2y        ]=====/n")); 

    _tprintf(_T("=====[ E-mail: TOo2y@safechina.net ]=====/n")); 

    _tprintf(_T("=====[ HomePage: 
www.safechina.net ]=====/n")); 

    _tprintf(_T("=====[ Date: 12-12-2002            ]=====/n")); 

} 


void usage() 

{ 

    _tprintf(_T("/nUsage:/t  T-SMB  RemoteIP")); 

} 


int datetime(PTSTR server) 

{ 

    PTIME_OF_DAY_INFO  pBuf=NULL; 

    NET_API_STATUS     nStatus; 

    DWORD              lerror; 


    _tprintf(_T("/n*** Date and Time ***/n")); 

    nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf); 

    if(nStatus==NERR_Success) 

    { 

        if(pBuf!=NULL) 

        { 

            _tprintf(_T("/nCurrent date:/t%.2d-%.2d-%d"),pBuf->tod_month,pBuf->tod_day,pBuf->tod_year); 

            _tprintf(_T("/nCurrent time:/t%.2d:%.2d:%.2d.%.2d (GMT)"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds); 

            pBuf->tod_hours=(pBuf->tod_hours+8)%24; 

            _tprintf(_T("/nCurrent time:/t%.2d:%.2d:%.2d.%.2d (GMT+08:00)/n"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds); 

        }   

    } 

    else 

    { 

        lerror=GetLastError(); 

        if(lerror==997) 

        { 

            _tprintf(_T("/nDateTime:/tOverlapped I/O operation is in progress. /n")); 

        } 

        else                             

        { 

                   _tprintf(_T("/nDatetime Error:/t%d/n"),lerror); 

        } 

    } 

    if(pBuf!=NULL) 

    { 

        NetApiBufferFree(pBuf); 

    } 

    return 0; 

} 


int fingerprint(PTSTR server)   

{ 

         DWORD              dwlength; 

    DWORD              dwLevel; 

    NET_API_STATUS     nStatus; 

    PSERVER_INFO_101   pBuf; 

    DWORD              lerror; 


    dwLevel=101; 

    pBuf=NULL; 

    dwlength=_tcslen(server); 


    _tprintf(_T("/n**** Fingerprint ****/n")); 

    nStatus=NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf); 

    if(nStatus==NERR_Success) 

    { 

        _tprintf(_T("/nComputername:/t%s"),pBuf->sv101_name); 

        _tprintf(_T("/nComment:/t%s"),pBuf->sv101_comment); 

        _tprintf(_T("/nPlatform:/t%d"),pBuf->sv101_platform_id); 

        _tprintf(_T("/nVersion:/t%d.%d"),pBuf->sv101_version_major,pBuf->sv101_version_minor); 

        _tprintf(_T("/nType:")); 

        if(pBuf->sv101_type & SV_TYPE_NOVELL) 

        { 

            _tprintf(_T("/t/tNovell server./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_XENIX_SERVER) 

        { 

            _tprintf(_T("/t/tXenix server./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_DOMAIN_ENUM) 

        { 

            _tprintf(_T("/t/tPrimary domain ./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_TERMINALSERVER) 

        { 

            _tprintf(_T("/t/tTerminal Server./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_WINDOWS) 

        { 

            _tprintf(_T("/t/tWindows 95 or later./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_SERVER) 

        { 

            _tprintf(_T("/t/tA LAN Manager server./n")); 

        } 

                  if(pBuf->sv101_type & SV_TYPE_WORKSTATION)       

        { 

                          _tprintf(_T("/t/tA LAN Manager workstation./n")); 

         } 

        if(pBuf->sv101_type & SV_TYPE_PRINTQ_SERVER) 

        { 

            _tprintf(_T("/t/tServer sharing print queue./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL) 

        { 

            _tprintf(_T("/t/tPrimary domain controller./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL) 

        { 

            _tprintf(_T("/t/tBackup domain controller./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_AFP) 

        { 

            _tprintf(_T("/t/tApple File Protocol server./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_DOMAIN_MEMBER) 

        { 

            _tprintf(_T("/t/tLAN Manager 2.x domain member./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_LOCAL_LIST_ONLY) 

        { 

            _tprintf(_T("/t/tServers maintained by the browser./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_DIALIN_SERVER) 

        { 

            _tprintf(_T("/t/tServer running dial-in service./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_TIME_SOURCE) 

        { 

            _tprintf(_T("/t/tServer running the Timesource service./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_SERVER_MFPN) 

        { 

            _tprintf(_T("/t/tMicrosoft File and Print for NetWare./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_NT) 

        { 

            _tprintf(_T("/t/tWindows NT/2000/XP workstation or server./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_WFW) 

        { 

            _tprintf(_T("/t/tServer running Windows for Workgroups./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_POTENTIAL_BROWSER) 

        { 

            _tprintf(_T("/t/tServer that can run the browser service./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_BACKUP_BROWSER) 

        { 

            _tprintf(_T("/t/tServer running a browser service as backup./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_MASTER_BROWSER) 

        { 

            _tprintf(_T("/t/tServer running the master browser service./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_DOMAIN_MASTER) 

        { 

            _tprintf(_T("/t/tServer running the domain master browser./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_CLUSTER_NT) 

        { 

            _tprintf(_T("/t/tServer clusters available in the domain./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_SQLSERVER) 

        { 

            _tprintf(_T("/t/tAny server running with Microsoft SQL Server./n")); 

        } 

        if(pBuf->sv101_type & SV_TYPE_SERVER_NT) 

        { 

            _tprintf(_T("/t/tWindows NT/2000 server that is not a domain controller./n")); 

        } 

    } 

    else 

    { 

        lerror=GetLastError(); 

        if(lerror==997) 

        { 

            _tprintf(_T("/nFingerprint:/tOverlapped I/O operation is in progress./n")); 

        } 

        else 

        { 

                        _tprintf(_T("/nFingerprint Error:/t%d/n"),lerror); 

        } 

    } 

    if(pBuf!=NULL) 

    { 

        NetApiBufferFree(pBuf); 

    } 

    return 0; 

} 


int netbios(PTSTR server)       

{ 

    DWORD              er,tr,resume; 

    DWORD              i,dwLength,dwLevel; 

    PSHARE_INFO_1      pBuf,pBuffer; 

    NET_API_STATUS     nStatus; 

    DWORD              lerror; 


    er=0;             

    tr=0; 

    resume=0; 

    dwLevel=1; 

    dwLength=_tcslen(server); 


         _tprintf(_T("/n****** Netbios ******/n")); 

    do 

    {                                                 

        nStatus=NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

        if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA)) 

        { 

                       pBuffer=pBuf; 

                  for(i=1;i<=er;i++)   

            { 

                _tprintf(_T("/nName:/t/t%s"),pBuffer->shi1_netname); 

                _tprintf(_T("/nRemark:/t/t%s"),pBuffer->shi1_remark); 

                _tprintf(_T("/nType:/t/t")); 

                if(pBuffer->shi1_type==STYPE_DISKTREE)     

                { 

                    _tprintf(_T("Disk drive./n")); 

                } 

                else if(pBuffer->shi1_type==STYPE_PRINTQ)   

                { 

                    _tprintf(_T("Print queue./n")); 

                } 

                else if(pBuffer->shi1_type==STYPE_DEVICE) 

                { 

                    _tprintf(_T("Communication device./n")); 

                } 

                else if(pBuffer->shi1_type==STYPE_IPC)   

                { 

                    _tprintf(_T("Interprocess communication (IPC)./n"));   

                } 

                else if(pBuffer->shi1_type==STYPE_SPECIAL) 

                { 

                    _tprintf(_T("Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$)./n")); 

                } 

                else 

                { 

                    _tprintf(_T("/n")); 

                } 

                pBuffer++; 

            } 

        } 

        else 

        { 

            lerror=GetLastError(); 

            if(lerror==997) 

            { 

                _tprintf(_T("/nNetbios:/tOverlapped I/O operation is in progress./n")); 

            } 

            else 

            { 

                _tprintf(_T("/nNetbios Error:/t%d/n"),lerror); 

            } 

        } 

              if(pBuf!=NULL) 

        { 

                   NetApiBufferFree(pBuf); 

        } 

    } 

    while(nStatus==ERROR_MORE_DATA); 

    return 0; 

} 


int users(PTSTR server) 

{ 

    PNET_DISPLAY_USER  pBuf,pBuffer; 

    DWORD              nStatus; 

    DWORD              dwRec; 

    DWORD              i=0; 

    DWORD              lerror; 

    DWORD              dwLevel; 


    dwLevel=1; 


    _tprintf(_T("/n******* Users *******/n")); 

    do 

    { 

        nStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf); 

        if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA)) 

        { 

            pBuffer=pBuf; 

            for(;dwRec>0;dwRec--) 

            { 

                _tprintf(_T("/nName:/t/t%s"),pBuffer->usri1_name); 

                _tprintf(_T("/nFull Name:/t%s"),pBuffer->usri1_full_name); 

                _tprintf(_T("/nUser ID:/t%u"),pBuffer->usri1_user_id); 

                _tprintf(_T("/nComment: /t%s"),pBuffer->usri1_comment); 

                _tprintf(_T("/nFlag:"));   

                if(pBuffer->usri1_flags & UF_ACCOUNTDISABLE) 

                { 

                    _tprintf(_T("/t/tThe user's account is disabled./n")); 

                } 

                if(pBuffer->usri1_flags & UF_TRUSTED_FOR_DELEGATION) 

                { 

                    _tprintf(_T("/t/tThe account is enabled for delegation. /n")); 

                } 

                if(pBuffer->usri1_flags & UF_LOCKOUT) 

                { 

                    _tprintf(_T("/t/tThe account is currently locked out (blocked)./n")); 

                } 

                if(pBuffer->usri1_flags & UF_SMARTCARD_REQUIRED) 

                { 

                    _tprintf(_T("/t/tRequires the user to log on to the user account with a smart card. /n")); 

                } 

                if(pBuffer->usri1_flags & UF_DONT_REQUIRE_PREAUTH) 

                { 

                    _tprintf(_T("/t/tThis account does not require Kerberos preauthentication for logon./n")); 

                } 

                if(pBuffer->usri1_flags & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) 

                { 

                    _tprintf(_T("/t/tThe user's password is stored under reversible encryption in the Active Directory. /n")); 

                } 

                if(pBuffer->usri1_flags & UF_NOT_DELEGATED) 

                { 

                    _tprintf(_T("/t/tMarks the account as /"sensitive/"; other users cannot act as delegates of this user account./n")); 

                } 

                if(pBuffer->usri1_flags & UF_USE_DES_KEY_ONLY) 

                { 

                    _tprintf(_T("/t/tRestrict this principal to use only Data Encryption Standard (DES) encryption types for keys./n")); 

                } 

                if(pBuffer->usri1_flags & UF_HOMEDIR_REQUIRED) 

                { 

                    _tprintf(_T("/t/tThe home directory is required. Windows NT/Windows 2000/Windows XP ignores this value./n")); 

                } 

                if(pBuffer->usri1_flags & UF_SCRIPT) 

                { 

                    _tprintf(_T("/t/tThe logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/2000/XP./n")); 

                } 

                i=pBuffer->usri1_next_index; 

                pBuffer++; 

            } 

        } 

        else 

        {   

            lerror=GetLastError(); 

            if(lerror==997) 

            { 

                _tprintf(_T("/nUsers:/t/tOverlapped I/O operation is in progress./n")); 

            } 

            else 

            { 

                _tprintf(_T("/nUsers Error:/t%d/n"),lerror); 

            } 

        } 

          if(pBuf!=NULL) 

        { 

                        NetApiBufferFree(pBuf); 

        } 

    }while(nStatus==ERROR_MORE_DATA); 

    return 0; 

} 


int localgroup(PTSTR server)   

{ 

    NET_API_STATUS      nStatus; 

    PLOCALGROUP_INFO_1  pBuf,pBuffer; 

    DWORD               i,dwLevel; 

         DWORD               er,tr,resume; 

    DWORD               lerror; 


    resume=0; 

    dwLevel=1; 


    _tprintf(_T("/n**** Local Group ****/n")); 

    do 

    {                                                     

        nStatus=NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

        if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA)) 

        { 

            pBuffer=pBuf; 

            for(i=1;i<=er;i++) 

            { 

                _tprintf(_T("/nName:/t/t%s"),pBuffer->lgrpi1_name); 

                _tprintf(_T("/nComment:/t%s"),pBuffer->lgrpi1_comment); 

                _tprintf(_T("/n")); 

                pBuffer++; 

            } 

        } 

        else 

        { 

            lerror=GetLastError(); 

            if(lerror==997) 

            { 

                _tprintf(_T("/nLocal Group:/tOverlapped I/O operation is in progress./n")); 

            } 

            else 

            { 

                _tprintf(_T("/nLocal Group Error:/t%d/n"),lerror); 

            } 

        } 

        if(pBuf!=NULL) 

        { 

              NetApiBufferFree(pBuf); 

        } 

    }while(nStatus==ERROR_MORE_DATA); 

    return 0; 

} 


int globalgroup(PTSTR server)   

{ 

    PNET_DISPLAY_GROUP   pGBuf,pGBuffer; 

    PGROUP_USERS_INFO_0  pUBuf,pUBuffer; 

    DWORD                nGStatus,nUStatus; 

    DWORD                i; 

    DWORD                dwLevel,dwRec; 

    DWORD                k; 

    DWORD                er,tr,resume; 

    DWORD                lerror; 

     

    i=0; 

    er=0; 

    tr=0; 

    resume=0; 

    dwLevel=3; 

    _tprintf(_T("/n**** Global group ****/n")); 

         do 

    { 

        nGStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf); 

            if((nGStatus==ERROR_SUCCESS) || (nGStatus==ERROR_MORE_DATA)) 

        { 

            pGBuffer=pGBuf; 

            for(;dwRec>0;dwRec--) 

            { 

                _tprintf(_T("/nName:/t/t%s"),pGBuffer->grpi3_name); 

                     _tprintf(_T("/nComment:/t%s"),pGBuffer->grpi3_comment); 

                          _tprintf(_T("/nGroup ID:/t%u"),pGBuffer->grpi3_group_id); 

                                  _tprintf(_T("/nAttributs:/t%u"),pGBuffer->grpi3_attributes); 

                _tprintf(_T("/nMembers:/t")); 


                           nUStatus=NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

                if(nUStatus==NERR_Success) 

                { 

                    pUBuffer=pUBuf; 

                    for(k=1;k<=er;k++) 

                    { 

                        _tprintf(_T("%s  "),pUBuffer->grui0_name); 

                                         pUBuffer++; 

                    } 

                                     if(pUBuf!=NULL) 

                    { 

                                  NetApiBufferFree(pUBuf); 

                    } 

                } 

                _tprintf(_T("/n")); 

                i=pGBuffer->grpi3_next_index; 

                pGBuffer++; 

            } 

        } 

        else 

        { 

            lerror=GetLastError(); 

            if(lerror==997) 

            { 

                _tprintf(_T("/nGlobal Group:/tOverlapped I/O operation is in progress./n")); 

            } 

            else 

            { 

                _tprintf(_T("/nGlobal Group Error:/t%d/n"),lerror); 

            } 

        } 

        if(pGBuf!=NULL) 

        { 

                      NetApiBufferFree(pGBuf); 

        } 

    }while(nGStatus==ERROR_MORE_DATA); 

         return 0; 

} 


int transport(PTSTR server)   

{ 

    NET_API_STATUS           nStatus; 

    PSERVER_TRANSPORT_INFO_0 pBuf,pBuffer; 

    DWORD                    dwLevel; 

    DWORD                    i; 

         DWORD                    er,tr,resume; 

         DWORD                    dwTotalCount; 

    DWORD                    dwLength; 

    DWORD                    lerror; 


         er=0; 

    tr=0; 

    resume=0; 

    dwLevel=0; 

    dwTotalCount=0; 


    _tprintf(_T("/n***** Transport *****/n")); 

    dwLength=_tcslen(server); 

    do 

    { 

        nStatus=NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

        if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA)) 

        { 

                           pBuffer=pBuf; 

            for(i=0;i<er;i++) 

            { 

                          _tprintf(_T("/nTransport:/t%s"),pBuffer->svti0_transportname); 

                _tprintf(_T("/nNetworkAddr:/t%s"),pBuffer->svti0_networkaddress); 

                _tprintf(_T("/nActiveClient:/t%d User(s)/n"),pBuffer->svti0_numberofvcs); 

                              pBuffer++; 

                                 dwTotalCount++; 

            } 

        } 

        else 

        { 

            lerror=GetLastError(); 

            if(lerror==997) 

            { 

                _tprintf(_T("/nTransport:/tOverlapped I/O operation is in progress./n")); 

            } 

            else 

            { 

                _tprintf(_T("/nTransport Error:/t%d/n"),lerror); 

            } 

        } 

             if(pBuf!=NULL) 

        { 

                            NetApiBufferFree(pBuf); 

        } 

    }while(nStatus==ERROR_MORE_DATA); 

    _tprintf(_T("/nTotal of %d entrie(s) enumerated./n"),dwTotalCount); 

    return 0; 

} 

     

int session(PTSTR server)   

{ 

    PSESSION_INFO_10   pBuf,pBuffer; 

    NET_API_STATUS     nStatus; 

    DWORD              i,dwLevel; 

    DWORD              er,tr,resume; 

    DWORD              dwTotalCount; 

    DWORD              dwLength; 

    PTSTR              pszClient; 

    PTSTR              pszUser; 

    DWORD              lerror; 


    _tprintf(_T("/n****** Session ******/n")); 

    dwLevel=10; 

    dwTotalCount=0; 

    pszClient=NULL; 

    pszUser=NULL; 

    er=0; 

    tr=0; 

    resume=0; 

    dwLength=_tcslen(server); 


    do 

    { 

        nStatus=NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); 

        if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA)) 

        { 

            pBuffer=pBuf; 

            for(i=0;i<er;i++) 

            { 

                if(pBuffer==NULL) 

                { 

                    _tprintf(_T("An access violation has occurred./n")); 

                    break; 

                } 

                _tprintf(_T("/nClient:/t/t%s"),pBuffer->sesi10_cname); 

                _tprintf(_T("/nUser:/t/t%s"),pBuffer->sesi10_username); 

                _tprintf(_T("/nSeconds Active:/t%d"),pBuffer->sesi10_time); 

                _tprintf(_T("/nSeconds Idle:/t%d/n"),pBuffer->sesi10_idle_time); 

                pBuffer++; 

                dwTotalCount++; 

            } 

        } 

        else 

        { 

            lerror=GetLastError(); 

            if(lerror==997) 

            { 

                _tprintf(_T("/nSession:/tOverlapped I/O operation is in progress./n")); 

            } 

            else 

            { 

                _tprintf(_T("/nSession Error:/t%d/n"),lerror); 

            } 

        } 

        if(pBuf!=NULL) 

        { 

            NetApiBufferFree(pBuf); 

        } 

    }while(nStatus==ERROR_MORE_DATA); 

       _tprintf(_T("/nTotal of %d entrie(s) enumerated./n"),dwTotalCount); 

    return 0; 

}