Abstract:
Original: TOO2Y (night)
Source: China Safety Net (SafeChina)
Detect NetBIOS information for remote Windows hosts
Author: Too2y [original]
E-mail: Too2y@safechina.net
Homepage:
http://www.safechina.net/
Date: 12-25-2002
Note:
This article T-SMB detects NetBIOS information of the remote host, including operating system fingerprints, shared directories, users and group, transfer lists, and other information. You can download this software in the China Security Network.
Download link: <
http://www.safechina.net/download/click.php?type= This site original & id = 1040000080>
Everyone mentioned the security of the Windows2000 / XP system, soon I will think of Null Session. This can be regarded as a back door of Microsoft, a lot of simple and easy attacks are achieved by empty space. Here, we don't discuss how to capture a Windows2000 / XP system, but to talk about which NetBIOS information we can get the remote host after establishing an empty session. (Since this article is for Windows2000 / XP system, Unicode encoding is used).
A) NetBIOS information
After we establish an empty session with the remote Windows2000 / XP host, we have the right to enumerate the NetBIOS information in the system. Of course, higher rights are required in some options, but we only perform the vast majority of system information that anonymous users can get.
Time: Detect the current date and time information of the remote host. It returns a data structure, including year, month, day, week, time, minute, second, etc. However, it is GMT standard time, of course, for us, it should be converted to GMT 8: 00. This makes it possible to determine the time zone information of the host.
Operating system fingerprint: detect the operating system fingerprint information of the remote host. There are three levels of probing (100, 101, 102), we use 101 level, it will return a data structure, you can get the platform identity of the remote host, the server name, the primary version of the operating system (Windows 2000 is 5.0 WindowsXP is 5.1, and the latest operating system Longhorn version is 6.0), the server type (each host may contain multiple types of information at the same time) and comments.
Sharing list: Detect a shared list of remote hosts. We can get a data structural pointer to enumerate all shared information of a remote host (hidden shared list). These include shared names, types and memories. Types can be divided into: Disk drive, print queue, communication device, inter-process communication and special equipment.
User list: Detect the user list of the remote host, return a data structural pointer, enumerate all user information. You can get username, full name, user identifier, description and identification information. Identification information can detect user access rights.
Local Group List: Detect the local group list information of the remote host. Enumerate all local group information, including local group names and comment information.
Group List: Detect the group list information of the remote host. Enumerate all group information, including group names, comments, group identifiers, and properties. On this basis, we can enumerate all user information in the group.
Group User List: Detecting user information within a particular group. We can get the name of all users in the group. When I got all the list of users, the next step should be very clear, it is hanging a dictionary to crack. Transfer Protocol list: Detect the transmission protocol information of the remote host, enumerate all the listings. The name, address, network address, and the number of users currently connected to this transfer protocol can be obtained.
Session list: Detect the current session list of the remote host. Enumerate the information about each session, including the name of the client host, the current user's name, activity time, and idle time. This can help us understand the preferences of remote host users, and so on.
2) Analysis of main functions and related data structures
Establish an empty conversation
WnetdConnection2 (& NR, UserName, Password, 0);
// Nr is an object of the NetResource data structure;
// username is a username for establishing an empty session, where the username is set to NULL;
// Password is the login password, and the password is set to NULL.
2. Undo empty session
WNETCANCELCONNECTION2 (IPC, 0, TRUE);
// IPC is TCHAR's pointer, we can get this:
// SWPRINTF (IPC, _T ("% s // ipc $"), argv [1]), argv [1] is host name or address;
3. Detect the host time
NSTATUS = NetRemotetoD (Server, (Pbyte *) & PBUF);
// Parameter server is the name or address of the host;
// PBUF is a pointer to the Time_Of_Day_info data structure;
// nStatus member of NET_API_STATUS;
4. Detect the operating system fingerprint
NetServergetInfo (Server, dwlevel, (pbyte *) & pbuf);
// dwlevel is the number of levels, we choose 101;
// PBUF is a pointer to the server_info_101 data structure;
5. Detect sharing list
Netshareenum (Server, DWLEVEL, (Pbyte *) & Pbuf, Max_Preferred_length, & Er, & Tr, & Resume;
// DWLEVEL level number is level 1;
// PBUF is a pointer of the Share_INFO_1 data structure;
// max_preferred_length Specifies the length of the return data;
// Er indicates the number of members that returns the actual enumeration;
// Tr Returns the number of members;
// Resume is used to continue sharing search;
6. Detect the user list
NetQueryDisplayInformation (Server, DWLEVEL, I, 100, 0xFFFFFFF, & DWREC, (PVOID *) & PBUF;
// DWLEVEL level number is level 1;
// i is an index of enumeration;
// DWREC returns the number of information;
// PBUF is a pointer to the NET_DISPLAY_USER data structure;
7. Detect local group list
NetLocalgroupenum (Server, Dwlevel, (Pbyte *) & Pbuf, -1, & ER, & Tr, & Resume
// DWLEVEL level is 1;
// PBUF returns a pointer to the localgroup_info_1 data structure;
8. Probe Group List
NetQueryDisplayInformation (Server, dwlevel, i, 100, 0xfffffffff, & dwrec, (pvoid *) & pgbuf; // dwlevel level is 3;
// PGBUF Returns the data structural pointer of net_display_group;
9. User within the group
NetGroupgetusers (Server, PGBuffer-> Grpi3_name, 0, (Pbyte *) & Pubuf, Max_Preferred_length, & Er, & Tr, & Resume;
// pgbuffer-> GrPi3_name is the name of the group;
// Pubuf returns a pointer to the Group_USERS_INFO_0 data structure;
10. Detect the list of transport protocols
NetServertransportenum (Server, DWLEVEL, (Pbyte *) & Pbuf, Max_Preferred_length, & Er, & Tr, & Resume;
// DWLEVEL level is 0;
// PBUF Returns a pointer to the server_transport_info_0 data structure;
11. Detection session list
NetsessionNum (Server, Pszclient, PSzuser, Dwlevel, (Pbyte *) & Pbuf, Max_Preferred_length, & Er, & Tr, & Resume;
// pszclient Specifies the address of the customer;
// pszuser specifies the username;
// dwlevel level is level 10;
// PBUF returns a pointer to the session_info_10 data structure;
12. Release memory
Netapibufferfree (PBUF);
// Release the memory space allocated by the system.
3) How to prevent NetBIOS information from leakage
We can install a firewall to disable the establishment of empty sessions, or we can disable NetBIOS on TCP / IP in the network connection properties, and of course you can also disable 445 / TCP port in the IP security policy. As long as the empty session cannot be successfully established, it is difficult to obtain the information mentioned above.
Source code
#define unicode
#define _unicode
#include
#include
#include
#include
#pragma comment (LIB, "MPR")
#pragma comment (Lib, "NetApi32")
Void start ();
Void usage ();
INT DateTime (PTSTR Server);
INT FingerPrint (PTSTR Server);
Int NetBIOS (PTSTR Server);
INT Users (PTSTR Server);
INT localgroup (PTSTR Server);
INT GlobalGroup (PTSTR Server);
Int Transport (PTSTR Server);
INT session (PTSTR Server);
Int WMAIN (int Argc, tchar * argv [])
{
NetResource NR;
DWORD RET;
TCHAR Username [100] = _ T ("");
TCHAR Password [100] = _ T ("");
TCHAR IPC [100] = _ T ("");
System ("cls.exe");
START ();
IF (argc! = 2)
{
USAGE ();
Return -1;
}
SWPRINTF (IPC, _T ("% s // ipc $"), argv [1]);
nr.lplocalname = null;
nr.lpprovider = null;
nr.dewtype = resourcetype_any;
nr.lpremotename = IPC;
Ret = WnetdConnection2 (& NR, UserName, Password, 0);
IF (Ret! = Error_Success)
{
_tprintf (_t ("/ NIPC $ Connect Failed./N")));
Return -1;
}
DateTime (Argv [1]);
Fingerprint (Argv [1]);
NetBIOS (Argv [1]);
Users (Argv [1]);
Localgroup (Argv [1]);
GlobalGroup (Argv [1]);
Transport (Argv [1]);
Session (Argv [1]);
RET = WNETCANCELCONNECTION2 (IPC, 0, TRUE);
IF (Ret! = Error_Success)
{
_tprintf (_T ("IPC $ Disconnect Failed./N"));
Return -1;
}
Return 0;
}
Void start ()
{
_tprintf (_t ("===== [T-SMB Scan, by TOO2Y] ===== / n"));
_tprintf (_t ("===== [e-mail: Too2y@safechina.net] ===== / n"));
_tprintf (_t ("===== [homepage:
http://www.safechina.net/] ===== / n "));
_tprintf (_t ("===== [Date: 12-12-2002] ===== / n"));
}
Void usage ()
{
_tprintf (_t ("/ nusage: / t-SMB Remoteip"));
}
INT DateTime (PTSTR Server)
{
PTIME_OF_DAY_INFO PBUF = NULL;
NET_API_STATUS NSTATUS;
DWORD LERROR;
_tprintf (_t ("/ n *** date and time *** / n"));
NSTATUS = NetRemotetoD (Server, (Pbyte *) & PBUF);
IF (nStatus == Nerr_suCcess)
{
IF (PBUF! = NULL)
{
_tprintf (_t ("/ ncurrent date: /t%.2d -%. 2D-% D"), PBUF-> TOD_MONTH, PBUF-> TOD_DAY, PBUF-> TOD_YEAR);
_tprintf (_t ("/ ncurrent time: /t%.2d:%. 2D:%. 2D.%. 2D (gmt)"), PBUF-> Tod_HOURS, PBUF-> TOD_MINS, PBUF-> TOD_SECS, PBUF-> TOD_HUNDS); PBUF-> TOD_HOURS = (PBUF-> TOD_HOURS 8)% 24;
_tprintf (_t ("/ ncurrent time: /t%.2d:%. 2D:%. 2D.%. 2D (GMT 08: 00) / N"), PBUF-> TOD_HOURS, PBUF-> TOD_MINS, PBUF- > TOD_SECS, PBUF-> TOD_HUNDS;
}
}
Else
{
Lerror = getLastError ();
IF (lerror == 997)
{
_tprintf (_t ("/ ndatetime: / Toverlapped I / O Operation IS in Progress. / N"))));
}
Else
{
_tprintf (_t ("/ ndatetime error: / t% d / n"), lerror);
}
}
IF (PBUF! = NULL)
{
Netapibufferfree (PBUF);
}
Return 0;
}
Int fingerprint (PTSTR Server)
{
DWORD DWLENGTH;
DWORD dwlevel;
NET_API_STATUS NSTATUS;
PSERVER_INFO_101 PBUF;
DWORD LERROR;
DWLEVEL = 101;
PBUF = NULL;
DWLENGTH = _TCSLEN (Server);
_tprintf (_t ("/ n **** fingerprint **** / n")));
NSTATUS = NetServergetInfo (Server, DWLEVEL, (PBYTE *) & PBUF);
IF (nStatus == Nerr_suCcess)
{
_tprintf (_t ("/ ncomputername: / t% s"), PBUF-> SV101_NAME);
_tprintf (_t ("/ ncomment: / t% s"), PBUF-> SV101_Comment);
_tprintf (_t ("/ nplatform: / t% d"), PBUF-> SV101_PLATFORM_ID);
_tprintf (_t ("/ nversion: /t%d.%D"), PBUF-> SV101_VERSION_MAJOR, PBUF-> SV101_VERSION_MINOR);
_tprintf (_t ("/ ntype:");
IF (PBUF-> SV101_TYPE & SV_TYPE_NOVELL)
{
_tprintf (_t ("/ t / tnovell server./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_XENIX_SERVER)
{
_tprintf (_t ("/ t / txenix server./n"))));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_DOMAIN_ENUM)
{
_tprintf (_t ("/ t / tprimary domain ./n")));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_TERMINALRERVER)
{
_tprintf (_t ("/ t / Tterminal Server./N"));
IF (PBUF-> SV101_TYPE & SV_TYPE_WINDOWS)
{
_tprintf (_t ("/ t / twindows 95 or latern./N"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_SERVER)
{
_tprintf (_T ("/ t / ta lan manager server./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_WORKSTATION)
{
_tprintf (_T ("/ t / ta lan manager workstation./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_PRINTQ_SERVER)
{
_tprintf (_T ("/ t / tserver sharing print queue./N"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_DOMAIN_CTRL)
{
_tprintf (_T ("/ t / tprimary domain controller./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_DOMAIN_BAKCTRL)
{
_tprintf (_T ("/ t / tbackup domain controller./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_AFP)
{
_tprintf (_t ("/ t / tapple file protocol server./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_DOMAIN_MEMBER)
{
_tprintf (_T ("/ t / tlan manager 2.x domain member./N"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_LOCAL_LIST_ONLY)
{
_tprintf (_T ("/ t / tServers maintained by the browser./n")));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_DIALIN_SERVER)
{
_tprintf ("/ t / tserver running dial-in service./n")));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_TIME_SOURCE)
{
_tprintf (_t ("/ t / tserver running the timeshesource service./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_SERVER_MFPN)
{
_tprintf (_t ("/ t / tmicrosoft file and print for netware./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_NT)
{
_tprintf (_t ("/ t / twindows nt / 2000 / xp workstation or server./n"))));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_WFW)
{
_tprintf (_T ("/ t / tserver running windows for workgroups./n")));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_POTENTIAL_BROWSER) {
_tprintf (_T ("/ T / TServer That Can Run The Browser Service./N")));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_BACKUP_BROWSER)
{
_tprintf (_T ("/ t / tServer Running a Browser Service As Backup./N"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_MASTER_BROWSER)
{
_tprintf (_T ("/ t / tserver running the master browser service./n"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_DOMAIN_MASTER)
{
_tprintf ("/ t / tServer Running the domain master browser./n")));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_CLUSTER_NT)
{
_tprintf (_T ("/ T / TServer Clusters Available In The Domain./N"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_SQLSERVER)
{
_tprintf (_T ("/ t / tany server running with microsoft sql server./N"));
}
IF (PBUF-> SV101_TYPE & SV_TYPE_SERVER_NT)
{
_tprintf (_T ("/ T / Twindows NT / 2000 Server That IS Not a Domain Controller./N"));
}
}
Else
{
Lerror = getLastError ();
IF (lerror == 997)
{
_tprintf (_T ("/ nfingerprint: / Toverlapped I / O Operation is in programs./n"));
}
Else
{
_tprintf (_t ("/ nfingerprint error: / t% d / n"), lerror);
}
}
IF (PBUF! = NULL)
{
Netapibufferfree (PBUF);
}
Return 0;
}
Int NetBIOS (PTSTR Server)
{
DWORD ER, TR, RESUME
DWORD I, DWLENGTH, DWLEVEL;
Pshare_INFO_1 PBUF, PBUFFER;
NET_API_STATUS NSTATUS;
DWORD LERROR;
ER = 0;
Tr = 0;
Resume = 0;
DWLEVEL = 1;
DWLENGTH = _TCSLEN (Server);
_tprintf (_t ("/ n ****** Netbios ****** / n"));
DO
{
NSTATUS = NetShareenum (Server, DWLEVEL, (PBYTE *) & PBUF, Max_Preferred_length, & Er, & Tr, & Resume;
IF ((NSTATUS == Error_Success) || (NSTATUS == ERROR_MORE_DATA)) {
PBUFFER = PBUF;
For (i = 1; i <= er; i )
{
_tprintf (_t ("/ nname: / t / t% s"), pBuffer-> shi1_netname);
_tprintf (_t ("/ nremark: / t / t% s"), PBuffer-> shi1_remark;
_tprintf (_t ("/ ntype: / t / t"))));
IF (PBuffer-> Shi1_Type == STYPE_DISKTREE)
{
_tprintf (_T ("Disk drive./n"));
}
Else IF (PBuffer-> Shi1_Type == STYPE_PRINTQ)
{
_tprintf (_T ("print queue./n")));
}
Else IF (PBuffer-> shi1_type == stype_device)
{
_tprintf (_T ("Communication Device./N"));
}
Else IF (PBuffer-> Shi1_Type == STYPE_IPC)
{
_tprintf ("Interprocess Communication (IPC) ./ n"));
}
Else IF (PBuffer-> shi1_type == stype_special)
{
_tprintf ("Special Share Reserved for InterProcess Communication or Remote Administration of the Server (admin $) ./ n"));
}
Else
{
_tprintf (_t ("/ n"));
}
PBUFFER ;
}
}
Else
{
Lerror = getLastError ();
IF (lerror == 997)
{
_tprintf (_T ("/ nnetbios: / Toverlapped I / O Operation is in programs./n"));
}
Else
{
_tprintf (_t ("/ nnetbios error: / t% d / n"), LERROR);
}
}
IF (PBUF! = NULL)
{
Netapibufferfree (PBUF);
}
}
While (nstatus == error_more_data);
Return 0;
}
Int Users (PTSTR Server)
{
PNET_DISPLAY_USER PBUF, PBUFFER;
DWORD NSTATUS;
DWORD DWREC;
DWORD I = 0;
DWORD LERROR;
DWORD dwlevel;
DWLEVEL = 1;
_tprintf (_t ("/ n ****** / n"))));
DO
{
NSTATUS = NetQueryDisplayInformation (Server, DWLEVEL, I, 100, 0xFfffffff, & dwrec, (pvoid *) & pbuf;
IF ((NSTATUS == Error_Success) || (NSTATUS == ERROR_MORE_DATA)) {
PBUFFER = PBUF;
For (; dwrec> 0; dwrec -)
{
_tprintf (_t ("/ nname: / t / t% s"), pBuffer-> usri1_name);
_tprintf (_t ("/ nfull name: / t% s"), pBuffer-> usri1_full_name);
_tprintf (_T ("/ NUSER ID: / T% U"), PBuffer-> USRI1_USER_ID);
_tprintf (_t ("/ ncomment: / t% s), pBuffer-> usri1_comment);
_tprintf (_t ("/ nflag:")));
IF (pBuffer-> usri1_flags & uf_accountdisable)
{
_tprintf (_T ("/ t / tthe user's account is disabled./n"));
}
IF (PBuffer-> USRI1_FLAGS & UF_TRUSTED_FOR_DELEGATION)
{
_tprintf (_t ("/ t / tthe account is enabled for generation. / n"));
}
IF (PBuffer-> usri1_flags & uf_lockout)
{
_tprintf (_t ("/ t / tthe account is currently locked out (blocked) ./ n"));
}
IF (PBuffer-> USRI1_FLAGS & UF_SMARTCARD_REQUIRED)
{
_tprintf ("/ t / trequires the user to log on to the user account with a smart card. / n"));
}
IF (PBuffer-> USRI1_FLAGS & UF_DONT_REQUIRE_PREAUTH)
{
_tprintf (_T ("/ T / Tthis Account Does Not Require Kerberos Preaulthentication for Logon./N"));
}
IF (pBuffer-> usri1_flags & uf_encrypted_text_password_allowed)
{
_tprintf (_T ("/ t / tthe user's password is stored under review in the activity directory. / n"));
}
IF (pBuffer-> usri1_flags & uf_not_dlegate)
{
_tprintf (_t ("/ t / tmarks the account as /" sensitive / "; other users cannot.");
}
IF (PBuffer-> USRI1_FLAGS & UF_USE_DES_KEY_ONLY)
{
_tprintf ("/ t / treestrict this principal to use online type e t斯 ../N"));
}
IF (PBuffer-> USRI1_FLAGS & UF_HOMEDIR_REQUIRED) {
_tprintf (_T ("/ T / Tthe Home Directory is Required. Windows NT / Windows 2000 / Windows XP Ignores this value./N"));
}
IF (PBuffer-> USRI1_FLAGS & UF_Script)
{
_tprintf ("/ t / tthe logon script executed. this value must be set for lan manager 2.0 and windows nt / 2000 / xp. / n"));
}
i = pBuffer-> usri1_next_index;
PBUFFER ;
}
}
Else
{
Lerror = getLastError ();
IF (lerror == 997)
{
_tprintf (_T ("/ NUSERS: / T / TOVERLAPPED I / O Operation IS in Progress./N"))
}
Else
{
_tprintf (_T ("/ NUSERS ERROR: / T% D / N"), LERROR);
}
}
IF (PBUF! = NULL)
{
Netapibufferfree (PBUF);
}
} while (nstatus == error_more_data);
Return 0;
}
INT localgroup (PTSTR Server)
{
NET_API_STATUS NSTATUS;
PLOCALGROUP_INFO_1 PBUF, PBUFFER;
DWORD I, DWLEVEL;
DWORD ER, TR, RESUME
DWORD LERROR;
Resume = 0;
DWLEVEL = 1;
_tprintf (_t ("/ n **** local group **** / n"));
DO
{
NSTATUS = NetLocalgroupenum (Server, DWLEVEL, (Pbyte *) & Pbuf, Max_Preferred_Length, & Er, & Tr, & Resume;
IF ((NSTATUS == Nerr_Success) || (NSTATUS == Error_More_Data))
{
PBUFFER = PBUF;
For (i = 1; i <= er; i )
{
_tprintf (_t ("/ nname: / t / t% s"), PBuffer-> LGRPI1_NAME);
_tprintf (_t ("/ ncomment: / t% s), pBuffer-> LGRPI1_Comment);
_tprintf (_t ("/ n"));
PBUFFER ;
}
}
Else
{
Lerror = getLastError ();
IF (lerror == 997)
{
_tprintf (_T ("/ nlocal group: / Toverlapped I / O Operation is in programs./n"));
}
Else
{
_tprintf (_t ("/ nlocal group error: / t% d / n"), lerror);
}
}
IF (PBUF! = NULL)
{
Netapibufferfree (PBUF);
}
} while (nstatus == error_more_data); return 0;
}
INT GlobalGroup (PTSTR Server)
{
PNET_DISPLAY_GROUP PGBUF, PGBuffer;
PGROUP_USERS_INFO_0 PUBUF, Pubuffer;
DWORD NGSTATUS, NUSTATUS;
DWORD I;
DWORD DWLEVEL, DWREC;
DWORD K;
DWORD ER, TR, RESUME
DWORD LERROR;
i = 0;
ER = 0;
Tr = 0;
Resume = 0;
DWLEVEL = 3;
_tprintf (_t ("/ n **** global group **** / n"));
DO
{
Ngstatus = NetQueryDisplayInformation (Server, DWLEVEL, I, 100, 0xFffffff, & Dwrec, (pvoid *) & pgbuf;
IF ((NgStatus == Error_Success) || (ngstatus == error_more_data))
{
PGBuffer = pgbuf;
For (; dwrec> 0; dwrec -)
{
_tprintf (_t ("/ nname: / t / t% s"), pgbuffer-> grpi3_name);
_tprintf (_t ("/ ncomment: / t% s), pgbuffer-> grpi3_comment);
_tprintf (_t ("/ ngroup ID: / t% u"), pgbuffer-> grpi3_group_id);
_tprintf (_T ("/ nattributs: / t% u"), pgbuffer-> grpi3_attributes);
_tprintf (_t ("/ nmembers: / t"));
Nustatus = NetGroupgetusers (Server, Pgbuffer-> GRPI3_NAME, 0, (PBYTE *) & Pubuf, Max_Preferred_length, & Er, & Tr, & Resume;
IF (Nustatus == Nerr_suCcess)
{
Pubuffer = Pubuf;
For (k = 1; k <= er; k )
{
_tprintf (_t ("% s"), pubuffer-> grui0_name);
Pubuffer ;
}
IF (Pubuf! = NULL)
{
Netapibufferfree (Pubuf);
}
}
_tprintf (_t ("/ n"));
I = pgbuffer-> grpi3_next_index;
PGBuffer ;
}
}
Else
{
Lerror = getLastError ();
IF (lerror == 997)
{
_tprintf (_T ("/ nglobal group: / Toverlapped I / O Operation IS in Progress./N"));
}
Else
{
_tprintf (_T ("/ nglobal group error: / t% d / n"), lerror);
}
}
IF (PGBUF! = NULL)
{
Netapibufferfree (PGBUF);
}
} while (ngstatus == error_more_data);
Return 0;
}
Int Transport (PTSTR Server)
{
NET_API_STATUS NSTATUS;
PSERVER_TRANSPORT_INFO_0 PBUF, PBUFFER;
DWORD dwlevel;
DWORD I;
DWORD ER, TR, RESUME
DWORD DWTOTALCOUNT;
DWORD DWLENGTH;
DWORD LERROR;
ER = 0;
Tr = 0;
Resume = 0;
dwlevel = 0;
DWTOTALCOUNT = 0;
_tprintf (_t ("/ n ***** transport ***** / n"));
DWLENGTH = _TCSLEN (Server);
DO
{
NSTATUS = NetServertransportenum (Server, DWLEVEL, (Pbyte *) & Pbuf, Max_Preferred_length, & Er, & Tr, & Resume;
IF ((NSTATUS == Nerr_Success) || (NSTATUS == Error_More_Data))
{
PBUFFER = PBUF;
For (i = 0; i { _tprintf (_t ("/ ntransport: / t% s"), PBuffer-> SVTI0_TRANSPORTNAME); _tprintf ("/ nnetworkaddr: / t% s"), pBuffer-> svti0_networkaddress; _tprintf (_t ("/ nactiveclient: / t% D user (s) / n"), pBuffer-> svti0_numberofvcs); PBUFFER ; DWTOTALCOUNT ; } } Else { Lerror = getLastError (); IF (lerror == 997) { _tprintf (_t ("/ ntransport: / Toverlapped I / O Operation IS in Progress./N")); } Else { _tprintf (_t ("/ ntransport error: / t% d / n"), lerror); } } IF (PBUF! = NULL) { Netapibufferfree (PBUF); } } while (nstatus == error_more_data); _tprintf (_t ("/ ntotal of% d Entrie (s) enumerated./n"), dwatalcount; Return 0; } Int session (PTSTR Server) { Psession_INFO_10 PBUF, PBUFFER; NET_API_STATUS NSTATUS; DWORD I, DWLEVEL; DWORD ER, TR, RESUME DWORD DWTOTALCOUNT; DWORD DWLENGTH; PTSTR PSZCLIENT; PTSTR PSZUSER; DWORD LERROR; _tprintf (_t ("/ n ****** session ****** / n"))); DWLEVEL = 10; DWTOTALCOUNT = 0; Pszclient = null; pszuser = null; ER = 0; Tr = 0; Resume = 0; DWLENGTH = _TCSLEN (Server); DO { NSTATUS = NetSessionNum (Server, Pszclient, Pszuser, Dwlevel, (Pbyte *) & Pbuf, Max_Preferred_length, & Er, & Tr, & Resume; IF ((NSTATUS == Nerr_Success) || (NSTATUS == Error_More_Data)) { PBUFFER = PBUF; For (i = 0; i { IF (pbuffer == null) { _tprintf (_t ("an access violation has occurred./n)); Break; } _tprintf (_t ("/ nclient: / t / t% s"), PBuffer-> SESI10_CNAME); _tprintf (_T ("/ NUSER: / T / T% S"), PBuffer-> SESI10_USERNAME); _tprintf (_t ("/ nseconds active: / t% d"), PBuffer-> SESI10_TIME); _tprintf (_t ("/ nseconds idle: / t% d / n"), PBuffer-> SESI10_IDLE_TIME); PBUFFER ; DWTOTALCOUNT ; } } Else { Lerror = getLastError (); IF (lerror == 997) { _tprintf (_t ("/ nsession: / Toverlapped I / O Operation IS in Progress./N")); } Else { _tprintf (_T ("/ nsession error: / t% d / n"), LERROR); } } IF (PBUF! = NULL) { Netapibufferfree (PBUF); } } while (nstatus == error_more_data); _tprintf (_t ("/ ntotal of% d Entrie (s) enumerated./n"), dwatalcount; Return 0; }
