首页 > 编程资源分享区 > C/C++源代码共享 > 黑客软件编写基础知识集合
2006
01-10

黑客软件编写基础知识集合

确定Windows和windows系统目录


有两个SDK函数可以完成该功能。GetWindowsDirectory和GetSystemDirectory,下例说明了如何使用这两个函数:


TCHAR szDir [MAX_PATH];


//Get the full path of the windows directory.


:: GetWindowsDirectory (szDir, MAX_PATH);


TRACE (“Windows directory %s\n”, szDir);


//Get the full path of the windows system directory.


:: GetSystemDirectory (szDir, MAX_PATH);


TRACE (“Windows system directory %s\n”, szDir);
让程序从CTRL+ATL+DEL消失


使用Win32 API函数RegisterServiceProcess这里我们使用了汇编。


#include <windows.h>


HINSTANCE hLibrary;
void *regproc;


void CADInit(void);
void HideApp(void);
void ShowApp(void);
void CADClean(void);


int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
CADInit(); //加载 DLL 并创建一指向它指针
HideApp(); //隐藏程序
//ShowApp(); //显示程序


//其他处理或调用


CADClean(); //卸载 DLL
return 0; //retrun 0 因为没有进入消息循环
}


void CADInit(void)
{
//加载 kernel32.dll
hLibrary = LoadLibrary(“kernel32.dll”);
//获取函数RegisterServiceProcess的地址
regproc = GetProcAddress(hLibrary, “RegisterServiceProcess”);
}


void HideApp(void)
{
//实现程序的隐藏
__asm
{
push 1
push 0
call regproc
}
return;
}


void ShowApp(void)
{
//恢复状态
__asm
{
push 0
push 0
call regproc
}
return;
}


void CADClean(void)
{
//卸载 DLL
FreeLibrary(hLibrary);
return;
}
本程序在W2K和Win9x测试通过。
程序自杀(进程自己结束自己)


HMODULE module = GetModuleHandle(0);
CHAR buf[MAX_PATH];
GetModuleFileName(module, buf, sizeof buf);
CloseHandle(HANDLE(4));


 __asm
{
lea eax, buf
push 0
push 0
push eax
push ExitProcess
push module
push DeleteFile
push UnmapViewOfFile
ret
}
return;
操作系统信息


//结构OSVERSIONINFO包含操作系统的版本信息
OSVERSIONINFO osvi;
CString winver,os;


osvi.dwOSVersionInfoSize=sizof(OSVERSIONINFO);
GetVersionEx(&osvi);


switch(osvi.dwPlatformId)
{
case 0:
os=”Win 3.X”;
break;
case 1:
os=”Win 9X”;
break;
case 2:
os=”Win NT/2000/XP”;
break;
default:
os=”Other OS”;
break;
}
隐藏你的鼠标



(注意:注销或重新启动就可以恢复)


一、建立一个单文档的应用程序框架
二、为隐藏主窗口,将OnCreate 删除。
并在App类里修改m_pMainWnd指向ShowWindow(SW_HIDE)
三、现在在mainframe的实现文件里添加如下内容:


POINT mp,cursorNew;
/////////////////////////////////////
// CMainFrame construction/destruction
UINT FMouse(LPVOID param)
{
    int flag=0;


    WINDOWPLACEMENT wp;///窗口位置
    wp.length=sizeof(WINDOWPLACEMENT);
    HWND hWnd;
    char tmp[20];
    RECT rt;
    hWnd=GetDesktopWindow();////GetForegroundWindow();
    GetWindowPlacement(hWnd,&wp);
    GetWindowRect(hWnd,&rt);
    GetWindowText(hWnd,tmp,20);


    HDC dc=GetDC((HWND)param);


int iResult;
    iResult=AfxMessageBox(“确实要隐藏吗?”,MB_OKCANCEL);
    if(iResult==IDOK)
    {
        while(1)
        {
             hWnd=GetForegroundWindow();//GetDesktopWindow();
             GetWindowRect(hWnd,&rt);
             GetWindowText(hWnd,tmp,20);
             GetWindowPlacement(hWnd,&wp);
             GetCursorPos(&cursorNew);
             while(1){
             ::mouse_event(MOUSEEVENTF_MOVE,cursorNew.x,cursorNew.y,0,0);
             }
        }
    }
    return 0;
}
在构造函数里启动线程CMainFrame::CMainFrame()
{
    HWND hWnd=::GetParent(NULL);
    GetCursorPos(&mp);
    AfxBeginThread(FMouse,hWnd,0);   
}
系统的定时关机


TOKEN_PRIVILEGES tkp;
    HANDLE hToken;


if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEG ES | TOKEN_QUERY, &hToken))
    {
    MessageBox(“OpenProcessToken failed!”);
    }


LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid); //获得本地机唯一的标识
    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); //调整获得的权限


    if (GetLastError() != ERROR_SUCCESS)
    {
MessageBox(“AdjustTokenPrivileges enable failed!”);
    }


fResult =InitiateSystemShutdown(
NULL, // 要关的计算机用户名,可在局域网网中关掉对方的机器,NULL表示关本机
“由于系统不稳定,WINDOWS将在上面的时间内关机,请做好保存工作!”, // 显示的消息
10, // 关机所需的时间
TRUE,
TRUE); //设为TRUE为重起,设为FALSE为关机


if(!fResult)
{
MessageBox(“InitiateSystemShutdown failed.”);
    }


tkp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0);


if (GetLastError() != ERROR_SUCCESS)
    {
MessageBox(“AdjustTokenPrivileges disable failed.”);
    }


    ExitWindowsEx(EWX_SHUTDOWN,0); //开始关机
程序只运行一个实例,并激活前一个实例


具体实现:


1、在程序初始化的时候 (InitInstance()) 枚举所有的窗口,查找本程序的实例是否存在
2、在主窗口初始化的时候在本窗口的属性列表中添加一个标记,以便程序查找.


部分关键代码


1、在App的InitInstance()中枚举所有窗口,查找本程序实例


HWND oldHWnd = NULL;
EnumWindows(EnumWndProc,(LPARAM)&oldHWnd); //枚举所有运行的窗口
if(oldHWnd != NULL)
{
    AfxMessageBox(“本程序已经在运行了”);
    ::showWindow(oldHWnd,SW_SHOWNORMAL); //激活找到的前一个程序
    ::setForegroundWindow(oldHWnd); //把它设为前景窗口
    return false; //退出本次运行
}
2、添加EnumWndProc窗口过程函数://添加的标识只运行一次的属性名
CString g_szPropName = “Your Prop Name”; //自己定义一个属性名
HANDLE g_hValue = (HANDLE)1; //自己定义一个属性值


BOOL CALLBACK EnumWndProc(HWND hwnd,LPARAM lParam)
{
    HANDLE h = GetProp(hwnd,g_szPropName);
    if( h == g_hValue)
    {
        *(HWND*)lParam = hwnd;
        return false;
    }
    return true;
}
3、在主窗口的 OnInitDialog()中添加属性 //设置窗口属性
SetProp(m_hWnd,g_szPropName,g_hValue);
探测Windows主机的NetBIOS信息


NetBIOS信息
在我们和远程Windows2000/XP主机建立了空会话之后,我们就有权枚举系统里的各项NetBIOS信息了。当然在某些选项中需要较高的权利,不过我们只执行那些匿名用户可以获得的绝大多数系统信息。


时间:探测远程主机的当前日期和时间信息。它会返回一个数据结构,包括年,月,日,星期,时,分,秒等等。不过得到的是GMT标准时间,当然对于我们来说就应该换算为GMT+8:00了。由此可以判断出主机所在的时区信息。


操作系统指纹:探测远程主机的操作系统指纹信息。一共有三种级别的探测(100,101,102),我们使用的是101级,它会返回一个数据结构,可以获取远程主机的平台标识,服务器名称,操作系统的主次版本(Windows2000为5.0,WindowsXP为5.1,而最新操作系统Longhorn的版本为6.0),服务器类型(每台主机可能同时包含多种类型信息)和注释。


共享列表:探测远程主机的共享列表。我们可以获得一个数据结构指针,枚举远程主机的所有共享信息(隐藏的共享列表在内)。其中包括共享名称,类型与备注。类型可分为:磁盘驱动器,打印队列,通讯设备,进程间通讯与特殊设备。


用户列表: 探测远程主机的用户列表,返回一个数据结构指针,枚举所有用户信息。可获取用户名,全名,用户标识符,说明与标识信息。标识信息可以探测用户的访问权限。


本地组列表: 探测远程主机的本地组列表信息。枚举所有本地组信息,包含本地组名称和注释信息。


组列表: 探测远程主机的组列表信息。枚举所有的组信息,包括组名称,注释,组标识符与属性。在此基础上,我们可以枚举组内的所有用户信息。


组用户列表: 探测特定组内的用户信息。我们可以获得组内所有用户的名称。当我门获得了所有的用户列表,下一步就应该很清楚了,那就是挂一个字典进行破解了。


传输协议列表: 探测远程主机的传输协议信息,枚举所有的传输列表。可以获得每个传输协议的名称,地址,网络地址和当前与本传输协议连接的用户数目。


会话列表: 探测远程主机的当前会话列表。枚举每个会话的相关信息,包括客户端主机的名称,当前用户的名称,活动时间和空闲时间。这可以帮助我们了解远程主机用户的喜好等等。


主要函数与相关数据结构分析


1. 建立空会话
WNetAddConnection2(&nr,username,password,0);
//nr为NETRESOURCE数据结构的对象;
//username为建立空会话的用户名,在此将用户名设置为NULL;
//password为登陆密码,在此将密码设置为NULL;
2. 撤消空会话
WNetCancelConnection2(ipc,0,TRUE);
//ipc为TCHAR的指针,我们可以这样获得:
//swprintf(ipc,_T(“\\\\%s\\ipc$”),argv[1]),argv[1]为主机名或地址;


3. 探测主机时间
nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
//参数server为主机的名称或地址;
//pBuf为TIME_OF_DAY_INFO数据结构的指针;
//nStatus为NET_API_STATUS成员;


4. 探测操作系统指纹
NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
//dwLevel为等级数,我们选择的是101级;
//pBuf是SERVER_INFO_101数据结构的指针;


5. 探测共享列表
NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
//dwLevel的等级数为1级;
//pBuf是SHARE_INFO_1数据结构的指针;
//MAX_PREFERRED_LENGTH指定返回数据的长度;
//er指明返回的实际可以枚举的成员数目;
//tr返回所有的成员数目;
//resume用于继续进行共享搜索;


6. 探测用户列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);
//dwLevel的等级数为1级;
//i为枚举的索引;
//dwRec返回获取的信息数目;
//pBuf为NET_DISPLAY_USER数据结构的指针;


7. 探测本地组列表
NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,-1,&er,&tr,&resume);
//dwLevel的等级是1;
//pBuf返回LOCALGROUP_INFO_1数据结构的指针;


8. 探测组列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);
//dwLevel的等级为3;
//pGBuf返回NET_DISPLAY_GROUP的数据结构指针;


9. 探测组内的用户
NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resum e);
//pGBuffer->grpi3_name为组的名称;
//pUBuf返回GROUP_USERS_INFO_0数据结构的指针;


10.探测传输协议列表
NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
//dwLevel的等级为0级;
//pBuf返回SERVER_TRANSPORT_INFO_0数据结构的指针;


11.探测会话列表
NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
//pszClient指定客户的地址;
//pszUser指定用户名;
//dwLevel的等级是10级;
//pBuf返回SESSION_INFO_10数据结构的指针;


12.释放内存
NetApiBufferFree(pBuf);
//释放由系统分配的内存空间。



 


黑客软件编写基础知识集合》有 2 条评论

  1. VC爱好者 说:

    源代码

    #define UNICODE
    #define _UNICODE

    #include <windows.h>
    #include <winnetwk.h>
    #include <tchar.h>
    #include “include\lmaccess.h”
    #include “include\lmserver.h”
    #include “include\lmshare.h”
    #include <lm.h>

    #pragma comment (lib,”mpr”)
    #pragma comment (lib,”netapi32″)

    void start();
    void usage();
    int datetime(PTSTR server);
    int fingerprint(PTSTR server);
    int netbios(PTSTR server);
    int users(PTSTR server);
    int localgroup(PTSTR server);
    int globalgroup(PTSTR server);
    int transport(PTSTR server);
    int session(PTSTR server);

    int wmain(int argc,TCHAR *argv[])
    {
        NETRESOURCE nr;
        DWORD ret;
        TCHAR username[100]=_T(“”);
        TCHAR password[100]=_T(“”);
        TCHAR ipc[100]=_T(“”);

        system(“cls.exe”);
        start();
        if(argc!=2)
        {
            usage();
            return -1;
        }
        swprintf(ipc,_T(“\\\\%s\\ipc$”),argv[1]);
        nr.lpLocalName=NULL;
        nr.lpProvider=NULL;
        nr.dwType=RESOURCETYPE_ANY;
        nr.lpRemoteName=ipc;
        ret=WNetAddConnection2(&nr,username,password,0);
        if(ret!=ERROR_SUCCESS)
        {
            _tprintf(_T(“\nIPC$ Connect Failed.\n”));
            return -1;
        }

        datetime(argv[1]);
    fingerprint(argv[1]);
        netbios(argv[1]);
        users(argv[1]);
        localgroup(argv[1]);
        globalgroup(argv[1]);
        transport(argv[1]);
        session(argv[1]);

        ret=WNetCancelConnection2(ipc,0,TRUE);
        if(ret!=ERROR_SUCCESS)
        {
            _tprintf(_T(“IPC$ Disconnect Failed.\n”));
            return -1;
        }
        return 0;
    }

    void start()
    {
        _tprintf(_T(“=====[ T-SMB Scan, by TOo2y ]=====\n”));
        _tprintf(_T(“=====[ E-mail: TOo2y@safechina.net ]=====\n”));
        _tprintf(_T(“=====[ HomePage:www.safechina.net ]=====\n”));
        _tprintf(_T(“=====[ Date: 12-12-2002 ]=====\n”));
    }

    void usage()
    {
        _tprintf(_T(“\nUsage:\t T-SMB Remoteip”));
        _tprintf(_T(“\nRequest: Remote host must be opening port 445/tcp of Microsoft-DS.\n”));
    }

    int datetime(PTSTR server)
    {
        PTIME_OF_DAY_INFO pBuf=NULL;
        NET_API_STATUS nStatus;
        DWORD lerror;

        _tprintf(_T(“\n*** Date and Time ***\n”));
        nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
        if(nStatus==NERR_Success)
        {
            if(pBuf!=NULL)
            {
                 _tprintf(_T(“\nCurrent date:\t%.2d-%.2d-%d”),pBuf->tod_month,pBuf->tod_day,pB uf->tod_year);
                 _tprintf(_T(“\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT)”),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_se cs,pBuf->tod_hunds);
                 pBuf->tod_hours=(pBuf->tod_hours+8)%24;
                 _tprintf(_T(“\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT+08:00)\n”),pBuf->tod_hours,pBuf->tod_mins,pBuf-&g t;tod_secs,pBuf->tod_hunds);
            }
        }
        else
        {
            lerror=GetLastError();
            if(lerror==997)
            {
                 _tprintf(_T(“\nDateTime:\tOverlapped I/O operation is in progress. \n”));
            }
            else
            {
            _tprintf(_T(“\nDatetime Error:\t%d\n”),lerror);
            }
        }
        if(pBuf!=NULL)
        {
            NetApiBufferFree(pBuf);
        }
        return 0;
    }

    int fingerprint(PTSTR server)
    {
    DWORD dwlength;
        DWORD dwLevel;
        NET_API_STATUS nStatus;
        PSERVER_INFO_101 pBuf;
        DWORD lerror;

        dwLevel=101;
        pBuf=NULL;
        dwlength=_tcslen(server);

        _tprintf(_T(“\n**** Fingerprint ****\n”));
        nStatus=NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
        if(nStatus==NERR_Success)
        {
            _tprintf(_T(“\nComputername:\t%s”),pBuf->sv101_name);
            _tprintf(_T(“\nComment:\t%s”),pBuf->sv101_comment);
            _tprintf(_T(“\nPlatform:\t%d”),pBuf->sv101_platform_id);
            _tprintf(_T(“\nVersion:\t%d.%d”),pBuf->sv101_version_majo r,pBuf->sv101_version_minor);
            _tprintf(_T(“\nType:”));
            if(pBuf->sv101_type & SV_TYPE_NOVELL)
            {
                 _tprintf(_T(“\t\tNovell server.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_XENIX_SERVER)
            {
                 _tprintf(_T(“\t\tXenix server.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_DOMAIN_ENUM)
            {
                 _tprintf(_T(“\t\tPrimary domain .\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_TERMINALSERVER)
            {
                 _tprintf(_T(“\t\tTerminal Server.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_WINDOWS)
            {
                 _tprintf(_T(“\t\tWindows 95 or later.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_SERVER)
            {
                 _tprintf(_T(“\t\tA LAN Manager server.\n”));
            }
    if(pBuf->sv101_type & SV_TYPE_WORKSTATION)
            {
            _tprintf(_T(“\t\tA LAN Manager workstation.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_PRINTQ_SERVER)
            {
                 _tprintf(_T(“\t\tServer sharing print queue.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL)
            {
                 _tprintf(_T(“\t\tPrimary domain controller.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL)
            {
                 _tprintf(_T(“\t\tBackup domain controller.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_AFP)
            {
                 _tprintf(_T(“\t\tApple File Protocol server.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_DOMAIN_MEMBER)
            {
                 _tprintf(_T(“\t\tLAN Manager 2.x domain member.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_LOCAL_LIST_ONLY)
            {
                 _tprintf(_T(“\t\tServers maintained by the browser.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_DIALIN_SERVER)
            {
                 _tprintf(_T(“\t\tServer running dial-in service.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_TIME_SOURCE)
            {
                 _tprintf(_T(“\t\tServer running the Timesource service.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_SERVER_MFPN)
            {
                 _tprintf(_T(“\t\tMicrosoft File and Print for NetWare.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_NT)
            {
                 _tprintf(_T(“\t\tWindows NT/2000/XP workstation or server.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_WFW)
            {
                 _tprintf(_T(“\t\tServer running Windows for Workgroups.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_POTENTIAL_BROWSER)
            {
                 _tprintf(_T(“\t\tServer that can run the browser service.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_BACKUP_BROWSER)
            {
                 _tprintf(_T(“\t\tServer running a browser service as backup.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_MASTER_BROWSER)
            {
                 _tprintf(_T(“\t\tServer running the master browser service.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_DOMAIN_MASTER)
            {
                 _tprintf(_T(“\t\tServer running the domain master browser.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_CLUSTER_NT)
            {
                 _tprintf(_T(“\t\tServer clusters available in the domain.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_SQLSERVER)
            {
                 _tprintf(_T(“\t\tAny server running with Microsoft SQL Server.\n”));
            }
            if(pBuf->sv101_type & SV_TYPE_SERVER_NT)
            {
                 _tprintf(_T(“\t\tWindows NT/2000 server that is not a domain controller.\n”));
            }
        }
        else
        {
            lerror=GetLastError();
            if(lerror==997)
            {
                 _tprintf(_T(“\nFingerprint:\tOverlapped I/O operation is in progress.\n”));
            }
            else
            {
            _tprintf(_T(“\nFingerprint Error:\t%d\n”),lerror);
            }
        }
        if(pBuf!=NULL)
        {
            NetApiBufferFree(pBuf);
        }
        return 0;
    }

    int netbios(PTSTR server)
    {
        DWORD er,tr,resume;
        DWORD i,dwLength,dwLevel;
        PSHARE_INFO_1 pBuf,pBuffer;
        NET_API_STATUS nStatus;
        DWORD lerror;

        er=0;
        tr=0;
        resume=1;
        dwLevel=1;
        dwLength=_tcslen(server);

    _tprintf(_T(“\n****** Netbios ******\n”));
        do
        {
            nStatus=NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
            if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))
            {
            pBuffer=pBuf;
            for(i=1;i<=er;i++)
                 {
                     _tprintf(_T(“\nName:\t\t%s”),pBuffer->shi1_netname);
                     _tprintf(_T(“\nRemark:\t\t%s”),pBuffer->shi1_remark);
                     _tprintf(_T(“\nType:\t\t”));
                     if(pBuffer->shi1_type==STYPE_DISKTREE)
                     {
                         _tprintf(_T(“Disk drive.\n”));
                     }
                     else if(pBuffer->shi1_type==STYPE_PRINTQ)
                     {
                         _tprintf(_T(“Print queue.\n”));
                     }
                     else if(pBuffer->shi1_type==STYPE_DEVICE)
                     {
                         _tprintf(_T(“Communication device.\n”));
                     }
                     else if(pBuffer->shi1_type==STYPE_IPC)
                     {
                         _tprintf(_T(“Interprocess communication (IPC).\n”));
                     }
                     else if(pBuffer->shi1_type==STYPE_SPECIAL)
                     {
                         _tprintf(_T(“Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$).\n”));
                     }
                     else
                     {
                         _tprintf(_T(“\n”));
                     }
                     pBuffer++;
                 }
            }
            else
            {
                 lerror=GetLastError();
                 if(lerror==997)
                 {
                     _tprintf(_T(“\nNetbios:\tOverlapped I/O operation is in progress.\n”));
                 }
                 else
                 {
                     _tprintf(_T(“\nNetbios Error:\t%d\n”),lerror);
                 }
            }
        if(pBuf!=NULL)
            {
            NetApiBufferFree(pBuf);
            }
        }
        while(nStatus==ERROR_MORE_DATA);
        return 0;
    }

    int users(PTSTR server)
    {
        PNET_DISPLAY_USER pBuf,pBuffer;
        DWORD nStatus;
        DWORD dwRec;
        DWORD i=0;
        DWORD lerror;
        DWORD dwLevel;

        dwLevel=1;

        _tprintf(_T(“\n******* Users *******\n”));
        do
        {
            nStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFF FFFFFF,&dwRec,(PVOID *)&pBuf);
            if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))
            {
                 pBuffer=pBuf;
                 for(;dwRec>0;dwRec–)
                 {
                     _tprintf(_T(“\nName:\t\t%s”),pBuffer->usri1_name);
                     _tprintf(_T(“\nFull Name:\t%s”),pBuffer->usri1_full_name);
                     _tprintf(_T(“\nUser ID:\t%u”),pBuffer->usri1_user_id);
                     _tprintf(_T(“\nComment: \t%s”),pBuffer->usri1_comment);
                     _tprintf(_T(“\nFlag:”));
                     if(pBuffer->usri1_flags & UF_ACCOUNTDISABLE)
                     {
                         _tprintf(_T(“\t\tThe user”s account is disabled.\n”));
                     }
                     if(pBuffer->usri1_flags & UF_TRUSTED_FOR_DELEGATION)
                     {
                         _tprintf(_T(“\t\tThe account is enabled for delegation. \n”));
                     }
                     if(pBuffer->usri1_flags & UF_LOCKOUT)
                     {
                         _tprintf(_T(“\t\tThe account is currently locked out (blocked).\n”));
                     }
                     if(pBuffer->usri1_flags & UF_SMARTCARD_REQUIRED)
                     {
                         _tprintf(_T(“\t\tRequires the user to log on to the user account with a smart card. \n”));
                     }
                     if(pBuffer->usri1_flags & UF_DONT_REQUIRE_PREAUTH)
                     {
                         _tprintf(_T(“\t\tThis account does not require Kerberos preauthentication for logon.\n”));
                     }
                     if(pBuffer->usri1_flags & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)
                     {
                         _tprintf(_T(“\t\tThe user”s password is stored under reversible encryption in the Active Directory. \n”));
                     }
                     if(pBuffer->usri1_flags & UF_NOT_DELEGATED)
                     {
                         _tprintf(_T(“\t\tMarks the account as \”sensitive\”; other users cannot act as delegates of this user account.\n”));
                     }
                     if(pBuffer->usri1_flags & UF_USE_DES_KEY_ONLY)
                     {
                         _tprintf(_T(“\t\tRestrict this principal to use only Data Encryption Standard (DES) encryption types for keys.\n”));
                     }
                     if(pBuffer->usri1_flags & UF_HOMEDIR_REQUIRED)
                     {
                         _tprintf(_T(“\t\tThe home directory is required. Windows NT/Windows 2000/Windows XP ignores this value.\n”));
                     }
                     if(pBuffer->usri1_flags & UF_SCRIPT)
                     {
                         _tprintf(_T(“\t\tThe logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/2000/XP.\n”));
                     }
                     i=pBuffer->usri1_next_index;
                     pBuffer++;
                 }
            }
            else
            {
                 lerror=GetLastError();
                 if(lerror==997)
                 {
                     _tprintf(_T(“\nUsers:\t\tOverlapped I/O operation is in progress.\n”));
                 }
                 else
                 {
                     _tprintf(_T(“\nUsers Error:\t%d\n”),lerror);
                 }
            }
            if(pBuf!=NULL)
            {
            NetApiBufferFree(pBuf);
            }
        }while(nStatus==ERROR_MORE_DATA);
        return 0;
    }

    int localgroup(PTSTR server)
    {
        NET_API_STATUS nStatus;
        PLOCALGROUP_INFO_1 pBuf,pBuffer;
        DWORD i,dwLevel;
    DWORD er,tr,resume;
        DWORD lerror;

        resume=0;
        dwLevel=1;

        _tprintf(_T(“\n**** Local Group ****\n”));
        do
        {
            nStatus=NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
            if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
            {
                 pBuffer=pBuf;
                 for(i=1;i<=er;i++)
                 {
                     _tprintf(_T(“\nName:\t\t%s”),pBuffer->lgrpi1_name);
                     _tprintf(_T(“\nComment:\t%s”),pBuffer->lgrpi1_comment);
                     _tprintf(_T(“\n”));
                     pBuffer++;
                 }
            }
            else
            {
                 lerror=GetLastError();
                 if(lerror==997)
                 {
                     _tprintf(_T(“\nLocal Group:\tOverlapped I/O operation is in progress.\n”));
                 }
                 else
                 {
                     _tprintf(_T(“\nLocal Group Error:\t%d\n”),lerror);
                 }
            }
            if(pBuf!=NULL)
            {
            NetApiBufferFree(pBuf);
            }
        }while(nStatus==ERROR_MORE_DATA);
        return 0;
    }

    int globalgroup(PTSTR server)
    {
        PNET_DISPLAY_GROUP pGBuf,pGBuffer;
        PGROUP_USERS_INFO_0 pUBuf,pUBuffer;
        DWORD nGStatus,nUStatus;
        DWORD i;
        DWORD dwLevel,dwRec;
        DWORD k;
        DWORD er,tr,resume;
        DWORD lerror;
       
        i=0;
        dwLevel=3;
        er=0;
        tr=0;
        resume=0;
        _tprintf(_T(“\n**** Global group ****\n”));
    do
        {
            nGStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xF FFFFFFF,&dwRec,(PVOID*)&pGBuf);
    if((nGStatus==ERROR_SUCCESS) || (nGStatus==ERROR_MORE_DATA))
            {
                 pGBuffer=pGBuf;
                 for(;dwRec>0;dwRec–)
                 {
                     _tprintf(_T(“\nName:\t\t%s”),pGBuffer->grpi3_name);
                 _tprintf(_T(“\nComment:\t%s”),pGBuffer->grpi3_comment);
                 _tprintf(_T(“\nGroup ID:\t%u”),pGBuffer->grpi3_group_id);
            _tprintf(_T(“\nAttributs:\t%u”),pGBuffer->grpi3_attribute s);
                     _tprintf(_T(“\nMembers:\t”));

                 nUStatus=NetGroupGetUsers(server,pGBuffer->grpi3_name,0,( PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resum e);
                     if(nUStatus==NERR_Success)
                     {
                         pUBuffer=pUBuf;
                         for(k=1;k<=er;k++)
                         {
                               _tprintf(_T(“%s “),pUBuffer->grui0_name);
                         pUBuffer++;
                         }
                     if(pUBuf!=NULL)
                         {
                         NetApiBufferFree(pUBuf);
                         }
                     }
                     _tprintf(_T(“\n”));
                     i=pGBuffer->grpi3_next_index;
                     pGBuffer++;
                 }
            }
            else
            {
                 lerror=GetLastError();
                 if(lerror==997)
                 {
                     _tprintf(_T(“\nGlobal Group:\tOverlapped I/O operation is in progress.\n”));
                 }
                 else
                 {
                     _tprintf(_T(“\nGlobal Group Error:\t%d\n”),lerror);
                 }
            }
            if(pGBuf!=NULL)
            {
            NetApiBufferFree(pGBuf);
            }
        }while(nGStatus==ERROR_MORE_DATA);
    return 0;
    }

    int transport(PTSTR server)
    {
        NET_API_STATUS nStatus;
        PSERVER_TRANSPORT_INFO_0 pBuf,pBuffer;
        DWORD dwLevel;
        DWORD i;
    DWORD er,tr,resume;
    DWORD dwTotalCount;
        DWORD dwLength;
        DWORD lerror;

    er=0;
        tr=0;
        resume=0;
        dwLevel=0;
        dwTotalCount=0;

        _tprintf(_T(“\n***** Transport *****\n”));
        dwLength=_tcslen(server);
        do
        {
            nStatus=NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
            if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
            {
    pBuffer=pBuf;
                 for(i=0;i<er;i++)
                 {
                 _tprintf(_T(“\nTransport:\t%s”),pBuffer->svti0_transportn ame);
                     _tprintf(_T(“\nNetworkAddr:\t%s”),pBuffer->svti0_networka ddress);
                     _tprintf(_T(“\nActiveClient:\t%d User(s)\n”),pBuffer->svti0_numberofvcs);
            pBuffer++;
                 dwTotalCount++;
                 }
            }
            else
            {
                 lerror=GetLastError();
                 if(lerror==997)
                 {
                     _tprintf(_T(“\nTransport:\tOverlapped I/O operation is in progress.\n”));
                 }
                 else
                 {
                     _tprintf(_T(“\nTransport Error:\t%d\n”),lerror);
                 }
            }
        if(pBuf!=NULL)
            {
        NetApiBufferFree(pBuf);
            }
        }while(nStatus==ERROR_MORE_DATA);
        _tprintf(_T(“\nTotal of %d entrie(s) enumerated.\n”),dwTotalCount);
        return 0;
    }
       
    int session(PTSTR server)
    {
        PSESSION_INFO_10 pBuf,pBuffer;
        NET_API_STATUS nStatus;
        DWORD i,dwLevel;
        DWORD er,tr,resume;
        DWORD dwTotalCount;
        DWORD dwLength;
        PTSTR pszClient;
        PTSTR pszUser;
        DWORD lerror;

        _tprintf(_T(“\n****** Session ******\n”));
        dwLevel=10;
        dwTotalCount=0;
        pszClient=NULL;
        pszUser=NULL;
        er=0;
        tr=0;
        resume=0;
        dwLength=_tcslen(server);

        do
        {
            nStatus=NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBY TE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume );
            if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
            {
                 pBuffer=pBuf;
                 for(i=0;i<er;i++)
                 {
                     if(pBuffer==NULL)
                     {
                         _tprintf(_T(“An access violation has occurred.\n”));
                         break;
                     }
                     _tprintf(_T(“\nClient:\t\t%s”),pBuffer->sesi10_cname);
                     _tprintf(_T(“\nUser:\t\t%s”),pBuffer->sesi10_username);
                     _tprintf(_T(“\nSeconds Active:\t%d”),pBuffer->sesi10_time);
                     _tprintf(_T(“\nSeconds Idle:\t%d\n”),pBuffer->sesi10_idle_time);
                     pBuffer++;
                     dwTotalCount++;
                 }
            }
            else
            {
                 lerror=GetLastError();
                 if(lerror==997)
                 {
                     _tprintf(_T(“\nSession:\tOverlapped I/O operation is in progress.\n”));
                 }
                 else
                 {
                     _tprintf(_T(“\nSession Error:\t%d\n”),lerror);
                 }
            }
            if(pBuf!=NULL)
            {
                 NetApiBufferFree(pBuf);
            }
        }while(nStatus==ERROR_MORE_DATA);
        _tprintf(_T(“\nTotal of %d entrie(s) enumerated.\n”),dwTotalCount);
        return 0;
    }
    分析IP地址(DDX)

    编写Internet应用程序, 需要校验用户进入的IP地址和确认它是正确的.

    首先,需要在对话框的头文件里加入下面的函数声明:

    #include <winsock.h>
    void WINAPI DDX_IPAddress(CDataExchange* pDX, int nIDC, UINT & value);
    实现数据交换,你需要在你的对话框DoDataExchange函数里调用DDX_IPAddress函数。
    现在,在对话框的实现文件中加入下列代码,不要忘记在项目设置中包含ws2_32.lib.

    // DDX routine fo IP address translation
    void WINAPI DDX_IPAddress(CDataExchange* pDX, int nIDC, UINT & value)
    {
        // from dialog to class ?
        if( pDX->m_bSaveAndValidate)
        {
            CString Val;
            BOOL bValid = true;

            pDX->m_pDlgWnd->GetDlgItem(nIDC)->GetWindowText(Val );

            for( int i = 0; i < Val.GetLength(); i++)
            {
                 // let’s check if all entered char in entered
                 // IP address are digits
                 if(Val == ‘.’)
                     continue;

                 if(isdigit(Val) == 0)
                 {
                     bValid = false;
                     break;             
                 }
            }

            if(bValid)
            {
                 value = inet_addr(Val);
                 if(value == INADDR_NONE)
                 {
                     pDX->m_pDlgWnd->MessageBox(“The entered IP address is invalid.”);
                     pDX->PrepareEditCtrl(nIDC);
                     pDX->Fail();
                 }
            }
            else
            {
                 pDX->m_pDlgWnd->MessageBox(“IP address can only have digits and dots.”);
                 pDX->PrepareEditCtrl(nIDC);
                 pDX->Fail();
            }
        }
        else
        {
            // if the value is a valid IP address store it in the child control
            in_addr IPaddress;
            memcpy(&IPaddress, &value, 4);
            CString Address = inet_ntoa(IPaddress);
            if(!Address.IsEmpty())
            {
                 pDX->m_pDlgWnd->GetDlgItem(nIDC)->SetWindowText(Add ress);
            }
        }   
    } 
    得到计算机的主机名和IP地址

    #include<winsock2.h>

    链接库:Wsock32.lib

    {
    WORD wVersionRequested;
    WSADATA wsaData;
    char name[255];
    CString ip;
    PHOSTENT hostinfo;
    wVersionRequested = MAKEWORD( 2, 0 );

    if ( WSAStartup( wVersionRequested, &wsaData ) == 0 )
    {

    if( gethostname ( name, sizeof(name)) == 0)
    {
    if((hostinfo = gethostbyname(name)) != NULL)
    {
    ip = inet_ntoa (*(struct in_addr *)*hostinfo->h_addr_list);
    }
    }

    WSACleanup( );
    }
    }

  2. nysan88 说:

     晕啊

留下一个回复