| 关键词: text 函数 push 程序 注释 代码 call eax hInstance lpCommandline |
确定Windows和windows系统目录 有两个SDK函数可以完成该功能。GetWindowsDirectory和GetSystemDirectory,下例说明了如何使用这两个函数: TCHAR szDir [MAX_PATH]; //Get the full path of the windows directory. :: GetWindowsDirectory (szDir, MAX_PATH); TRACE ("Windows directory %s\n", szDir); //Get the full path of the windows system directory. :: GetSystemDirectory (szDir, MAX_PATH); TRACE ("Windows system directory %s\n", szDir); ********************************************************************************** 让程序从CTRL+ATL+DEL消失 使用Win32 API函数RegisterServiceProcess这里我们使用了汇编。 #include <windows.h> HINSTANCE hLibrary; void *regproc; void CADInit(void); void HideApp(void); void ShowApp(void); void CADClean(void); int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { CADInit(); //加载 DLL 并创建一指向它指针 HideApp(); //隐藏程序 //ShowApp(); //显示程序 //其他处理或调用 CADClean(); //卸载 DLL return 0; //retrun 0 因为没有进入消息循环 } void CADInit(void) { //加载 kernel32.dll hLibrary = LoadLibrary("kernel32.dll"); //获取函数RegisterServiceProcess的地址 regproc = GetProcAddress(hLibrary, "RegisterServiceProcess"); } void HideApp(void) { //实现程序的隐藏 __asm { push 1 push 0 call regproc } return; } void ShowApp(void) { //恢复状态 __asm { push 0 push 0 call regproc } return; } void CADClean(void) { //卸载 DLL FreeLibrary(hLibrary); return; } 本程序在W2K和Win9x测试通过。 ********************************************************************************************* 程序自杀(进程自己结束自己) HMODULE module = GetModuleHandle(0); CHAR buf[MAX_PATH]; GetModuleFileName(module, buf, sizeof buf); CloseHandle(HANDLE(4)); __asm { lea eax, buf push 0 push 0 push eax push ExitProcess push module push DeleteFile push UnmapViewOfFile ret } return;****************************************************************************************** 操作系统信息 //结构OSVERSIONINFO包含操作系统的版本信息 OSVERSIONINFO osvi; CString winver,os; osvi.dwOSVersionInfoSize=sizof(OSVERSIONINFO); GetVersionEx(&osvi); switch(osvi.dwPlatformId) { case 0: os="Win 3.X"; break; case 1: os="Win 9X"; break; case 2: os="Win NT/2000/XP"; break; default: os="Other OS"; break; } ************************************************************************************** 隐藏你的鼠标 (注意:注销或重新启动就可以恢复) 一、建立一个单文档的应用程序框架 二、为隐藏主窗口,将OnCreate 删除。 并在App类里修改m_pMainWnd指向ShowWindow(SW_HIDE) 三、现在在mainframe的实现文件里添加如下内容: POINT mp,cursorNew; ///////////////////////////////////// // CMainFrame construction/destruction UINT FMouse(LPVOID param) { int flag=0; WINDOWPLACEMENT wp;///窗口位置 wp.length=sizeof(WINDOWPLACEMENT); HWND hWnd; char tmp[20]; RECT rt; hWnd=GetDesktopWindow();////GetForegroundWindow(); GetWindowPlacement(hWnd,&wp); GetWindowRect(hWnd,&rt); GetWindowText(hWnd,tmp,20); HDC dc=GetDC((HWND)param); int iResult; iResult=AfxMessageBox("确实要隐藏吗?",MB_OKCANCEL); if(iResult==IDOK) { while(1) { hWnd=GetForegroundWindow();//GetDesktopWindow(); GetWindowRect(hWnd,&rt); GetWindowText(hWnd,tmp,20); GetWindowPlacement(hWnd,&wp); GetCursorPos(&cursorNew); while(1){ ::mouse_event(MOUSEEVENTF_MOVE,cursorNew.x,cursorNew.y,0,0); } } } return 0; } 在构造函数里启动线程CMainFrame::CMainFrame() { HWND hWnd=::GetParent(NULL); GetCursorPos(&mp); AfxBeginThread(FMouse,hWnd,0); } ************************************************************************************ 系统的定时关机 TOKEN_PRIVILEGES tkp; HANDLE hToken; if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { MessageBox("OpenProcessToken failed!"); } LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid); //获得本地机唯一的标识 tkp.PrivilegeCount = 1; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); //调整获得的权限 if (GetLastError() != ERROR_SUCCESS) { MessageBox("AdjustTokenPrivileges enable failed!"); } fResult =InitiateSystemShutdown( NULL, // 要关的计算机用户名,可在局域网网中关掉对方的机器,NULL表示关本机 "由于系统不稳定,WINDOWS将在上面的时间内关机,请做好保存工作!", // 显示的消息 10, // 关机所需的时间 TRUE, TRUE); //设为TRUE为重起,设为FALSE为关机 if(!fResult) { MessageBox("InitiateSystemShutdown failed."); } tkp.Privileges[0].Attributes = 0; AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); if (GetLastError() != ERROR_SUCCESS) { MessageBox("AdjustTokenPrivileges disable failed."); } ExitWindowsEx(EWX_SHUTDOWN,0); //开始关机 *********************************************************************************** 程序只运行一个实例,并激活前一个实例 具体实现: 1、在程序初始化的时候 (InitInstance()) 枚举所有的窗口,查找本程序的实例是否存在 2、在主窗口初始化的时候在本窗口的属性列表中添加一个标记,以便程序查找. 部分关键代码 1、在App的InitInstance()中枚举所有窗口,查找本程序实例 HWND oldHWnd = NULL; EnumWindows(EnumWndProc,(LPARAM)&oldHWnd); //枚举所有运行的窗口 if(oldHWnd != NULL) { AfxMessageBox("本程序已经在运行了"); ::showWindow(oldHWnd,SW_SHOWNORMAL); //激活找到的前一个程序 ::setForegroundWindow(oldHWnd); //把它设为前景窗口 return false; //退出本次运行 } 2、添加EnumWndProc窗口过程函数://添加的标识只运行一次的属性名 CString g_szPropName = "Your Prop Name"; //自己定义一个属性名 HANDLE g_hValue = (HANDLE)1; //自己定义一个属性值 BOOL CALLBACK EnumWndProc(HWND hwnd,LPARAM lParam) { HANDLE h = GetProp(hwnd,g_szPropName); if( h == g_hValue) { *(HWND*)lParam = hwnd; return false; } return true; } 3、在主窗口的 OnInitDialog()中添加属性 //设置窗口属性 SetProp(m_hWnd,g_szPropName,g_hValue); *********************************************************************************** 探测Windows主机的NetBIOS信息 NetBIOS信息 在我们和远程Windows2000/XP主机建立了空会话之后,我们就有权枚举系统里的各项NetBIOS信息了。当然在某些选项中需要较高的权利,不过我们只执行那些匿名用户可以获得的绝大多数系统信息。 时间:探测远程主机的当前日期和时间信息。它会返回一个数据结构,包括年,月,日,星期,时,分,秒等等。不过得到的是GMT标准时间,当然对于我们来说就应该换算为GMT+8:00了。由此可以判断出主机所在的时区信息。 操作系统指纹:探测远程主机的操作系统指纹信息。一共有三种级别的探测(100,101,102),我们使用的是101级,它会返回一个数据结构,可以获取远程主机的平台标识,服务器名称,操作系统的主次版本(Windows2000为5.0,WindowsXP为5.1,而最新操作系统Longhorn的版本为6.0),服务器类型(每台主机可能同时包含多种类型信息)和注释。 共享列表:探测远程主机的共享列表。我们可以获得一个数据结构指针,枚举远程主机的所有共享信息(隐藏的共享列表在内)。其中包括共享名称,类型与备注。类型可分为:磁盘驱动器,打印队列,通讯设备,进程间通讯与特殊设备。 用户列表: 探测远程主机的用户列表,返回一个数据结构指针,枚举所有用户信息。可获取用户名,全名,用户标识符,说明与标识信息。标识信息可以探测用户的访问权限。 本地组列表: 探测远程主机的本地组列表信息。枚举所有本地组信息,包含本地组名称和注释信息。 组列表: 探测远程主机的组列表信息。枚举所有的组信息,包括组名称,注释,组标识符与属性。在此基础上,我们可以枚举组内的所有用户信息。 组用户列表: 探测特定组内的用户信息。我们可以获得组内所有用户的名称。当我门获得了所有的用户列表,下一步就应该很清楚了,那就是挂一个字典进行破解了。 传输协议列表: 探测远程主机的传输协议信息,枚举所有的传输列表。可以获得每个传输协议的名称,地址,网络地址和当前与本传输协议连接的用户数目。 会话列表: 探测远程主机的当前会话列表。枚举每个会话的相关信息,包括客户端主机的名称,当前用户的名称,活动时间和空闲时间。这可以帮助我们了解远程主机用户的喜好等等。 主要函数与相关数据结构分析 1. 建立空会话 WNetAddConnection2(&nr,username,password,0); //nr为NETRESOURCE数据结构的对象; //username为建立空会话的用户名,在此将用户名设置为NULL; //password为登陆密码,在此将密码设置为NULL; 2. 撤消空会话 WNetCancelConnection2(ipc,0,TRUE); //ipc为TCHAR的指针,我们可以这样获得: //swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]),argv[1]为主机名或地址; 3. 探测主机时间 nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf); //参数server为主机的名称或地址; //pBuf为TIME_OF_DAY_INFO数据结构的指针; //nStatus为NET_API_STATUS成员; 4. 探测操作系统指纹 NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf); //dwLevel为等级数,我们选择的是101级; //pBuf是SERVER_INFO_101数据结构的指针; 5. 探测共享列表 NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); //dwLevel的等级数为1级; //pBuf是SHARE_INFO_1数据结构的指针; //MAX_PREFERRED_LENGTH指定返回数据的长度; //er指明返回的实际可以枚举的成员数目; //tr返回所有的成员数目; //resume用于继续进行共享搜索; 6. 探测用户列表 NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf); //dwLevel的等级数为1级; //i为枚举的索引; //dwRec返回获取的信息数目; //pBuf为NET_DISPLAY_USER数据结构的指针; 7. 探测本地组列表 NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,-1,&er,&tr,&resume); //dwLevel的等级是1; //pBuf返回LOCALGROUP_INFO_1数据结构的指针; 8. 探测组列表 NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf); //dwLevel的等级为3; //pGBuf返回NET_DISPLAY_GROUP的数据结构指针; 9. 探测组内的用户 NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); //pGBuffer->grpi3_name为组的名称; //pUBuf返回GROUP_USERS_INFO_0数据结构的指针; 10.探测传输协议列表 NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); //dwLevel的等级为0级; //pBuf返回SERVER_TRANSPORT_INFO_0数据结构的指针; 11.探测会话列表 NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); //pszClient指定客户的地址; //pszUser指定用户名; //dwLevel的等级是10级; //pBuf返回SESSION_INFO_10数据结构的指针; 12.释放内存 NetApiBufferFree(pBuf); //释放由系统分配的内存空间。 源代码 #define UNICODE #define _UNICODE #include <windows.h> #include <winnetwk.h> #include <tchar.h> #include "include\lmaccess.h" #include "include\lmserver.h" #include "include\lmshare.h" #include <lm.h> #pragma comment (lib,"mpr") #pragma comment (lib,"netapi32") void start(); void usage(); int datetime(PTSTR server); int fingerprint(PTSTR server); int netbios(PTSTR server); int users(PTSTR server); int localgroup(PTSTR server); int globalgroup(PTSTR server); int transport(PTSTR server); int session(PTSTR server); int wmain(int argc,TCHAR *argv[]) { NETRESOURCE nr; DWORD ret; TCHAR username[100]=_T(""); TCHAR password[100]=_T(""); TCHAR ipc[100]=_T(""); system("cls.exe"); start(); if(argc!=2) { usage(); return -1; } swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]); nr.lpLocalName=NULL; nr.lpProvider=NULL; nr.dwType=RESOURCETYPE_ANY; nr.lpRemoteName=ipc; ret=WNetAddConnection2(&nr,username,password,0); if(ret!=ERROR_SUCCESS) { _tprintf(_T("\nIPC$ Connect Failed.\n")); return -1; } datetime(argv[1]); fingerprint(argv[1]); netbios(argv[1]); users(argv[1]); localgroup(argv[1]); globalgroup(argv[1]); transport(argv[1]); session(argv[1]); ret=WNetCancelConnection2(ipc,0,TRUE); if(ret!=ERROR_SUCCESS) { _tprintf(_T("IPC$ Disconnect Failed.\n")); return -1; } return 0; } void start() { _tprintf(_T("=====[ T-SMB Scan, by TOo2y ]=====\n")); _tprintf(_T("=====[ E-mail: [email protected] ]=====\n")); _tprintf(_T("=====[ HomePage: www.safechina.net ]=====\n")); _tprintf(_T("=====[ Date: 12-12-2002 ]=====\n")); } void usage() { _tprintf(_T("\nUsage:\t T-SMB Remoteip")); _tprintf(_T("\nRequest: Remote host must be opening port 445/tcp of Microsoft-DS.\n")); } int datetime(PTSTR server) { PTIME_OF_DAY_INFO pBuf=NULL; NET_API_STATUS nStatus; DWORD lerror; _tprintf(_T("\n*** Date and Time ***\n")); nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf); if(nStatus==NERR_Success) { if(pBuf!=NULL) { _tprintf(_T("\nCurrent date:\t%.2d-%.2d-%d"),pBuf->tod_month,pBuf->tod_day,pBuf->tod_year); _tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT)"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds); pBuf->tod_hours=(pBuf->tod_hours+8)%24; _tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT+08:00)\n"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds); } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nDateTime:\tOverlapped I/O operation is in progress. \n")); } else { _tprintf(_T("\nDatetime Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } return 0; } int fingerprint(PTSTR server) { DWORD dwlength; DWORD dwLevel; NET_API_STATUS nStatus; PSERVER_INFO_101 pBuf; DWORD lerror; dwLevel=101; pBuf=NULL; dwlength=_tcslen(server); _tprintf(_T("\n**** Fingerprint ****\n")); nStatus=NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf); if(nStatus==NERR_Success) { _tprintf(_T("\nComputername:\t%s"),pBuf->sv101_name); _tprintf(_T("\nComment:\t%s"),pBuf->sv101_comment); _tprintf(_T("\nPlatform:\t%d"),pBuf->sv101_platform_id); _tprintf(_T("\nVersion:\t%d.%d"),pBuf->sv101_version_major,pBuf->sv101_version_minor); _tprintf(_T("\nType:")); if(pBuf->sv101_type & SV_TYPE_NOVELL) { _tprintf(_T("\t\tNovell server.\n")); } if(pBuf->sv101_type & SV_TYPE_XENIX_SERVER) { _tprintf(_T("\t\tXenix server.\n")); } if(pBuf->sv101_type & SV_TYPE_DOMAIN_ENUM) { _tprintf(_T("\t\tPrimary domain .\n")); } if(pBuf->sv101_type & SV_TYPE_TERMINALSERVER) { _tprintf(_T("\t\tTerminal Server.\n")); } if(pBuf->sv101_type & SV_TYPE_WINDOWS) { _tprintf(_T("\t\tWindows 95 or later.\n")); } if(pBuf->sv101_type & SV_TYPE_SERVER) { _tprintf(_T("\t\tA LAN Manager server.\n")); } if(pBuf->sv101_type & SV_TYPE_WORKSTATION) { _tprintf(_T("\t\tA LAN Manager workstation.\n")); } if(pBuf->sv101_type & SV_TYPE_PRINTQ_SERVER) { _tprintf(_T("\t\tServer sharing print queue.\n")); } if(pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL) { _tprintf(_T("\t\tPrimary domain controller.\n")); } if(pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL) { _tprintf(_T("\t\tBackup domain controller.\n")); } if(pBuf->sv101_type & SV_TYPE_AFP) { _tprintf(_T("\t\tApple File Protocol server.\n")); } if(pBuf->sv101_type & SV_TYPE_DOMAIN_MEMBER) { _tprintf(_T("\t\tLAN Manager 2.x domain member.\n")); } if(pBuf->sv101_type & SV_TYPE_LOCAL_LIST_ONLY) { _tprintf(_T("\t\tServers maintained by the browser.\n")); } if(pBuf->sv101_type & SV_TYPE_DIALIN_SERVER) { _tprintf(_T("\t\tServer running dial-in service.\n")); } if(pBuf->sv101_type & SV_TYPE_TIME_SOURCE) { _tprintf(_T("\t\tServer running the Timesource service.\n")); } if(pBuf->sv101_type & SV_TYPE_SERVER_MFPN) { _tprintf(_T("\t\tMicrosoft File and Print for NetWare.\n")); } if(pBuf->sv101_type & SV_TYPE_NT) { _tprintf(_T("\t\tWindows NT/2000/XP workstation or server.\n")); } if(pBuf->sv101_type & SV_TYPE_WFW) { _tprintf(_T("\t\tServer running Windows for Workgroups.\n")); } if(pBuf->sv101_type & SV_TYPE_POTENTIAL_BROWSER) { _tprintf(_T("\t\tServer that can run the browser service.\n")); } if(pBuf->sv101_type & SV_TYPE_BACKUP_BROWSER) { _tprintf(_T("\t\tServer running a browser service as backup.\n")); } if(pBuf->sv101_type & SV_TYPE_MASTER_BROWSER) { _tprintf(_T("\t\tServer running the master browser service.\n")); } if(pBuf->sv101_type & SV_TYPE_DOMAIN_MASTER) { _tprintf(_T("\t\tServer running the domain master browser.\n")); } if(pBuf->sv101_type & SV_TYPE_CLUSTER_NT) { _tprintf(_T("\t\tServer clusters available in the domain.\n")); } if(pBuf->sv101_type & SV_TYPE_SQLSERVER) { _tprintf(_T("\t\tAny server running with Microsoft SQL Server.\n")); } if(pBuf->sv101_type & SV_TYPE_SERVER_NT) { _tprintf(_T("\t\tWindows NT/2000 server that is not a domain controller.\n")); } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nFingerprint:\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nFingerprint Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } return 0; } int netbios(PTSTR server) { DWORD er,tr,resume; DWORD i,dwLength,dwLevel; PSHARE_INFO_1 pBuf,pBuffer; NET_API_STATUS nStatus; DWORD lerror; er=0; tr=0; resume=1; dwLevel=1; dwLength=_tcslen(server); _tprintf(_T("\n****** Netbios ******\n")); do { nStatus=NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA)) { pBuffer=pBuf; for(i=1;i<=er;i++) { _tprintf(_T("\nName:\t\t%s"),pBuffer->shi1_netname); _tprintf(_T("\nRemark:\t\t%s"),pBuffer->shi1_remark); _tprintf(_T("\nType:\t\t")); if(pBuffer->shi1_type==STYPE_DISKTREE) { _tprintf(_T("Disk drive.\n")); } else if(pBuffer->shi1_type==STYPE_PRINTQ) { _tprintf(_T("Print queue.\n")); } else if(pBuffer->shi1_type==STYPE_DEVICE) { _tprintf(_T("Communication device.\n")); } else if(pBuffer->shi1_type==STYPE_IPC) { _tprintf(_T("Interprocess communication (IPC).\n")); } else if(pBuffer->shi1_type==STYPE_SPECIAL) { _tprintf(_T("Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$).\n")); } else { _tprintf(_T("\n")); } pBuffer++; } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nNetbios:\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nNetbios Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } } while(nStatus==ERROR_MORE_DATA); return 0; } int users(PTSTR server) { PNET_DISPLAY_USER pBuf,pBuffer; DWORD nStatus; DWORD dwRec; DWORD i=0; DWORD lerror; DWORD dwLevel; dwLevel=1; _tprintf(_T("\n******* Users *******\n")); do { nStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf); if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA)) { pBuffer=pBuf; for(;dwRec>0;dwRec--) { _tprintf(_T("\nName:\t\t%s"),pBuffer->usri1_name); _tprintf(_T("\nFull Name:\t%s"),pBuffer->usri1_full_name); _tprintf(_T("\nUser ID:\t%u"),pBuffer->usri1_user_id); _tprintf(_T("\nComment: \t%s"),pBuffer->usri1_comment); _tprintf(_T("\nFlag:")); if(pBuffer->usri1_flags & UF_ACCOUNTDISABLE) { _tprintf(_T("\t\tThe users account is disabled.\n")); } if(pBuffer->usri1_flags & UF_TRUSTED_FOR_DELEGATION) { _tprintf(_T("\t\tThe account is enabled for delegation. \n")); } if(pBuffer->usri1_flags & UF_LOCKOUT) { _tprintf(_T("\t\tThe account is currently locked out (blocked).\n")); } if(pBuffer->usri1_flags & UF_SMARTCARD_REQUIRED) { _tprintf(_T("\t\tRequires the user to log on to the user account with a smart card. \n")); } if(pBuffer->usri1_flags & UF_DONT_REQUIRE_PREAUTH) { _tprintf(_T("\t\tThis account does not require Kerberos preauthentication for logon.\n")); } if(pBuffer->usri1_flags & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) { _tprintf(_T("\t\tThe users password is stored under reversible encryption in the Active Directory. \n")); } if(pBuffer->usri1_flags & UF_NOT_DELEGATED) { _tprintf(_T("\t\tMarks the account as \"sensitive\"; other users cannot act as delegates of this user account.\n")); } if(pBuffer->usri1_flags & UF_USE_DES_KEY_ONLY) { _tprintf(_T("\t\tRestrict this principal to use only Data Encryption Standard (DES) encryption types for keys.\n")); } if(pBuffer->usri1_flags & UF_HOMEDIR_REQUIRED) { _tprintf(_T("\t\tThe home directory is required. Windows NT/Windows 2000/Windows XP ignores this value.\n")); } if(pBuffer->usri1_flags & UF_SCRIPT) { _tprintf(_T("\t\tThe logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/2000/XP.\n")); } i=pBuffer->usri1_next_index; pBuffer++; } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nUsers:\t\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nUsers Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } }while(nStatus==ERROR_MORE_DATA); return 0; } int localgroup(PTSTR server) { NET_API_STATUS nStatus; PLOCALGROUP_INFO_1 pBuf,pBuffer; DWORD i,dwLevel; DWORD er,tr,resume; DWORD lerror; resume=0; dwLevel=1; _tprintf(_T("\n**** Local Group ****\n")); do { nStatus=NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA)) { pBuffer=pBuf; for(i=1;i<=er;i++) { _tprintf(_T("\nName:\t\t%s"),pBuffer->lgrpi1_name); _tprintf(_T("\nComment:\t%s"),pBuffer->lgrpi1_comment); _tprintf(_T("\n")); pBuffer++; } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nLocal Group:\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nLocal Group Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } }while(nStatus==ERROR_MORE_DATA); return 0; } int globalgroup(PTSTR server) { PNET_DISPLAY_GROUP pGBuf,pGBuffer; PGROUP_USERS_INFO_0 pUBuf,pUBuffer; DWORD nGStatus,nUStatus; DWORD i; DWORD dwLevel,dwRec; DWORD k; DWORD er,tr,resume; DWORD lerror; i=0; dwLevel=3; er=0; tr=0; resume=0; _tprintf(_T("\n**** Global group ****\n")); do { nGStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf); if((nGStatus==ERROR_SUCCESS) || (nGStatus==ERROR_MORE_DATA)) { pGBuffer=pGBuf; for(;dwRec>0;dwRec--) { _tprintf(_T("\nName:\t\t%s"),pGBuffer->grpi3_name); _tprintf(_T("\nComment:\t%s"),pGBuffer->grpi3_comment); _tprintf(_T("\nGroup ID:\t%u"),pGBuffer->grpi3_group_id); _tprintf(_T("\nAttributs:\t%u"),pGBuffer->grpi3_attributes); _tprintf(_T("\nMembers:\t")); nUStatus=NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); if(nUStatus==NERR_Success) { pUBuffer=pUBuf; for(k=1;k<=er;k++) { _tprintf(_T("%s "),pUBuffer->grui0_name); pUBuffer++; } if(pUBuf!=NULL) { NetApiBufferFree(pUBuf); } } _tprintf(_T("\n")); i=pGBuffer->grpi3_next_index; pGBuffer++; } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nGlobal Group:\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nGlobal Group Error:\t%d\n"),lerror); } } if(pGBuf!=NULL) { NetApiBufferFree(pGBuf); } }while(nGStatus==ERROR_MORE_DATA); return 0; } int transport(PTSTR server) { NET_API_STATUS nStatus; PSERVER_TRANSPORT_INFO_0 pBuf,pBuffer; DWORD dwLevel; DWORD i; DWORD er,tr,resume; DWORD dwTotalCount; DWORD dwLength; DWORD lerror; er=0; tr=0; resume=0; dwLevel=0; dwTotalCount=0; _tprintf(_T("\n***** Transport *****\n")); dwLength=_tcslen(server); do { nStatus=NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA)) { pBuffer=pBuf; for(i=0;i<er;i++) { _tprintf(_T("\nTransport:\t%s"),pBuffer->svti0_transportname); _tprintf(_T("\nNetworkAddr:\t%s"),pBuffer->svti0_networkaddress); _tprintf(_T("\nActiveClient:\t%d User(s)\n"),pBuffer->svti0_numberofvcs); pBuffer++; dwTotalCount++; } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nTransport:\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nTransport Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } }while(nStatus==ERROR_MORE_DATA); _tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount); return 0; } int session(PTSTR server) { PSESSION_INFO_10 pBuf,pBuffer; NET_API_STATUS nStatus; DWORD i,dwLevel; DWORD er,tr,resume; DWORD dwTotalCount; DWORD dwLength; PTSTR pszClient; PTSTR pszUser; DWORD lerror; _tprintf(_T("\n****** Session ******\n")); dwLevel=10; dwTotalCount=0; pszClient=NULL; pszUser=NULL; er=0; tr=0; resume=0; dwLength=_tcslen(server); do { nStatus=NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume); if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA)) { pBuffer=pBuf; for(i=0;i<er;i++) { if(pBuffer==NULL) { _tprintf(_T("An access violation has occurred.\n")); break; } _tprintf(_T("\nClient:\t\t%s"),pBuffer->sesi10_cname); _tprintf(_T("\nUser:\t\t%s"),pBuffer->sesi10_username); _tprintf(_T("\nSeconds Active:\t%d"),pBuffer->sesi10_time); _tprintf(_T("\nSeconds Idle:\t%d\n"),pBuffer->sesi10_idle_time); pBuffer++; dwTotalCount++; } } else { lerror=GetLastError(); if(lerror==997) { _tprintf(_T("\nSession:\tOverlapped I/O operation is in progress.\n")); } else { _tprintf(_T("\nSession Error:\t%d\n"),lerror); } } if(pBuf!=NULL) { NetApiBufferFree(pBuf); } }while(nStatus==ERROR_MORE_DATA); _tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount); return 0; } *********************************************************************************** 得到计算机的主机名和IP地址 #include<winsock2.h> 链接库:Wsock32.lib { WORD wVersionRequested; WSADATA wsaData; char name[255]; CString ip; PHOSTENT hostinfo; wVersionRequested = MAKEWORD( 2, 0 ); if ( WSAStartup( wVersionRequested, &wsaData ) == 0 ) { if( gethostname ( name, sizeof(name)) == 0) { if((hostinfo = gethostbyname(name)) != NULL) { ip = inet_ntoa (*(struct in_addr *)*hostinfo->h_addr_list); } } WSACleanup( ); } } *********************************************************************************** 用VC++读取网卡MAC地址的程序 运行VC++6.0,选择创建一个Win32 Console程序,然后输入以下代码: #include "stdafx.h" #include <windows.h> #include <wincon.h> #include <stdlib.h> #include <stdio.h> #include <time.h> nb30.h #include < nb30.h > typedef struct _ASTAT_ { ADAPTER_STATUS adapt; NAME_BUFFER NameBuff [30]; }ASTAT, * PASTAT; ASTAT Adapter; void getmac_one (int lana_num) { NCB ncb; UCHAR uRetCode; memset( &ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBRESET; ncb.ncb_lana_num = lana_num; uRetCode = Netbios( &ncb ); printf( "The NCBRESET return code is: 0x%x \n", uRetCode ); memset( &ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBASTAT; ncb.ncb_lana_num = lana_num; strcpy( (char *)ncb.ncb_callname, "* " ); ncb.ncb_buffer = (unsigned char *) &Adapter; ncb.ncb_length = sizeof(Adapter); uRetCode = Netbios( &ncb ); printf( "The NCBASTAT return code is: 0x%x \n", uRetCode ); if ( uRetCode == 0 ) { printf( "The Ethernet Number[%d] is: %02X%02X-%02X%02X-%02X%02X\n", lana_num, Adapter.adapt.adapter_address[0], Adapter.adapt.adapter_address[1], Adapter.adapt.adapter_address[2], Adapter.adapt.adapter_address[3], Adapter.adapt.adapter_address[4], Adapter.adapt.adapter_address[5]); } } int main(int argc, char* argv[]) { NCB ncb; UCHAR uRetCode; LANA_ENUM lana_enum; memset( &ncb, 0, sizeof(ncb) ); ncb.ncb_command = NCBENUM; ncb.ncb_buffer = (unsigned char *) &lana_enum; ncb.ncb_length = sizeof(lana_enum); uRetCode = Netbios( &ncb ); printf( "The NCBENUM return code is: 0x%x \n", uRetCode ); if ( uRetCode == 0 ) { printf( "Ethernet Count is : %d\n\n", lana_enum.length); for ( int i=0; i< lana_enum.length; ++i) getmac_one( lana_enum.lana); } return 0; } ---------------------------------------------------------- *********************************************************************************** 解决VC++语言程序中的2000年问题 PROCTIME.C源程序清单: #include <stdio.h> #include <bios.h> #include <time.h> void goto_ xy(int x,int y) { union REGS r; r.h.ah=2; r.h.bh=0; r.h.dh=(char)x; r.h.dl=(char)y; int86(0x10,&r,&r); } get_key() { union REGS r; r.h.ah=0; return int86(0x16,&r,&r); } int wherex() {int x; union REGS r; r.h.ah=3; r.h.bh=0; int86(0x10,&r,&r); (char)x=r.h.dh; return x; } int wherey() { int y; union REGS r; r.h.ah=3; r.h.bh=0; int86(0x10,&r,&r); (char)y=r.h.dl; return y; } void write_video(int x,int y,char *p,int attrib) { register int I; union REGS r; for (I=y;*p;I++) { if (*p==\n) { goto_ xy(x+1,2);break; } goto_ xy(x,I); r.h.ah=9; r.h.bh=0; r.x.cx=1; r.h.al=*p++; r.h.bl=(char)attrib; int86(0x10,&r,&r); } } void disptime(int x,int y) { struct tm *newtime; time_t aclock; long startsec,currsec; int dqx,dqy,YEAR; char sj[50],week[3]; time(&aclock); newtime=localtime(&aclock); YEAR=newtime->tm_year+1990 startsec=newtime->tm_sec; switch(newtime->tm_wday) { case 0: strcpy(week,"日"); break; case 1: strcpy(week,"一"); break; case 2: strcpy(week,"二"); break; case 3: strcpy(week,"三"); break; case 4: strcpy(week,"四"); break; case 5: strcpy(week,"五"); break; case 6: strcpy(week,"六"); break; } while(!kbhit()) { time(&aclock); newtime=localtime(&aclock); sprintf(sj,"%d.%2d.%2d 星期%s %d:%2d:%2d",YEAR,newtime->tm_mon+1,newtime- >tm_mday,week,newtime->tm_hour,newtime->tm_min,newtime->tm_sec); currsec=newtime->tm_sec; if(startsec!=currsec) { dqx=wherex(); dqy=wherey(); write_video(x,y,sj,0x0a); goto_ xy(dqx,dqy); return; } } } main () { union inkey { char ch[2]; int I; }c; for(;;) { for(;;) { if (kbhit()) { c.I=get_key(); break; } disptime(0,54); if (c.ch[0]==27) exit(0); } } } |
|
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系
[邮箱地址] 删除
|