黑客基础知识编程(转)

确定Windows和windows系统目录

有两个SDK函数可以完成该功能。GetWindowsDirectory和GetSystemDirectory，下例说明了如何使用这两个函数：

TCHAR szDir [MAX_PATH];

//Get the full path of the windows directory.

:: GetWindowsDirectory (szDir, MAX_PATH);

TRACE ("Windows directory %s\n", szDir);

//Get the full path of the windows system directory.

:: GetSystemDirectory (szDir, MAX_PATH);

TRACE ("Windows system directory %s\n", szDir);

让程序从CTRL+ATL+DEL消失

使用Win32 API函数RegisterServiceProcess这里我们使用了汇编。

＃i nclude <windows.h>

HINSTANCE hLibrary;
void *regproc;

void CADInit(void);
void HideApp(void);
void ShowApp(void);
void CADClean(void);

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
CADInit(); //加载 DLL 并创建一指向它指针
HideApp(); //隐藏程序
//ShowApp(); //显示程序

//其他处理或调用

CADClean(); //卸载 DLL
return 0; //retrun 0 因为没有进入消息循环
}

void CADInit(void)
{
//加载 kernel32.dll
hLibrary = LoadLibrary("kernel32.dll");
//获取函数RegisterServiceProcess的地址
regproc = GetProcAddress(hLibrary, "RegisterServiceProcess");
}

void HideApp(void)
{
//实现程序的隐藏
__asm
{
push 1
push 0
call regproc
}
return;
}

void ShowApp(void)
{
//恢复状态
__asm
{
push 0
push 0
call regproc
}
return;
}

void CADClean(void)
{
//卸载 DLL
FreeLibrary(hLibrary);
return;
}
本程序在W2K和Win9x测试通过。

程序自杀(进程自己结束自己)

HMODULE module = GetModuleHandle(0);
CHAR buf[MAX_PATH];
GetModuleFileName(module, buf, sizeof buf);
CloseHandle(HANDLE(4));

　__asm
{
lea eax, buf
push 0
push 0
push eax
push ExitProcess
push module
push DeleteFile
push UnmapViewOfFile
ret
}
return;

操作系统信息

//结构OSVERSIONINFO包含操作系统的版本信息
OSVERSIONINFO osvi;
CString winver,os;

osvi.dwOSVersionInfoSize=sizof(OSVERSIONINFO);
GetVersionEx(&osvi);

switch(osvi.dwPlatformId)
{
case 0:
os="Win 3.X";
break;
case 1:
os="Win 9X";
break;
case 2:
os="Win NT/2000/XP";
break;
default:
os="Other OS";
break;
}

隐藏你的鼠标

（注意：注销或重新启动就可以恢复）

一、建立一个单文档的应用程序框架
二、为隐藏主窗口，将OnCreate 删除。
并在App类里修改m_pMainWnd指向ShowWindow(SW_HIDE)
三、现在在mainframe的实现文件里添加如下内容：

POINT mp,cursorNew;
/////////////////////////////////////
// CMainFrame construction/destruction
UINT FMouse(LPVOID param)
{
int flag=0;

WINDOWPLACEMENT wp;///窗口位置
wp.length=sizeof(WINDOWPLACEMENT);
HWND hWnd;
char tmp[20];
RECT rt;
hWnd=GetDesktopWindow();////GetForegroundWindow();
GetWindowPlacement(hWnd,&wp);
GetWindowRect(hWnd,&rt);
GetWindowText(hWnd,tmp,20);

HDC dc=GetDC((HWND)param);

int iResult;
iResult=AfxMessageBox("确实要隐藏吗？",MB_OKCANCEL);
if(iResult==IDOK)
{
while(1)
{
hWnd=GetForegroundWindow();//GetDesktopWindow();
GetWindowRect(hWnd,&rt);
GetWindowText(hWnd,tmp,20);
GetWindowPlacement(hWnd,&wp);
GetCursorPos(&cursorNew);
while(1){
::mouse_event(MOUSEEVENTF_MOVE,cursorNew.x,cursorNew.y,0,0);
}
}
}
return 0;
}
在构造函数里启动线程CMainFrame::CMainFrame()
{
HWND hWnd=::GetParent(NULL);
GetCursorPos(&mp);
AfxBeginThread(FMouse,hWnd,0);
}

系统的定时关机

TOKEN_PRIVILEGES tkp;
HANDLE hToken;

if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
MessageBox("OpenProcessToken failed!");
}

LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid); //获得本地机唯一的标识
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); //调整获得的权限

if (GetLastError() != ERROR_SUCCESS)
{
MessageBox("AdjustTokenPrivileges enable failed!");
}

fResult =InitiateSystemShutdown(
NULL, // 要关的计算机用户名,可在局域网网中关掉对方的机器，NULL表示关本机
"由于系统不稳定，WINDOWS将在上面的时间内关机，请做好保存工作!", // 显示的消息
10, // 关机所需的时间
TRUE,
TRUE); //设为TRUE为重起，设为FALSE为关机

if(!fResult)
{
MessageBox("InitiateSystemShutdown failed.");
}

tkp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0);

if (GetLastError() != ERROR_SUCCESS)
{
MessageBox("AdjustTokenPrivileges disable failed.");
}

ExitWindowsEx(EWX_SHUTDOWN,0); //开始关机

程序只运行一个实例，并激活前一个实例

具体实现：

1、在程序初始化的时候 (InitInstance()) 枚举所有的窗口，查找本程序的实例是否存在
2、在主窗口初始化的时候在本窗口的属性列表中添加一个标记，以便程序查找.

部分关键代码

1、在App的InitInstance()中枚举所有窗口，查找本程序实例

HWND oldHWnd = NULL;
EnumWindows(EnumWndProc,(LPARAM)&oldHWnd); //枚举所有运行的窗口
if(oldHWnd != NULL)
{
AfxMessageBox("本程序已经在运行了");
::showWindow(oldHWnd,SW_SHOWNORMAL); //激活找到的前一个程序
::setForegroundWindow(oldHWnd); //把它设为前景窗口
return false; //退出本次运行
}
2、添加EnumWndProc窗口过程函数：//添加的标识只运行一次的属性名
CString g_szPropName = "Your Prop Name"; //自己定义一个属性名
HANDLE g_hValue = (HANDLE)1; //自己定义一个属性值

BOOL CALLBACK EnumWndProc(HWND hwnd,LPARAM lParam)
{
HANDLE h = GetProp(hwnd,g_szPropName);
if( h == g_hValue)
{
*(HWND*)lParam = hwnd;
return false;
}
return true;
}
3、在主窗口的 OnInitDialog()中添加属性 //设置窗口属性
SetProp(m_hWnd,g_szPropName,g_hValue);

探测Windows主机的NetBIOS信息

NetBIOS信息
在我们和远程Windows2000/XP主机建立了空会话之后，我们就有权枚举系统里的各项NetBIOS信息了。当然在某些选项中需要较高的权利，不过我们只执行那些匿名用户可以获得的绝大多数系统信息。

时间：探测远程主机的当前日期和时间信息。它会返回一个数据结构，包括年，月，日，星期，时，分，秒等等。不过得到的是GMT标准时间，当然对于我们来说就应该换算为GMT+8:00了。由此可以判断出主机所在的时区信息。

操作系统指纹：探测远程主机的操作系统指纹信息。一共有三种级别的探测（100，101，102），我们使用的是101级，它会返回一个数据结构，可以获取远程主机的平台标识，服务器名称，操作系统的主次版本（Windows2000为5.0,WindowsXP为5.1,而最新操作系统Longhorn的版本为6.0），服务器类型（每台主机可能同时包含多种类型信息）和注释。

共享列表：探测远程主机的共享列表。我们可以获得一个数据结构指针，枚举远程主机的所有共享信息（隐藏的共享列表在内）。其中包括共享名称，类型与备注。类型可分为：磁盘驱动器，打印队列，通讯设备，进程间通讯与特殊设备。

用户列表: 探测远程主机的用户列表，返回一个数据结构指针，枚举所有用户信息。可获取用户名，全名，用户标识符，说明与标识信息。标识信息可以探测用户的访问权限。

本地组列表: 探测远程主机的本地组列表信息。枚举所有本地组信息，包含本地组名称和注释信息。

组列表: 探测远程主机的组列表信息。枚举所有的组信息，包括组名称，注释，组标识符与属性。在此基础上，我们可以枚举组内的所有用户信息。

组用户列表: 探测特定组内的用户信息。我们可以获得组内所有用户的名称。当我门获得了所有的用户列表，下一步就应该很清楚了，那就是挂一个字典进行破解了。

传输协议列表: 探测远程主机的传输协议信息，枚举所有的传输列表。可以获得每个传输协议的名称，地址，网络地址和当前与本传输协议连接的用户数目。

会话列表: 探测远程主机的当前会话列表。枚举每个会话的相关信息，包括客户端主机的名称，当前用户的名称，活动时间和空闲时间。这可以帮助我们了解远程主机用户的喜好等等。

主要函数与相关数据结构分析

1. 建立空会话
WNetAddConnection2(&nr,username,password,0);
//nr为NETRESOURCE数据结构的对象；
//username为建立空会话的用户名，在此将用户名设置为NULL；
//password为登陆密码，在此将密码设置为NULL；
2. 撤消空会话
WNetCancelConnection2(ipc,0,TRUE);
//ipc为TCHAR的指针，我们可以这样获得：
//swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1])，argv[1]为主机名或地址；

3. 探测主机时间
nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
//参数server为主机的名称或地址；
//pBuf为TIME_OF_DAY_INFO数据结构的指针；
//nStatus为NET_API_STATUS成员；

4. 探测操作系统指纹
NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
//dwLevel为等级数，我们选择的是101级；
//pBuf是SERVER_INFO_101数据结构的指针；

5. 探测共享列表
NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//dwLevel的等级数为1级；
//pBuf是SHARE_INFO_1数据结构的指针；
//MAX_PREFERRED_LENGTH指定返回数据的长度；
//er指明返回的实际可以枚举的成员数目；
//tr返回所有的成员数目；
//resume用于继续进行共享搜索；

6. 探测用户列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);
//dwLevel的等级数为1级；
//i为枚举的索引；
//dwRec返回获取的信息数目；
//pBuf为NET_DISPLAY_USER数据结构的指针；

7. 探测本地组列表
NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,-1,&er,&tr,&resume);
//dwLevel的等级是1；
//pBuf返回LOCALGROUP_INFO_1数据结构的指针；

8. 探测组列表
NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);
//dwLevel的等级为3；
//pGBuf返回NET_DISPLAY_GROUP的数据结构指针；

9. 探测组内的用户
NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//pGBuffer->grpi3_name为组的名称；
//pUBuf返回GROUP_USERS_INFO_0数据结构的指针；

10.探测传输协议列表
NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//dwLevel的等级为0级；
//pBuf返回SERVER_TRANSPORT_INFO_0数据结构的指针；

11.探测会话列表
NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
//pszClient指定客户的地址；
//pszUser指定用户名；
//dwLevel的等级是10级；
//pBuf返回SESSION_INFO_10数据结构的指针；

12.释放内存
NetApiBufferFree(pBuf);
//释放由系统分配的内存空间。

源代码

#define UNICODE
#define _UNICODE

＃i nclude <windows.h>
＃i nclude <winnetwk.h>
＃i nclude <tchar.h>
＃i nclude "include\lmaccess.h"
＃i nclude "include\lmserver.h"
＃i nclude "include\lmshare.h"
＃i nclude <lm.h>

#pragma comment (lib,"mpr")
#pragma comment (lib,"netapi32")

void start();
void usage();
int datetime(PTSTR server);
int fingerprint(PTSTR server);
int netbios(PTSTR server);
int users(PTSTR server);
int localgroup(PTSTR server);
int globalgroup(PTSTR server);
int transport(PTSTR server);
int session(PTSTR server);

int wmain(int argc,TCHAR *argv[])
{
NETRESOURCE nr;
DWORD ret;
TCHAR username[100]=_T("");
TCHAR password[100]=_T("");
TCHAR ipc[100]=_T("");

system("cls.exe");
start();
if(argc!=2)
{
usage();
return -1;
}
swprintf(ipc,_T("\\\\%s\\ipc$"),argv[1]);
nr.lpLocalName=NULL;
nr.lpProvider=NULL;
nr.dwType=RESOURCETYPE_ANY;
nr.lpRemoteName=ipc;
ret=WNetAddConnection2(&nr,username,password,0);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("\nIPC$ Connect Failed.\n"));
return -1;
}

datetime(argv[1]);
fingerprint(argv[1]);
netbios(argv[1]);
users(argv[1]);
localgroup(argv[1]);
globalgroup(argv[1]);
transport(argv[1]);
session(argv[1]);

ret=WNetCancelConnection2(ipc,0,TRUE);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("IPC$ Disconnect Failed.\n"));
return -1;
}
return 0;
}

void start()
{
_tprintf(_T("=====[ T-SMB Scan, by TOo2y ]=====\n"));
_tprintf(_T("=====[ E-mail: TOo2y@safechina.net ]=====\n"));
_tprintf(_T("=====[ HomePage: www.safechina.net ]=====\n"));
_tprintf(_T("=====[ Date: 12-12-2002 ]=====\n"));
}

void usage()
{
_tprintf(_T("\nUsage:\t T-SMB Remoteip"));
_tprintf(_T("\nRequest: Remote host must be opening port 445/tcp of Microsoft-DS.\n"));
}

int datetime(PTSTR server)
{
PTIME_OF_DAY_INFO pBuf=NULL;
NET_API_STATUS nStatus;
DWORD lerror;

_tprintf(_T("\n*** Date and Time ***\n"));
nStatus=NetRemoteTOD(server,(PBYTE*)&pBuf);
if(nStatus==NERR_Success)
{
if(pBuf!=NULL)
{
_tprintf(_T("\nCurrent date:\t%.2d-%.2d-%d"),pBuf->tod_month,pBuf->tod_day,pBuf->tod_year);
_tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT)"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds);
pBuf->tod_hours=(pBuf->tod_hours+8)%24;
_tprintf(_T("\nCurrent time:\t%.2d:%.2d:%.2d.%.2d (GMT+08:00)\n"),pBuf->tod_hours,pBuf->tod_mins,pBuf->tod_secs,pBuf->tod_hunds);
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nDateTime:\tOverlapped I/O operation is in progress. \n"));
}
else
{
_tprintf(_T("\nDatetime Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
return 0;
}

int fingerprint(PTSTR server)
{
DWORD dwlength;
DWORD dwLevel;
NET_API_STATUS nStatus;
PSERVER_INFO_101 pBuf;
DWORD lerror;

dwLevel=101;
pBuf=NULL;
dwlength=_tcslen(server);

_tprintf(_T("\n**** Fingerprint ****\n"));
nStatus=NetServerGetInfo(server,dwLevel,(PBYTE *)&pBuf);
if(nStatus==NERR_Success)
{
_tprintf(_T("\nComputername:\t%s"),pBuf->sv101_name);
_tprintf(_T("\nComment:\t%s"),pBuf->sv101_comment);
_tprintf(_T("\nPlatform:\t%d"),pBuf->sv101_platform_id);
_tprintf(_T("\nVersion:\t%d.%d"),pBuf->sv101_version_major,pBuf->sv101_version_minor);
_tprintf(_T("\nType:"));
if(pBuf->sv101_type & SV_TYPE_NOVELL)
{
_tprintf(_T("\t\tNovell server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_XENIX_SERVER)
{
_tprintf(_T("\t\tXenix server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_ENUM)
{
_tprintf(_T("\t\tPrimary domain .\n"));
}
if(pBuf->sv101_type & SV_TYPE_TERMINALSERVER)
{
_tprintf(_T("\t\tTerminal Server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_WINDOWS)
{
_tprintf(_T("\t\tWindows 95 or later.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SERVER)
{
_tprintf(_T("\t\tA LAN Manager server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_WORKSTATION)
{
_tprintf(_T("\t\tA LAN Manager workstation.\n"));
}
if(pBuf->sv101_type & SV_TYPE_PRINTQ_SERVER)
{
_tprintf(_T("\t\tServer sharing print queue.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL)
{
_tprintf(_T("\t\tPrimary domain controller.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL)
{
_tprintf(_T("\t\tBackup domain controller.\n"));
}
if(pBuf->sv101_type & SV_TYPE_AFP)
{
_tprintf(_T("\t\tApple File Protocol server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_MEMBER)
{
_tprintf(_T("\t\tLAN Manager 2.x domain member.\n"));
}
if(pBuf->sv101_type & SV_TYPE_LOCAL_LIST_ONLY)
{
_tprintf(_T("\t\tServers maintained by the browser.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DIALIN_SERVER)
{
_tprintf(_T("\t\tServer running dial-in service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_TIME_SOURCE)
{
_tprintf(_T("\t\tServer running the Timesource service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SERVER_MFPN)
{
_tprintf(_T("\t\tMicrosoft File and Print for NetWare.\n"));
}
if(pBuf->sv101_type & SV_TYPE_NT)
{
_tprintf(_T("\t\tWindows NT/2000/XP workstation or server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_WFW)
{
_tprintf(_T("\t\tServer running Windows for Workgroups.\n"));
}
if(pBuf->sv101_type & SV_TYPE_POTENTIAL_BROWSER)
{
_tprintf(_T("\t\tServer that can run the browser service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_BACKUP_BROWSER)
{
_tprintf(_T("\t\tServer running a browser service as backup.\n"));
}
if(pBuf->sv101_type & SV_TYPE_MASTER_BROWSER)
{
_tprintf(_T("\t\tServer running the master browser service.\n"));
}
if(pBuf->sv101_type & SV_TYPE_DOMAIN_MASTER)
{
_tprintf(_T("\t\tServer running the domain master browser.\n"));
}
if(pBuf->sv101_type & SV_TYPE_CLUSTER_NT)
{
_tprintf(_T("\t\tServer clusters available in the domain.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SQLSERVER)
{
_tprintf(_T("\t\tAny server running with Microsoft SQL Server.\n"));
}
if(pBuf->sv101_type & SV_TYPE_SERVER_NT)
{
_tprintf(_T("\t\tWindows NT/2000 server that is not a domain controller.\n"));
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nFingerprint:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nFingerprint Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
return 0;
}

int netbios(PTSTR server)
{
DWORD er,tr,resume;
DWORD i,dwLength,dwLevel;
PSHARE_INFO_1 pBuf,pBuffer;
NET_API_STATUS nStatus;
DWORD lerror;

er=0;
tr=0;
resume=1;
dwLevel=1;
dwLength=_tcslen(server);

_tprintf(_T("\n****** Netbios ******\n"));
do
{
nStatus=NetShareEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=1;i<=er;i++)
{
_tprintf(_T("\nName:\t\t%s"),pBuffer->shi1_netname);
_tprintf(_T("\nRemark:\t\t%s"),pBuffer->shi1_remark);
_tprintf(_T("\nType:\t\t"));
if(pBuffer->shi1_type==STYPE_DISKTREE)
{
_tprintf(_T("Disk drive.\n"));
}
else if(pBuffer->shi1_type==STYPE_PRINTQ)
{
_tprintf(_T("Print queue.\n"));
}
else if(pBuffer->shi1_type==STYPE_DEVICE)
{
_tprintf(_T("Communication device.\n"));
}
else if(pBuffer->shi1_type==STYPE_IPC)
{
_tprintf(_T("Interprocess communication (IPC).\n"));
}
else if(pBuffer->shi1_type==STYPE_SPECIAL)
{
_tprintf(_T("Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$).\n"));
}
else
{
_tprintf(_T("\n"));
}
pBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nNetbios:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nNetbios Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}
while(nStatus==ERROR_MORE_DATA);
return 0;
}

int users(PTSTR server)
{
PNET_DISPLAY_USER pBuf,pBuffer;
DWORD nStatus;
DWORD dwRec;
DWORD i=0;
DWORD lerror;
DWORD dwLevel;

dwLevel=1;

_tprintf(_T("\n******* Users *******\n"));
do
{
nStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID *)&pBuf);
if((nStatus==ERROR_SUCCESS) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(;dwRec>0;dwRec--)
{
_tprintf(_T("\nName:\t\t%s"),pBuffer->usri1_name);
_tprintf(_T("\nFull Name:\t%s"),pBuffer->usri1_full_name);
_tprintf(_T("\nUser ID:\t%u"),pBuffer->usri1_user_id);
_tprintf(_T("\nComment: \t%s"),pBuffer->usri1_comment);
_tprintf(_T("\nFlag:"));
if(pBuffer->usri1_flags & UF_ACCOUNTDISABLE)
{
_tprintf(_T("\t\tThe users account is disabled.\n"));
}
if(pBuffer->usri1_flags & UF_TRUSTED_FOR_DELEGATION)
{
_tprintf(_T("\t\tThe account is enabled for delegation. \n"));
}
if(pBuffer->usri1_flags & UF_LOC口T)
{
_tprintf(_T("\t\tThe account is currently locked out (blocked).\n"));
}
if(pBuffer->usri1_flags & UF_SMARTCARD_REQUIRED)
{
_tprintf(_T("\t\tRequires the user to log on to the user account with a smart card. \n"));
}
if(pBuffer->usri1_flags & UF_DONT_REQUIRE_PREAUTH)
{
_tprintf(_T("\t\tThis account does not require Kerberos preauthentication for logon.\n"));
}
if(pBuffer->usri1_flags & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)
{
_tprintf(_T("\t\tThe users password is stored under reversible encryption in the Active Directory. \n"));
}
if(pBuffer->usri1_flags & UF_NOT_DELEGATED)
{
_tprintf(_T("\t\tMarks the account as \"sensitive\"; other users cannot act as delegates of this user account.\n"));
}
if(pBuffer->usri1_flags & UF_USE_DES_KEY_ONLY)
{
_tprintf(_T("\t\tRestrict this principal to use only Data Encryption Standard (DES) encryption types for keys.\n"));
}
if(pBuffer->usri1_flags & UF_HOMEDIR_REQUIRED)
{
_tprintf(_T("\t\tThe home directory is required. Windows NT/Windows 2000/Windows XP ignores this value.\n"));
}
if(pBuffer->usri1_flags & UF_SCRIPT)
{
_tprintf(_T("\t\tThe logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/2000/XP.\n"));
}
i=pBuffer->usri1_next_index;
pBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nUsers:\t\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nUsers Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
return 0;
}

int localgroup(PTSTR server)
{
NET_API_STATUS nStatus;
PLOCALGROUP_INFO_1 pBuf,pBuffer;
DWORD i,dwLevel;
DWORD er,tr,resume;
DWORD lerror;

resume=0;
dwLevel=1;

_tprintf(_T("\n**** Local Group ****\n"));
do
{
nStatus=NetLocalGroupEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=1;i<=er;i++)
{
_tprintf(_T("\nName:\t\t%s"),pBuffer->lgrpi1_name);
_tprintf(_T("\nComment:\t%s"),pBuffer->lgrpi1_comment);
_tprintf(_T("\n"));
pBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nLocal Group:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nLocal Group Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
return 0;
}

int globalgroup(PTSTR server)
{
PNET_DISPLAY_GROUP pGBuf,pGBuffer;
PGROUP_USERS_INFO_0 pUBuf,pUBuffer;
DWORD nGStatus,nUStatus;
DWORD i;
DWORD dwLevel,dwRec;
DWORD k;
DWORD er,tr,resume;
DWORD lerror;

i=0;
dwLevel=3;
er=0;
tr=0;
resume=0;
_tprintf(_T("\n**** Global group ****\n"));
do
{
nGStatus=NetQueryDisplayInformation(server,dwLevel,i,100,0xFFFFFFFF,&dwRec,(PVOID*)&pGBuf);
if((nGStatus==ERROR_SUCCESS) || (nGStatus==ERROR_MORE_DATA))
{
pGBuffer=pGBuf;
for(;dwRec>0;dwRec--)
{
_tprintf(_T("\nName:\t\t%s"),pGBuffer->grpi3_name);
_tprintf(_T("\nComment:\t%s"),pGBuffer->grpi3_comment);
_tprintf(_T("\nGroup ID:\t%u"),pGBuffer->grpi3_group_id);
_tprintf(_T("\nAttributs:\t%u"),pGBuffer->grpi3_attributes);
_tprintf(_T("\nMembers:\t"));

nUStatus=NetGroupGetUsers(server,pGBuffer->grpi3_name,0,(PBYTE *)&pUBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if(nUStatus==NERR_Success)
{
pUBuffer=pUBuf;
for(k=1;k<=er;k++)
{
_tprintf(_T("%s "),pUBuffer->grui0_name);
pUBuffer++;
}
if(pUBuf!=NULL)
{
NetApiBufferFree(pUBuf);
}
}
_tprintf(_T("\n"));
i=pGBuffer->grpi3_next_index;
pGBuffer++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nGlobal Group:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nGlobal Group Error:\t%d\n"),lerror);
}
}
if(pGBuf!=NULL)
{
NetApiBufferFree(pGBuf);
}
}while(nGStatus==ERROR_MORE_DATA);
return 0;
}

int transport(PTSTR server)
{
NET_API_STATUS nStatus;
PSERVER_TRANSPORT_INFO_0 pBuf,pBuffer;
DWORD dwLevel;
DWORD i;
DWORD er,tr,resume;
DWORD dwTotalCount;
DWORD dwLength;
DWORD lerror;

er=0;
tr=0;
resume=0;
dwLevel=0;
dwTotalCount=0;

_tprintf(_T("\n***** Transport *****\n"));
dwLength=_tcslen(server);
do
{
nStatus=NetServerTransportEnum(server,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=0;i<er;i++)
{
_tprintf(_T("\nTransport:\t%s"),pBuffer->svti0_transportname);
_tprintf(_T("\nNetworkAddr:\t%s"),pBuffer->svti0_networkaddress);
_tprintf(_T("\nActiveClient:\t%d User(s)\n"),pBuffer->svti0_numberofvcs);
pBuffer++;
dwTotalCount++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nTransport:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nTransport Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
_tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount);
return 0;
}

int session(PTSTR server)
{
PSESSION_INFO_10 pBuf,pBuffer;
NET_API_STATUS nStatus;
DWORD i,dwLevel;
DWORD er,tr,resume;
DWORD dwTotalCount;
DWORD dwLength;
PTSTR pszClient;
PTSTR pszUser;
DWORD lerror;

_tprintf(_T("\n****** Session ******\n"));
dwLevel=10;
dwTotalCount=0;
pszClient=NULL;
pszUser=NULL;
er=0;
tr=0;
resume=0;
dwLength=_tcslen(server);

do
{
nStatus=NetSessionEnum(server,pszClient,pszUser,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&er,&tr,&resume);
if((nStatus==NERR_Success) || (nStatus==ERROR_MORE_DATA))
{
pBuffer=pBuf;
for(i=0;i<er;i++)
{
if(pBuffer==NULL)
{
_tprintf(_T("An access violation has occurred.\n"));
break;
}
_tprintf(_T("\nClient:\t\t%s"),pBuffer->sesi10_cname);
_tprintf(_T("\nUser:\t\t%s"),pBuffer->sesi10_username);
_tprintf(_T("\nSeconds Active:\t%d"),pBuffer->sesi10_time);
_tprintf(_T("\nSeconds Idle:\t%d\n"),pBuffer->sesi10_idle_time);
pBuffer++;
dwTotalCount++;
}
}
else
{
lerror=GetLastError();
if(lerror==997)
{
_tprintf(_T("\nSession:\tOverlapped I/O operation is in progress.\n"));
}
else
{
_tprintf(_T("\nSession Error:\t%d\n"),lerror);
}
}
if(pBuf!=NULL)
{
NetApiBufferFree(pBuf);
}
}while(nStatus==ERROR_MORE_DATA);
_tprintf(_T("\nTotal of %d entrie(s) enumerated.\n"),dwTotalCount);
return 0;
}

***********************************************************************************

得到计算机的主机名和IP地址

＃i nclude<winsock2.h>

链接库：Wsock32.lib

{
WORD wVersionRequested;
WSADATA wsaData;
char name[255];
CString ip;
PHOSTENT hostinfo;
wVersionRequested = MAKEWORD( 2, 0 );

if ( WSAStartup( wVersionRequested, &wsaData ) == 0 )
{

if( gethostname ( name, sizeof(name)) == 0)
{
if((hostinfo = gethostbyname(name)) != NULL)
{
ip = inet_ntoa (*(struct in_addr *)*hostinfo->h_addr_list);
}
}

WSACleanup( );
}
}

***********************************************************************************

用VC++读取网卡MAC地址的程序

运行VC++6.0，选择创建一个Win32 Console程序，然后输入以下代码：

＃i nclude "stdafx.h"
＃i nclude <windows.h>
＃i nclude <wincon.h>
＃i nclude <stdlib.h>
＃i nclude <stdio.h>
＃i nclude <time.h>

nb30.h ＃i nclude < nb30.h >
typedef struct _ASTAT_
{
ADAPTER_STATUS adapt;
NAME_BUFFER NameBuff [30];
}ASTAT, * PASTAT;

ASTAT Adapter;

void getmac_one (int lana_num)
{
NCB ncb;
UCHAR uRetCode;
memset( &ncb, 0, sizeof(ncb) );
ncb.ncb_command = NCBRESET;
ncb.ncb_lana_num = lana_num;
uRetCode = Netbios( &ncb );
printf( "The NCBRESET return code is:
0x%x \n", uRetCode );
memset( &ncb, 0, sizeof(ncb) );
ncb.ncb_command = NCBASTAT;
ncb.ncb_lana_num = lana_num;
strcpy( (char *)ncb.ncb_callname,
"* " );
ncb.ncb_buffer = (unsigned char *) &Adapter;
ncb.ncb_length = sizeof(Adapter);
uRetCode = Netbios( &ncb );
printf( "The NCBASTAT
return code is: 0x%x \n", uRetCode );
if ( uRetCode == 0 )
{
printf( "The Ethernet Number[%d]
is: %02X%02X-%02X%02X-%02X%02X\n",
lana_num,
Adapter.adapt.adapter_address[0],
Adapter.adapt.adapter_address[1],
Adapter.adapt.adapter_address[2],
Adapter.adapt.adapter_address[3],
Adapter.adapt.adapter_address[4],
Adapter.adapt.adapter_address[5]);
}
}
int main(int argc, char* argv[])
{
NCB ncb;
UCHAR uRetCode;
LANA_ENUM lana_enum;
memset( &ncb, 0, sizeof(ncb) );
ncb.ncb_command = NCBENUM;
ncb.ncb_buffer = (unsigned char *) &lana_enum;
ncb.ncb_length = sizeof(lana_enum);
uRetCode = Netbios( &ncb );
printf( "The NCBENUM return
code is:
0x%x \n", uRetCode );
if ( uRetCode == 0 )
{
printf( "Ethernet Count is : %d\n\n", lana_enum.length);
for ( int i=0; i< lana_enum.length; ++i)
getmac_one( lana_enum.lana);
}
return 0;
}

----------------------------------------------------------

***********************************************************************************

解决VC++语言程序中的2000年问题

PROCTIME.C源程序清单:

＃i nclude <stdio.h>
＃i nclude <bios.h>
＃i nclude <time.h>

void goto_ xy(int x,int y)
{
union REGS r;
r.h.ah=2; r.h.bh=0;
r.h.dh=(char)x;
r.h.dl=(char)y;
int86(0x10,&r,&r);
}
get_key()
{
union REGS r;
r.h.ah=0;
return int86(0x16,&r,&r);
}
int wherex()
{int x;
union REGS r;
r.h.ah=3; r.h.bh=0;
int86(0x10,&r,&r);
(char)x=r.h.dh;
return x;
}
int wherey()
{ int y;
union REGS r;
r.h.ah=3; r.h.bh=0;
int86(0x10,&r,&r);
(char)y=r.h.dl;
return y;
}
void write_video(int x,int y,char *p,int attrib)
{
register int I;
union REGS r;
for (I=y;*p;I++) {
if (*p==\n)
{ goto_ xy(x+1,2);break; }
goto_ xy(x,I);
r.h.ah=9; r.h.bh=0;
r.x.cx=1; r.h.al=*p++;
r.h.bl=(char)attrib;
int86(0x10,&r,&r);
}
}
void disptime(int x,int y)
{
struct tm *newtime;
time_t aclock;
long startsec,currsec;
int dqx,dqy,YEAR;
char sj[50],week[3];
time(&aclock);
newtime=localtime(&aclock);
YEAR=newtime-＞tm_year+1990
startsec=newtime-＞tm_sec;
switch(newtime-＞tm_wday)
{
case 0: strcpy(week,"日"); break;
case 1: strcpy(week,"一"); break;
case 2: strcpy(week,"二"); break;
case 3: strcpy(week,"三"); break;
case 4: strcpy(week,"四"); break;
case 5: strcpy(week,"五"); break;
case 6: strcpy(week,"六"); break;
}
while(!kbhit())
{
time(&aclock);
newtime=localtime(&aclock);
sprintf(sj,"%d.%2d.%2d 星期%s %d:%2d:%2d",YEAR,newtime-＞tm_mon+1,newtime- ＞tm_mday,week,newtime-＞tm_hour,newtime-＞tm_min,newtime-＞tm_sec);
currsec=newtime-＞tm_sec;
if(startsec!=currsec)
{
dqx=wherex(); dqy=wherey();
write_video(x,y,sj,0x0a);
goto_ xy(dqx,dqy);
return;
}
}
}
main ()
{
union inkey { char ch[2]; int I; }c;
for(;;) {
for(;;) {
if (kbhit()) { c.I=get_key(); break; }
disptime(0,54);
if (c.ch[0]==27) exit(0);
}
}
}