-- 完整的code(use Delphi)和一個(gè)編譯好的zip文件在
ftp://202.96.215.252/incoming/sea/getuser.zip
這里貼一下程序的主要代碼段:
unit Unit1;
{ 這是一個(gè)演示如何去獲取目標(biāo)NT計(jì)算機(jī)上用戶列表的程序,
由于Win32 API的限制,此程序只能在NT平臺(tái)上正確運(yùn)行。
由于是為了演示原理,所以沒有使用多線程,也沒有考慮太高
的健壯性,希望諸位海涵。歡迎和我聯(lián)系
Vader Yang
ciert@soim.net}
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dia
logs,
StdCtrls, ComCtrls, ExtCtrls;
// 省略 若干行
{...}
{$R *.DFM}
PRocedure TForm1.Button1Click(Sender: TObject);
var
seaNetResource:NETRESOURCE;
seaResult:DWord;
seaaccessBuffer:string[255];
seaAccessBufferLength:DWORD;
sidbuffer:string[255];
lpAccessBuffer:PChar;
seaSID:PSID;
seaSIDlength:DWORD;
seaReferencedDomainName:string[255];
seaReferencedDomainNameLength:DWORD;
lpReferencedDomainName:PChar;
seaSIDnameuse:SID_NAME_USE;
tempPchar:Pchar;
SidSubCount:PUCHAR;
i,j:integer;
StoreCount:byte;
tempPDWORD:PDWORD;
tempDWORD:DWORD;
storeSIDsub: array [0..8] of Integer;
seaSidIdentify:PSIDIdentifierAuthority;
newSID:PSID;
seaAccountBuffer:String[255];
pAccountName:LPTSTR;
AccountLength:DWORD;
BlResult:Boolean;
const
AccountType:array [0..8] of string=('','User','Group','Domain','al
ias',
'WelknowGroup','Deleted','Invalid','Unknown');
begin
Button1.Enabled:=False;
lpAccessBuffer:=@seaAccessBuffer;
lpReferencedDomainName:=@seaReferencedDomainName;
seaSID:=@sidbuffer;
seaAccessBufferLength:=64;
seaSIDLength:=255;
seaReferencedDomainNameLength:=255;
seaNetResource.dwScope:=RESOURCE_GLOBALNET;
seaNetResource.dwType:=RESOURCETYPE_ANY;
seaNetResource.lpLocalName:=PChar('');
seaNetResource.lpRemoteName:=PChar('//'+EdtHostName.Text+'/IPC$');
seaNetResource.lpProvider:=PChar('');
seaResult:=WNetAddConnection2(seaNetResource,PChar(''),PChar(''),C
ONNECT_PROMPT);
if seaResult=NO_ERROR then
begin
if LookupAccountName(PChar('//'+EdtHostName.Text),Pchar(seedl
ine),seaSID,seaSIDlength,
lpReferencedDomainName,seaReferencedDomainNamelength,seaS
IDnameuse)
then
begin
cpDomain.Caption:=string(lpReferencedDomainName);
seaSidIdentify:=GetSidIdentifierAuthority(seaSID);
SidSubCount:=GetSidSubAuthorityCount(seaSID);
StoreCount:=SidSubCount^;
for i:=0 to Integer(StoreCount)-1 do
begin
tempPDWORD:=GetSidSubAuthority(seaSID,i);
storeSIDsub[i]:=tempPDWORD^;
end;
//start to get username
pAccountName:=@seaAccountBuffer ;
seaReferencedDomainNameLength:=255;
AccountLength:=255;
storeSIDsub[StoreCount-1]:=500;
if AllocateAndInitializeSid(seaSidIdentify^,SidSubCount^
,StoreSidSub[0],
StoreSidSub[1],StoreSidSub[2],StoreSidSub[3],StoreSidSub
[4],
StoreSidSub[5],StoreSidSub[6],StoreSidSub[7],newSID) the
n
begin
if LookupAccountSid(PChar('//'+EdtHostName.Text),ne
wsid,
pAccountName,AccountLength,lpReferencedDomainName,
seaReferencedDomainNameLength,seaSIDnameuse)
then
begin
lbAdmin.Caption:=String(pAccountName);
ListBox1.Items.Add('//'+lpReferencedDomainName+
'/'+pAccountName+' Built-in Admin');
end
else
exit;
FreeSid(newSID);
//tempDWORD:=GetLastError;
j:=1;
i:=1000;
while j<=30 do
begin
seaReferencedDomainNamelength:=255;
AccountLength:=255;
StoreSidSub[StoreCount-1]:=i;
AllocateAndInitializeSid(seaSidIdentify^,SidSu
bCount^,StoreSidSub[0],
StoreSidSub[1],StoreSidSub[2],StoreSidSub
[3],StoreSidSub[4],
StoreSidSub[5],StoreSidSub[6],StoreSidSub
[7],newSID);
if LookupAccountSid(PChar('//'+EdtHostName.Tex
t),newsid,
pAccountName,AccountLength,lpReferencedDo
mainName,
seaReferencedDomainNameLength,seaSIDnameu
se)
then
begin
if seaSIDnameuse=sidTypeInvalid then j:=j+1
else if seaSIDnameuse<>sidTypeDeletedAccount t
hen
begin
j:=0;
ListBox1.Items.Add('//'+lpReferencedDomainN
ame+
'/'+pAccountName+' '+AccountType
[seaSIDnameuse]);
StatusBar1.SimpleText:=pAccountName;
end;
end
else
j:=j+1;
application.ProcessMessages;
i:=i+1;
FreeSID(newsid);
end;
end;
end
else ShowMessage('Cannot locate sid infomation!');
end
else ShowMessage('Connection Error!');
WNetCancelConnection2(PChar('//'+EdtHostName.Text+'/IPC$'),0,true)
;
Button1.Enabled:=True;
end;
{以后code 省略}
新聞熱點(diǎn)
疑難解答
圖片精選
網(wǎng)友關(guān)注
