- 论坛徽章:
- 0
|
限制 Windows 服务器 IPC$ 的远程默认分享
当时主要是为了实现功能,所以写的很乱,时间长了也就懒的改了。只能凑合看。
只要你 IPC$ 开着。即使你设置了注册表也照样可以得到用户列表。
SID_NAME_USE peUse;
PSID_IDENTIFIER_AUTHORITY SidIdentify;
NETRESOURCE netr;
TCHAR netBuf[MAX_PATH];
TCHAR netNB[MAX_PATH];
DWORD dwResult;
PSID Sid;
PSID newSid;
DWORD cbSid;
TCHAR DomainName[MAX_PATH];
DWORD cbDomainName;
TCHAR AccountBuff[MAX_PATH];
DWORD cbAccountBuff;
BYTE SidSubCount;
BYTE StoreCount;
int i,j;
DWORD storeSIDsub[8];
DWORD tempPDWORD;
Sid = (PSID)HeapAlloc(GetProcessHeap(),0,1024);
ListBox1->;Items->;Clear();
cbDomainName=255;
cbSid=255;
sprintf(netBuf,"\\\\%s\\ipc$",Form1->;Edit1->;Text.c_str());
sprintf(netNB,"\\\\%s",Form1->;Edit1->;Text.c_str());
netr.dwScope=RESOURCE_GLOBALNET;
netr.dwType=RESOURCETYPE_ANY;
netr.lpLocalName=NULL;
netr.lpRemoteName=netBuf;
netr.lpProvider=NULL;
dwResult=WNetAddConnection2(&netr,"","",NULL);
if(dwResult==NO_ERROR)
{
if(LookupAccountName(netNB,"Guest",Sid,&cbSid,DomainName,&cbDomainName,&peUse))
{
sprintf(netBuf,"域名: %s",DomainName);
Form1->;ListBox1->;Items->;Add(String(netBuf));
SidIdentify=GetSidIdentifierAuthority(Sid);
SidSubCount=*GetSidSubAuthorityCount(Sid);
StoreCount=SidSubCount;
for(i=0;i<=StoreCount-1;i++)
{
tempPDWORD=*GetSidSubAuthority(Sid,i);
storeSIDsub=tempPDWORD;
}
cbDomainName=255;
cbAccountBuff=255;
storeSIDsub[StoreCount-1]=500;
if(AllocateAndInitializeSid(SidIdentify,SidSubCount,storeSIDsub[0],storeSIDsub[1],
storeSIDsub[2],storeSIDsub[3],storeSIDsub[4],storeSIDsub[5],
storeSIDsub[6],storeSIDsub[7],&newSid))
{
if(LookupAccountSid(netNB,newSid,AccountBuff,&cbAccountBuff,DomainName,&cbDomainName,&peUse))
{
Form1->;ListBox1->;Items->;Add("用户名称: "+String(AccountBuff));
}
else
exit(1);
FreeSid(newSid);
//以下枚举过程
j=1;
i=1000;
while(j<=30)
{
cbDomainName=255;
cbAccountBuff=255;
storeSIDsub[StoreCount-1]=i;
AllocateAndInitializeSid(SidIdentify,SidSubCount,storeSIDsub[0],storeSIDsub[1],
storeSIDsub[2],storeSIDsub[3],storeSIDsub[4],storeSIDsub[5],
storeSIDsub[6],storeSIDsub[7],&newSid);
if(LookupAccountSid(netNB,newSid,AccountBuff,&cbAccountBuff,DomainName,&cbDomainName,&peUse))
{
if(peUse==SidTypeInvalid) j=j+1;
else if(peUse!=SidTypeDeletedAccount)
{
j=-1;
int le=lstrlen(AccountBuff);
if(AccountBuff[le-1]=='$')
Form1->;ListBox1->;Items->;Add("主机名称: "+String(AccountBuff));
else
Form1->;ListBox1->;Items->;Add("用户名称: "+String(AccountBuff));
}
}
else
j=j+1;
Application->rocessMessages();
i=i+1;
FreeSid(newSid);
}
}
}
else Application->;MessageBox("请重新连接","无法获得SID标识",MB_OK|MB_ICONWARNING);
}
else
{
ShowMessage(GetLastError());
}
HeapFree(GetProcessHeap(),0,Sid);
WNetCancelConnection2(netBuf,0,true); |
|