-- 完整的code(use Delphi)和一個編譯好的zip文件在
FTP://202.96.215.252/incoming/sea/getuser.zip
這裡貼一下程序的主要代碼段:
unit Unit1;
{ 這是一個演示如何去獲取目標NT計算機上用戶列表的程序,
由於Win32 API的限制,此程序只能在NT平台上正確運行。
由於是為了演示原理,所以沒有使用多線程,也沒有考慮太高
的健壯性,希望諸位海涵。歡迎和我聯系
Vader Yang
[email protected]}
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dia
logs,
StdCtrls, ComCtrls, ExtCtrls;
// 省略 若干行
{...}
{$R *.DFM}
procedure TForm1.Button1Click(Sender: TObject);
var
seaNetResource:NETRESOURCE;
seaResult:DWord;
seaAccessBuffer:string[255];
seaAccessBufferLength:DWord;
sidbuffer:string[255];
lpAccessBuffer:PChar;
seaSID:PSID;
seaSIDlength:DWord;
seaReferencedDomainName:string[255];
seaReferencedDomainNameLength:DWord;
lpReferencedDomainName:PChar;
seaSIDnameuse:SID_NAME_USE;
tempPchar:Pchar;
SidSubCount:PUCHAR;
i,j:integer;
StoreCount:byte;
tempPDWORD:PDWord;
tempDWORD:DWord;
storeSIDsub: array [0..8] of Integer;
seaSidIdentify:PSIDIdentifIErAuthority;
newSID:PSID;
seaAccountBuffer:String[255];
pAccountName:LPTSTR;
AccountLength:DWord;
BlResult:Boolean;
const
AccountType:array [0..8] of string=('','User','Group','Domain','al
ias',
'WelknowGroup','Deleted','Invalid','Unknown');
begin
Button1.Enabled:=False;
lpAccessBuffer:=@seaAccessBuffer;
lpReferencedDomainName:=@seaReferencedDomainName;
seaSID:=@sidbuffer;
seaAccessBufferLength:=64;
seaSIDLength:=255;
seaReferencedDomainNameLength:=255;
seaNetResource.dwScope:=RESOURCE_GLOBALNET;
seaNetResource.dwType:=RESOURCETYPE_ANY;
seaNetResource.lpLocalName:=PChar('');
seaNetResource.lpRemoteName:=PChar(''+EdtHostName.Text+'IPC$');
seaNetResource.lpProvider:=PChar('');
seaResult:=WNetAddConnection2(seaNetResource,PChar(''),PChar(''),C
ONNECT_PROMPT);
if seaResult=NO_ERROR then
begin
if LookupAccountName(PChar(''+EdtHostName.Text),Pchar(seedl
ine),seaSID,seaSIDlength,
lpReferencedDomainName,seaReferencedDomainNamelength,seaS
IDnameuse)
then
begin
cpDomain.Caption:=string(lpReferencedDomainName);
seaSidIdentify:=GetSidIdentifIErAuthority(seaSID);
SidSubCount:=GetSidSubAuthorityCount(seaSID);
StoreCount:=SidSubCount^;
for i:=0 to Integer(StoreCount)-1 do
begin
tempPDWord:=GetSidSubAuthority(seaSID,i);
storeSIDsub[i]:=tempPDWord^;
end;
//start to get username
pAccountName:=@seaAccountBuffer ;
seaReferencedDomainNameLength:=255;
AccountLength:=255;
storeSIDsub[StoreCount-1]:=500;
if AllocateAndInitializeSid(seaSidIdentify^,SidSubCount^
,StoreSidSub[0],
StoreSidSub[1],StoreSidSub[2],StoreSidSub[3],StoreSidSub
[4],
StoreSidSub[5],StoreSidSub[6],StoreSidSub[7],newSID) the
n
begin
if LookupAccountSid(PChar(''+EdtHostName.Text),ne
wsid,
pAccountName,AccountLength,lpReferencedDomainName,
seaReferencedDomainNameLength,seaSIDnameuse)
then
begin
lbAdmin.Caption:=String(pAccountName);
ListBox1.Items.Add(''+lpReferencedDomainName+
''+pAccountName+' Built-in Admin');
end
else
exit;
FreeSid(newSID);
//tempDWord:=GetLastError;
j:=1;
i:=1000;
while j<=30 do
begin
seaReferencedDomainNamelength:=255;
AccountLength:=255;
StoreSidSub[StoreCount-1]:=i;
AllocateAndInitializeSid(seaSidIdentify^,SidSu
bCount^,StoreSidSub[0],
StoreSidSub[1],StoreSidSub[2],StoreSidSub
[3],StoreSidSub[4],
StoreSidSub[5],StoreSidSub[6],StoreSidSub
[7],newSID);
if LookupAccountSid(PChar(''+EdtHostName.Tex
t),newsid,
pAccountName,AccountLength,lpReferencedDo
mainName,
seaReferencedDomainNameLength,seaSIDnameu
se)
then
begin
if seaSIDnameuse=sidTypeInvalid then j:=j+1
else if seaSIDnameuse<>sidTypeDeletedAccount t
hen
begin
j:=0;
ListBox1.Items.Add(''+lpReferencedDomainN
ame+
''+pAccountName+' '+AccountType
[seaSIDnameuse]);
StatusBar1.SimpleText:=pAccountName;
end;
end
else
j:=j+1;
Application.ProcessMessages;
i:=i+1;
FreeSID(newsid);
end;
end;
end
else ShowMessage('Cannot locate sid infomation!');
end
else ShowMessage('Connection Error!');
WNetCancelConnection2(PChar(''+EdtHostName.Text+'IPC$'),0,true)
;
Button1.Enabled:=True;
end;
{以後code 省略}
