• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 539
  • Last Modified:

C/C++ : How to get the remote logged on user from IP address

Hi,

My problem is, I want to retrieve the logged on user on remote machine. I will have remote machine's IP address. Is there any way to retrieve the information which says that the use XXX has been logged on this machine?

Thanks
0
deshaw
Asked:
deshaw
  • 4
  • 2
1 Solution
 
jkrCommented:
You could use the following code to list all users on any remote machine:
//--------------------------------------------------------------------
//
// DisplayLocalLogons
//
// Scans the HKEY_USERS key of the specified computer to see who
// has their profile loaded. Returns true if someone is logged on.
//
//--------------------------------------------------------------------
BOOLEAN DisplayLocalLogons( LPWSTR ServerName, LPWSTR UserName  )
{
    BOOLEAN          first = TRUE;
   TCHAR          errorMessage[1024];
   TCHAR          userName[MAX_NAME_STRING], domainName[MAX_NAME_STRING];
   TCHAR          subKeyName[MAX_PATH];
   DWORD          subKeyNameSize, index;
   DWORD          userNameSize, domainNameSize;
   FILETIME     lastWriteTime;
   HKEY          usersKey;
   PSID          sid;
   SID_NAME_USE sidType;
   SID_IDENTIFIER_AUTHORITY authority;
    BYTE          subAuthorityCount;
   DWORD          authorityVal, revision;
   DWORD          subAuthorityVal[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
   
   //
   // Use RegConnectRegistry so that we work with remote computers
   //
    if( ServerName ) {
         
         wprintf(L"Connecting to Registry of %s...", ServerName );
         fflush( stdout );
 
         if( RegConnectRegistry( ServerName, HKEY_USERS, &usersKey ) != ERROR_SUCCESS) {
       
              wprintf(L"\r                                                      \r");
              wprintf( L"Error opening HKEY_USERS for %s\n", ServerName );
              return FALSE;
         }
         wprintf(L"\r                                                      \r");
 
    } else {
 
         if( RegOpenKey( HKEY_USERS, NULL, &usersKey ) != ERROR_SUCCESS ) {
 
              wprintf( errorMessage, L"Error opening HKEY_USERS" );
              PrintWin32Error( errorMessage, GetLastError() );
              return FALSE;
         }
    }
 
    //
   // Enumerate keys under HKEY_USERS
   //
   index = 0;
   subKeyNameSize = sizeof( subKeyName );
   while( RegEnumKeyEx( usersKey, index, subKeyName, &subKeyNameSize,
                        NULL, NULL, NULL, &lastWriteTime ) == ERROR_SUCCESS ) {
 
       //
       // Ignore the default subkey and win2K user class subkeys
       //
       if( wcsicmp( subKeyName, L".default" ) &&
              !wcsstr( subKeyName, L"Classes")) {
 
              //
              // Convert the textual SID into a binary SID
              //
           subAuthorityCount= swscanf( subKeyName, L"S-%d-%x-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu",
                                       &revision, &authorityVal,
                                       &subAuthorityVal[0],
                                       &subAuthorityVal[1],
                                       &subAuthorityVal[2],
                                       &subAuthorityVal[3],
                                       &subAuthorityVal[4],
                                       &subAuthorityVal[5],
                                       &subAuthorityVal[6],
                                       &subAuthorityVal[7] );
 
           if( subAuthorityCount >= 3 ) {
 
               subAuthorityCount -= 2;
               
               //
               // Note: we can only deal with authority values
               // of 4 bytes in length
               //
               authority.Value[5] = *(PBYTE) &authorityVal;
               authority.Value[4] = *((PBYTE) &authorityVal+1);
               authority.Value[3] = *((PBYTE) &authorityVal+2);
               authority.Value[2] = *((PBYTE) &authorityVal+3);
               authority.Value[1] = 0;
               authority.Value[0] = 0;
 
                   //
               // Initialize variables for subsequent operations
               //
               sid = NULL;
               userNameSize   = MAX_NAME_STRING;
               domainNameSize = MAX_NAME_STRING;
 
               if( AllocateAndInitializeSid( &authority,
                                              subAuthorityCount,
                                              subAuthorityVal[0],
                                              subAuthorityVal[1],
                                              subAuthorityVal[2],
                                              subAuthorityVal[3],
                                              subAuthorityVal[4],
                                              subAuthorityVal[5],
                                              subAuthorityVal[6],
                                              subAuthorityVal[7],
                                              &sid )) {
 
                        //
                        // We can finally lookup the account name
                        //
                        if( LookupAccountSid( ServerName,
                                                   sid,
                                                    userName,
                                                   &userNameSize,
                                                   domainName,
                                                   &domainNameSize,
                                                   &sidType )) {
 
                             //
                             // We've successfully looked up the user name
                             //
                           if( first && !UserName ) {
                               
                                   wprintf(L"Users logged on locally:\n");
                                  first = FALSE;
                           }
                           if( !UserName || !wcsicmp( UserName, userName )) {
                             
                                first = FALSE;
                                if( UserName ) wprintf(RESETLINE L"%s\\%s logged onto %s locally.\n",
                                                                 domainName, UserName, ServerName );
                                else                 wprintf( L"     %s\\%s\n", domainName, userName );
                           }                              
                         }
               }              
                if( sid ) FreeSid( sid );
           }
       }
       subKeyNameSize = sizeof( subKeyName );
       index++;
   }
    RegCloseKey( usersKey );
 
    if( first && !UserName ) wprintf(L"No one is logged on locally.\n");
    return !first;
}

Open in new window

0
 
SreejithGCommented:
the source code you are looking for is avilable in
http://read.pudn.com/downloads/sourcecode/windows/system/1439/LOGGEDON.C__.htm
0
 
deshawAuthor Commented:
I have removed most of errors but I am not able to remove below errors. Could anyone tell me how to remove it. One more thing I dont know why this code expect UNICODE defined? I am compiling code in Release mode.

Error259      error C2664: 'wcsicmp' : cannot convert parameter 1 from 'LPSTR' to 'const wchar_t *'            
Error260      error C2665: 'wcsstr' : none of the 2 overloads could convert all the argument types            
Error261      error C2664: 'swscanf' : cannot convert parameter 1 from 'LPSTR' to 'const wchar_t       
Error262      error C2664: 'wcsicmp' : cannot convert parameter 2 from 'LPSTR' to 'const wchar_t *'

Thanks            
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
deshawAuthor Commented:
The condition "if( subAuthorityCount >= 3 ) {" never gets true and as a result it always says "No user logged on". Please let me know if you know the reason for this,

Thanks,
0
 
deshawAuthor Commented:
Sorry, missed to tell you that I have used type casting - "(LPSTR)subKeyName"  and all errors went off.

0
 
jkrCommented:
>>I have used type casting - "(LPSTR)subKeyName"  and all errors went off.

Actually, it is not a good idea to typecast here - bettre set your project to UNICODE to get rid of these issues, this ensures that the code does not only compile but also run.
0
 
deshawAuthor Commented:
Thanks, ikr
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now