获取远程主机的netbios名.txt

可以对黑客编程有一定的了解

typedef struct _NODE_REQUEST {
    unsigned short  Name_Tran_ID;
    unsigned char   OpCode_RCode[2];
    unsigned short  QDCount;
    unsigned short  ANCount;
    unsigned short  NSCount;
    unsigned short  ARCount;
    char            Question_Name[34];
    unsigned short  NB;
    unsigned short  INClass;
} NODE_REQUEST;

typedef struct _NODE_RES_HEAD {
    unsigned short  Name_Tran_ID;
    unsigned char   Op_resCode[2];
    unsigned short  QDCount;
    unsigned short  ANCount;
    unsigned short  NSCount;
    unsigned short  ARCount;
    char            RR_Name[34];
    unsigned short  NB;
    unsigned short  INClass;
    unsigned char   TTL[4];
    short           RDLength;
    unsigned char   num_names;
} NODE_RES_HEAD;

//获取远程主机的netbios名
BOOL GetNetBiosName(char *szHostIP, char *szNetbiosName, int nLen, short nSourcePort, int nRecvTimeout, int nSendTimeout)
{
    SOCKET  sHostSocket;
    SOCKADDR_IN  sSockAddr, sSourceAddr;
    IN_ADDR inAddr;
    NODE_REQUEST NodeRequest;
    NODE_RES_HEAD NodeResHead;
    char szBuf[1024] = {0};
    int nRecvLen, nSockAddrInLen;
    char *pTmp = NULL;

    memset(NodeRequest.OpCode_RCode, 0, 2);
    memset(NodeRequest.Question_Name, 0, 34);
    memset(NodeResHead.Op_resCode, 0, 2);
    memset(NodeResHead.RR_Name, 0, 34);
    memset(NodeResHead.TTL, 0, 4);

    inAddr.S_un.S_addr = inet_addr(szHostIP);
    sHostSocket = socket(PF_INET, SOCK_DGRAM, 0);
    if (sHostSocket == INVALID_SOCKET)
        return FALSE;

    memset(&sSockAddr,0,sizeof(SOCKADDR_IN));
    sSockAddr.sin_family = AF_INET;
    sSockAddr.sin_port = htons(137);
    sSockAddr.sin_addr = inAddr;
    memset(&sSourceAddr, 0, sizeof(SOCKADDR_IN));
    sSourceAddr.sin_family = AF_INET;
    sSourceAddr.sin_port = htons(nSourcePort);
    sSourceAddr.sin_addr.S_un.S_addr = 0;

    setsockopt(sHostSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&nSendTimeout, sizeof(int));
    setsockopt(sHostSocket, SOL_SOCKET, SO_RCVTIMEO, (char *)&nRecvTimeout, sizeof(int));
    if(bind(sHostSocket, (SOCKADDR *)&sSourceAddr, sizeof(SOCKADDR_IN)) == SOCKET_ERROR) {
        closesocket(sHostSocket);
        return FALSE;
    }
    NodeRequest.Name_Tran_ID = 0x8010;
    NodeRequest.OpCode_RCode[0] = 0x00;
    NodeRequest.OpCode_RCode[1] = 0x10;
    NodeRequest.QDCount = htons(0x0001);
    NodeRequest.ANCount = 0;
    NodeRequest.NSCount = 0;
    NodeRequest.ARCount = 0;
    memset(&(NodeRequest.Question_Name[0]), 0x41, 34);
    NodeRequest.Question_Name[0] = 0x20;
    NodeRequest.Question_Name[1] = 0x43;
    NodeRequest.Question_Name[2] = 0x4b;
    NodeRequest.Question_Name[33] = 0x0;
    NodeRequest.NB = htons(0x0021);
    NodeRequest.INClass = htons(0x0001);
    memcpy(szBuf, (char *)&NodeRequest, sizeof(NODE_REQUEST));
    if(sendto(sHostSocket, szBuf, sizeof(NODE_REQUEST), 0, (SOCKADDR *)&sSockAddr, sizeof(SOCKADDR_IN)) == SOCKET_ERROR)
        return FALSE;

    memset(&sSourceAddr,0, sizeof(SOCKADDR_IN));
    sSourceAddr.sin_family = AF_INET;
    nSockAddrInLen = sizeof(SOCKADDR_IN);
    nRecvLen = recvfrom(sHostSocket ,szBuf, 1024, 0, (SOCKADDR *)&sSourceAddr, &nSockAddrInLen);
    if (nRecvLen > 0 && nRecvLen > sizeof(NODE_RES_HEAD)) {
        memcpy(&NodeResHead, szBuf, 57);
        NodeResHead.RDLength = htons(NodeResHead.RDLength);
        if(NodeResHead.Op_resCode[0] == 0x84 && NodeResHead.num_names > 0) {
            nLen = sizeof(NODE_RES_HEAD);
            memcpy(szNetbiosName, &szBuf[57], (nLen - 1));
            pTmp = strchr(szNetbiosName, 0x20);
            if (pTmp) pTmp[0] = '\0';
            closesocket(sHostSocket);
            return TRUE;
        }
    }
    closesocket(sHostSocket);
    return FALSE;
} 

--