Remote NetBios Name and domain

[mis30tacos]

Hi, I am new to AutoIT and I am enchanted about it.

I come from the dark world of cmd scripting and have passed through Groundcontrol wich gives an advantage usage of controlling windows, mouse and Keystrokes in a similar way AutiIT does...

Anyway, here is may contribution:

I spent some time searching for a function that retrieves the netBios name from a remote machine.

I started from this cmd:

for /F %a in ('nbtstat -an 192.168.1.1^|find "<00>"') do @echo %a

With AutoIT I managed to do the same:

func NetBiosName2 (Const $sHost)
    $run=run(@ComSpec & " /C nbtstat -a "&$sHost&"|find ""<00>""","",Default,2)
    ProcessWaitClose($run)
    Return StringMid(StdoutRead($run),5,15)
EndFuncoÝ÷ Ù»­!Øpj{m¢ë»lµ«l h¢G~ì¢g¦èiÈpØ]WR,¶)ev趯zØ^²n¶*'"{azaz¸ZØ(¶Øb²ë~º&²x~)àjëh×6
#include <string.au3>
func NetBiosName3 (Const $sHost)
    UDPStartup()
    $socket=udpopen($sHost,137)
    UDPSend($socket,_HexToString("8E1A0000000100000000000020434B4141414141414141414141414141414141414141414141414141414141410000210001"))
    $data=UDPRecv($socket,289)
    Return StringMid($data,58,15)
EndFunc

Anybody has an idea of how to do the same via Windows APIs and DllCall?

Does anyone knows the way of doing it through port 445 tcp or udp?

I want the NetBios name, not the DNS....

PS.- Returning StringMid($data,76,15) instead gives us the remote Netbios domain/workgroup name

[ptrex]

@mis30tacos

expandcollapse popup

; 

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"

$Output=""
$Output = $Output & "Computer: " & $strComputer  & @CRLF
$Output = $Output & "==========================================" & @CRLF
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems
      $Output = $Output & "ArpAlwaysSourceRoute: " & $objItem.ArpAlwaysSourceRoute & @CRLF
      $Output = $Output & "ArpUseEtherSNAP: " & $objItem.ArpUseEtherSNAP & @CRLF
      $Output = $Output & "Caption: " & $objItem.Caption & @CRLF
      $Output = $Output & "DatabasePath: " & $objItem.DatabasePath & @CRLF
      $Output = $Output & "DeadGWDetectEnabled: " & $objItem.DeadGWDetectEnabled & @CRLF
      $strDefaultIPGateway = $objItem.DefaultIPGateway(0)
      $Output = $Output & "DefaultIPGateway: " & $strDefaultIPGateway & @CRLF
      $Output = $Output & "DefaultTOS: " & $objItem.DefaultTOS & @CRLF
      $Output = $Output & "DefaultTTL: " & $objItem.DefaultTTL & @CRLF
      $Output = $Output & "Description: " & $objItem.Description & @CRLF
      $Output = $Output & "DHCPEnabled: " & $objItem.DHCPEnabled & @CRLF
      $Output = $Output & "DHCPLeaseExpires: " & WMIDateStringToDate($objItem.DHCPLeaseExpires) & @CRLF
      $Output = $Output & "DHCPLeaseObtained: " & WMIDateStringToDate($objItem.DHCPLeaseObtained) & @CRLF
      $Output = $Output & "DHCPServer: " & $objItem.DHCPServer & @CRLF
      $Output = $Output & "DNSDomain: " & $objItem.DNSDomain & @CRLF
      $strDNSDomainSuffixSearchOrder = $objItem.DNSDomainSuffixSearchOrder(0)
      $Output = $Output & "DNSDomainSuffixSearchOrder: " & $strDNSDomainSuffixSearchOrder & @CRLF
      $Output = $Output & "DNSEnabledForWINSResolution: " & $objItem.DNSEnabledForWINSResolution & @CRLF
      $Output = $Output & "DNSHostName: " & $objItem.DNSHostName & @CRLF
      $strDNSServerSearchOrder = $objItem.DNSServerSearchOrder(0)
      $Output = $Output & "DNSServerSearchOrder: " & $strDNSServerSearchOrder & @CRLF
      $Output = $Output & "DomainDNSRegistrationEnabled: " & $objItem.DomainDNSRegistrationEnabled & @CRLF
      $Output = $Output & "ForwardBufferMemory: " & $objItem.ForwardBufferMemory & @CRLF
      $Output = $Output & "FullDNSRegistrationEnabled: " & $objItem.FullDNSRegistrationEnabled & @CRLF
      $strGatewayCostMetric = $objItem.GatewayCostMetric(0)
      $Output = $Output & "GatewayCostMetric: " & $strGatewayCostMetric & @CRLF
      $Output = $Output & "IGMPLevel: " & $objItem.IGMPLevel & @CRLF
      $Output = $Output & "Index: " & $objItem.Index & @CRLF
      $strIPAddress = $objItem.IPAddress(0)
      $Output = $Output & "IPAddress: " & $strIPAddress & @CRLF
      $Output = $Output & "IPConnectionMetric: " & $objItem.IPConnectionMetric & @CRLF
      $Output = $Output & "IPEnabled: " & $objItem.IPEnabled & @CRLF
      $Output = $Output & "IPFilterSecurityEnabled: " & $objItem.IPFilterSecurityEnabled & @CRLF
      $Output = $Output & "IPPortSecurityEnabled: " & $objItem.IPPortSecurityEnabled & @CRLF
      $strIPSecPermitIPProtocols = $objItem.IPSecPermitIPProtocols(0)
      $Output = $Output & "IPSecPermitIPProtocols: " & $strIPSecPermitIPProtocols & @CRLF
      $strIPSecPermitTCPPorts = $objItem.IPSecPermitTCPPorts(0)
      $Output = $Output & "IPSecPermitTCPPorts: " & $strIPSecPermitTCPPorts & @CRLF
      $strIPSecPermitUDPPorts = $objItem.IPSecPermitUDPPorts(0)
      $Output = $Output & "IPSecPermitUDPPorts: " & $strIPSecPermitUDPPorts & @CRLF
      $strIPSubnet = $objItem.IPSubnet(0)
      $Output = $Output & "IPSubnet: " & $strIPSubnet & @CRLF
      $Output = $Output & "IPUseZeroBroadcast: " & $objItem.IPUseZeroBroadcast & @CRLF
      $Output = $Output & "IPXAddress: " & $objItem.IPXAddress & @CRLF
      $Output = $Output & "IPXEnabled: " & $objItem.IPXEnabled & @CRLF
      $strIPXFrameType = $objItem.IPXFrameType(0)
      $Output = $Output & "IPXFrameType: " & $strIPXFrameType & @CRLF
      $Output = $Output & "IPXMediaType: " & $objItem.IPXMediaType & @CRLF
      $strIPXNetworkNumber = $objItem.IPXNetworkNumber(0)
      $Output = $Output & "IPXNetworkNumber: " & $strIPXNetworkNumber & @CRLF
      $Output = $Output & "IPXVirtualNetNumber: " & $objItem.IPXVirtualNetNumber & @CRLF
      $Output = $Output & "KeepAliveInterval: " & $objItem.KeepAliveInterval & @CRLF
      $Output = $Output & "KeepAliveTime: " & $objItem.KeepAliveTime & @CRLF
      $Output = $Output & "MACAddress: " & $objItem.MACAddress & @CRLF
      $Output = $Output & "MTU: " & $objItem.MTU & @CRLF
      $Output = $Output & "NumForwardPackets: " & $objItem.NumForwardPackets & @CRLF
      $Output = $Output & "PMTUBHDetectEnabled: " & $objItem.PMTUBHDetectEnabled & @CRLF
      $Output = $Output & "PMTUDiscoveryEnabled: " & $objItem.PMTUDiscoveryEnabled & @CRLF
      $Output = $Output & "ServiceName: " & $objItem.ServiceName & @CRLF
      $Output = $Output & "SettingID: " & $objItem.SettingID & @CRLF
      $Output = $Output & "TcpipNetbiosOptions: " & $objItem.TcpipNetbiosOptions & @CRLF
      $Output = $Output & "TcpMaxConnectRetransmissions: " & $objItem.TcpMaxConnectRetransmissions & @CRLF
      $Output = $Output & "TcpMaxDataRetransmissions: " & $objItem.TcpMaxDataRetransmissions & @CRLF
      $Output = $Output & "TcpNumConnections: " & $objItem.TcpNumConnections & @CRLF
      $Output = $Output & "TcpUseRFC1122UrgentPointer: " & $objItem.TcpUseRFC1122UrgentPointer & @CRLF
      $Output = $Output & "TcpWindowSize: " & $objItem.TcpWindowSize & @CRLF
      $Output = $Output & "WINSEnableLMHostsLookup: " & $objItem.WINSEnableLMHostsLookup & @CRLF
      $Output = $Output & "WINSHostLookupFile: " & $objItem.WINSHostLookupFile & @CRLF
      $Output = $Output & "WINSPrimaryServer: " & $objItem.WINSPrimaryServer & @CRLF
      $Output = $Output & "WINSScopeID: " & $objItem.WINSScopeID & @CRLF
      $Output = $Output & "WINSSecondaryServer: " & $objItem.WINSSecondaryServer & @CRLF
    ;  if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
        ConsoleWrite($Output)
        ConsoleWrite(@CR&@CR)
      ;$Output=""
   Next
Else
   Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NetworkAdapterConfiguration" )
Endif


Func WMIDateStringToDate($dtmDate)

    Return (StringMid($dtmDate, 5, 2) & "/" & _
    StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
    & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))
EndFunc

If you don't find in here, I doubt you will be able to retrieve it ?

regards

ptrex

Edited March 9, 2007 by ptrex

[ptrex]

@mis30tacos

Or maybe this might be even better.

; To determine the NetBIOS domain name, ComputerName, and UserName of the logged on user:

$WshNetwork = ObjCreate("WScript.Network")
Consolewrite ("Domain = " & $WshNetwork.UserDomain & @CR)
Consolewrite ("Computer Name = " & $WshNetwork.ComputerName & @CR)
Consolewrite ("User Name = " & $WshNetwork.UserName & @CR)

Enjoy !!

ptrex

[LoWang]

Hello people. I am searching for this kind of function, but the original NetBiosName3 from mis30tacos does not work for me - returns only something like this "14141414141414141414141". Ptrex your scripts are nice, but they work only for local pc. I would like to be able to check remote pc netbios name from ip address or dns hostname. Any ideas? Thank you

[water]

In the first script ptrex posted replace

$strComputer = "localhost"

with the computer you want to access.

[LoWang]

I forgot to mention that this script does not do what I want unfortunatelly. I don't see a way to get this info from WMI

Aha but maybe it should be possible with Win32_ComputerSystem classs and Name property! But from some reason replacing localhost with any other online host makes this line end with error

$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", _

$wbemFlagReturnImmediately + $wbemFlagForwardOnly)

because

$objWMIService = ObjGet("winmgmts:" & $strComputer & "rootCIMV2")

does not return an object...

Edited November 9, 2011 by LoWang