public static Address Probe(IPAddress address)
{
log.DebugFormat("Probing address {0}", address.ToString());
// this is the list of users found on that ip address
Address result = new Address();
{
result.IP = address;
}
// issue WMI request to the remote IP
ManagementScope scope = new ManagementScope(@"\\" + address.ToString() + @"\root\cimv2");
ObjectQuery query = new ObjectQuery("select * from win32_process");
log.DebugFormat("Creating management searcher with scope {0}, query {1}", scope.Path, query.QueryString);
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
{
foreach (ManagementObject mo in searcher.Get())
{
string processName = mo["name"].ToString();
if (!processName.EndsWith("explorer.exe"))
{
continue;
}
User user = Prober.ConstructUser(mo);
{
// for debug
user.DebugProbedIpAddress = address.ToString();
// log it
log.DebugFormat("Found user {0}\\{1} in process {2}", user.Domain, user.Name, user.DebugProbedProcessPath);
}
result.Users.Add(user);
}
}
// log it again
log.DebugFormat("Address {0} probed successfully, found {1} users.", address.ToString(), result.Users.Count);
// and return nicely
return(result);
}
private void HandleLogonEvent(EventLogEntry entry)
{
// get the activity
LoggedOn activity = new LoggedOn();
{
var parser = new ActivityParser();
{
if (!parser.ParseLogon(entry, activity))
{
return;
}
}
}
// local activities are not interesting
if (activity.Local)
{
return;
}
// when there is a logon, we *always* do probing
Address address = Prober.Probe(activity.Network_Address);
if (address != null)
{
// we probed successfully, update the storage
_storage.Insert(address);
}
// and trace it
Trace.TraceInformation(
"Updater - processed logon activity of {0}\\{1} on {2}",
activity.Account_Domain,
activity.Account_Name,
activity.Network_Address
);
}
public static List <Address> Probe(Workstation workstation)
{
// this is the result
List <Address> result = new List <Address>();
try
{
log.DebugFormat("Resolving workstation {0}", workstation.DnsHostName);
// get host entry (this clears DNS cache in .net too)
var hostenry = Dns.GetHostEntry(workstation.DnsHostName);
// get addresses
var addresses = hostenry.AddressList;
{
log.DebugFormat("Workstation {0} was resolved into {1} IP addresses", workstation.DnsHostName, addresses.Length);
foreach (IPAddress ip in addresses)
{
log.DebugFormat("Workstation {0} has address {1}", workstation.DnsHostName, ip.ToString());
}
}
// resolve the workstation name, get all addresses from it
foreach (IPAddress ip in addresses)
{
Address address = Prober.Probe(ip);
if (address.Users.Count == 0)
{
// log it
log.DebugFormat("Probing of address {0} for workstation {1} indicated the number of logged in users are 0, skipping it.", ip.ToString(), workstation.DnsHostName);
// there are no one logged on on that IP, skip it then
continue;;
}
// debug check we have filled in the address itself
Debug.Assert(address.IP == ip);
Debug.Assert(address.Users.Count > 0);
// assign some other fields for reference
address.DistinguishedName = workstation.DistinguishedName;
address.CommonName = workstation.CommonName;
address.DnsHostName = workstation.DnsHostName;
address.LastLogon = workstation.LastLogon;
address.Name = workstation.Name;
// log it
log.DebugFormat("Address {0} was probed successfully, {1} users found. Adding it to the storage.", ip.ToString(), address.Users.Count);
// and add this address
result.Add(address);
}
}
catch (Exception e)
{
log.WarnFormat("Probe failed for workstation {0}. Error: {1}", workstation.DnsHostName, e.Message);
}
// and return (possibly empty) list
return(result);
}
