Radimus
(KiX Supporter)
2003-09-09 09:08 PM
capture net send messages

does anyone know how to do this sort of thing???

Mart
(KiX Supporter)
2003-09-09 09:33 PM
Re: capture net send messages

You mean like this http://www.codeproject.com/csharp/pacanal.asp ? Or just capture the text in it?

Haven't tried it yet but will do on our test network tomorrow at work.

[ 09. September 2003, 21:36: Message edited by: R2D2 ]

Kdyer
(KiX Supporter)
2003-09-09 09:34 PM
Re: capture net send messages

Rad,

You can always use ALT+PRTSCN or better yet - http://www.structurise.com/kleptomania (not free).

Kent

Les
(KiX Master)
2003-09-09 09:38 PM
Re: capture net send messages

Rad,
Maybe you should elaborate. I presume you want to use NetSend for inter-process communication. If so, maybe MSMQ is what you seek.

Radimus
(KiX Supporter)
2003-09-09 09:44 PM
Re: capture net send messages

basically I want to capture the text from a received net send message...

Howard Bullock
(KiX Supporter)
2003-09-09 09:47 PM
Re: capture net send messages

A simple Ctrl-C in W2K/XP will copy the text only to the clipboard.

Radimus
(KiX Supporter)
2003-09-09 09:50 PM
Re: capture net send messages

hmmm.... I think I can work that.

hehehehe

thanks

I tested:
quote:

---------------------------
Messenger Service
---------------------------
Message from WHEELERC to WHEELERC on 9/9/2003 3:57:44 PM

is howard full of shizit?
---------------------------
OK
---------------------------

Howard Bullock
(KiX Supporter)
2003-09-09 09:53 PM
Re: capture net send messages

Glad to be of assistance...seems like you were not initially a believer [Wink] That will teach you.

Radimus
(KiX Supporter)
2003-09-09 09:59 PM
Re: capture net send messages

ok.... Do you have a way of reading from the clipboard??

Radimus
(KiX Supporter)
2003-09-09 10:08 PM
Re: capture net send messages

apparently Setfocus can't find the messenger window...

Howard Bullock
(KiX Supporter)
2003-09-09 10:11 PM
Re: capture net send messages

Ctrl-V [Confused]

Radimus
(KiX Supporter)
2003-09-09 10:37 PM
Re: capture net send messages

I have some code to parse the output of a pasted 'message'

But I still can't get setfocus to connect and I can't think of a way to read the text without pasting it to a text doc.

code:
 
$text	= ReadFile($temp)
$header	= split($text[3])
for $l  = 5 to ubound($text) - 4
	$body = $body + @crlf + $text[$l]
	next
$from	= $header[2]
$to	= $header[4]
$date	= $header[6]
$time	= $header[7] + ' ' + $header[8]
$body	= substr($body,2)


Les
(KiX Master)
2003-09-09 10:59 PM
Re: capture net send messages

Seem to recall that AutoIT can read test on dialog boxes. There is a COMmable piece too.

Chris S.
(MM club member)
2003-09-10 12:30 AM
Re: capture net send messages

AutoITX can also manipulate the clipboard.

LonkeroAdministrator
(KiX Master Guru)
2003-09-10 12:50 AM
Re: capture net send messages

now, can't you just paste the text to form that like just flashes.
show form, do paste on textbox, hide form, read the text.

MightyR1
(MM club member)
2003-09-10 02:11 AM
Re: capture net send messages

Rad,

The info is also stored in the eventlog-system...
Look for "application popup"

Now how to read the systemlog???

{edit}

UDF --> http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=12;t=000270

[ 10. September 2003, 02:13: Message edited by: MightyR1 ]

MightyR1
(MM club member)
2003-09-10 02:25 AM
Re: capture net send messages

To get the last message (thanks Jens for the UDF):


Break on
$rc=SetOption(wrapateol,'on')
$events=Readeventlog('system',26)
$ = $events[0,9]
$

Exit 0

;FUNCTION      ReadEventlog()
;
;ACTION        Retrieves events from the eventlog
;
;AUTHOR        Jens Meyer
;
;VERSION       1.5
;
;KIXTART VER   4.20
;
;SYNTAX        RETCODE = READEVENTLOG(EVENTLOG, EVENTID, OPTIONAL COMPUTER, OPTIONAL DATETIME,
;                                     OPTIONAL USERNAME, OPTIONAL PASSWORD)
;
;PARAMETERS    EVENTLOG
;              Name of the eventlog, e.g. 'Security', 'System','Application'
;              Alternatively, a custom WQL query can be provided. Date fields in
;              a WQL query MUST be properly formatted as YYYY/MM/DD HH:MM:SS:000
;
;              EVENTID
;              Optional Event ID number to be retrieved
;
;              COMPUTER
;              optional name of a remote computer which eventlog is to be queried. If no
;              username/password is provided then the current users credentials will be
;              used to connect to the remote event log.
;
;              DATETIME
;              optional date/time string denoting the start date of the events in
;              the form of YYYY/MM/DD HH:MM:SS, YYY/MM/DD, or HH:MM:SS
;
;              USERNAME
;              optional username which will be used to connect to a remote computer
;
;              PASSWORD
;              optional password which will be used to connect to the remote computer
;
;RETURN        array of events or empty string
;
;REMARKS       returns a 2-dimensional array with the following columns. If custom WQL is
;              used, then the SELECT part of the custom WQL determines the field assignments.
;
;              Column  0 = Category
;              Column  1 = CategoryString
;              Column  2 = ComputerName
;              Column  3 = Data
;              Column  4 = EventCode
;              Column  5 = EventIdentifier
;              Column  6 = EventType
;              Column  7 = InsertionStrings
;              Column  8 = Logfile
;              Column  9 = Message
;              Column 10 = RecordNumber
;              Column 11 = Source Name
;              Column 12 = TimeGenerated
;              Column 13 = TimeWritten
;              Column 14 = Type
;              Column 15 = User
;
;DEPENDENCIES  WMI
;
;EXAMPLE       $events = ReadEventlog('Security',528)
;              $events = ReadEventlog('Security',528,,'COMPUTER')
;              $events = ReadEventlog('Security',528,'2002/09/01 00:00:00','COMPUTER','Administrator','password')
;              $events = ReadEventlog('SELECT TimeGenerated, User FROM Win32_NTLogEvent
;                                      WHERE Logfile="Security" AND EventCode=528 AND
;                                      TimeGenerated>="2002/09/01 00:00:00:000"'
;
;KIXTART BBS   http://www.kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=12&t=000270
;
Function ReadEventlog($eventlogoptional $eventidoptional $computeroptional $datetimeoptional $usernameoptional $Password)
  Dim $objLocator$objWBEM$objWMIResults$namespace$objWMIResultsCopy
  Dim $event$item$wqlQuery$eventarray$itemname$itemvalue
  Dim $customwql$customfields$field
  Dim $rownumber$arrayrows$arraycolumns$columnnumber
  Dim $byte$datastring$date$time$querydate$querytime$timezone
  Dim $objWMIService$colItems$objItem

  $namespace = 'root\CIMV2'
  $arrayrows=50

  If Trim($eventlog)=''
    Exit 87
  EndIf

  ; check to see whether we're connecting to a local or remote eventlog
  $computer=Trim($computer)
  Select
  Case $computer=@WKSTA
    $computer='.'
  Case $computer
  Case 1
    $computer='.'
  EndSelect

  If $username AND $computer<>'.'
    ; create locator object for connection to a remote computer
    $objLocator = CreateObject('WbemScripting.SWbemLocator')
    If @ERROR
      Exit @ERROR
    EndIf
    ; create a (credentialed, if username/password provided) connection to a remote computer
    $objWBEM=$objLocator.ConnectServer($computer,$namespace,$username,$Password)
    If @ERROR
      Exit @ERROR
    EndIf
    ; set the impersonation level
    $objWBEM.Security_.ImpersonationLevel = 3
    If @ERROR
      Exit @ERROR
    EndIf
  Else
    ;set the impersonation level and make sure we have security permissions
    If $eventlog='Security' OR (Left($eventlog,6)='select' AND InStr($eventlog,'Security') AND InStr($eventlog,'Logfile'))
      $objWBEM=GetObject('winmgmts:{impersonationLevel=impersonate, (Security)}!\\'+$computer+'\'+$namespace)
    Else
      $objWBEM=GetObject('winmgmts:{impersonationLevel=impersonate}!\\'+$computer+'\'+$namespace)
    EndIf
    If @ERROR
      Exit @ERROR
    EndIf
  EndIf

  ; check to see whether we're looking for an event ID or if there's a custom query
  If Left($eventlog,6)='select'
    $wqlquery=$eventlog
    $arraycolumns=Trim(SubStr($wqlquery,InStr($wqlquery,' ')+1,InStr($wqlquery,'FROM')-InStr($wqlquery,' ')-2))
    If InStr($arraycolumns,'*')
      $arraycolumns=16
      $customwql=0
    Else
      $customfields=Split(Trim($arraycolumns),',')
      For $arraycolumns=0 to Ubound($customfields)
        $customfields[$arraycolumns]=Trim($customfields[$arraycolumns])
      Next
      $arraycolumns=Ubound($customfields)+1
      $customwql=1
    EndIf
  Else
    $customwql=0
    $arraycolumns=16
    $eventid=Val($eventid)
    $wqlQuery="SELECT * FROM Win32_NTLogEvent WHERE Logfile='"+$eventlog+"' AND EventCode="+Val($eventID)

    If $datetime
      $colItems = $objWBEM.ExecQuery('Select CurrentTimeZone from Win32_ComputerSystem')
      If @ERROR
        Exit @ERROR
      EndIf

      For Each $objItem In $colItems
        $timezone = $objItem.CurrentTimeZone
      Next

      $objWMIService = 0
      $colItems = 0
      $objItem = 0

      $datetime=Trim($datetime)

      Select
      Case InStr($datetime,' ')
        $date=Left($datetime,InStr($datetime,' ')-1)
        $time=SubStr($datetime,InStr($datetime,' ')+1)
      Case InStr($datetime,'/')
        $date=$datetime
        $time='00:00:00'
      Case InStr($datetime,':')
        $date=@DATE
        $time=$datetime
      Case 1
        $date=@DATE
        $time=@TIME
      EndSelect
      If $date AND $time
        $datetime=Join(Split($date,'/'),'')+Join(Split($time,':'),'')+'.000000'+$timezone
      Else
        $datetime=''
      EndIf

      $wqlQuery=$wqlQuery+' AND TimeGenerated>="'+$datetime+'"'
    EndIf
  EndIf

  $objWMIResults = $objWBEM.ExecQuery($wqlQuery,'WQL',48)
  If @ERROR
    Exit @ERROR
  EndIf

  $rownumber = 0
  $columnnumber = 0

  For Each $event In $objWMIResults
    If $rownumber mod $arrayrows = 0
      ReDim preserve $eventarray[$rownumber+$arrayrows]
    EndIf
    $eventarray[$rownumber]=$event.Properties_
    $rownumber=$rownumber+1
  Next
  If $rownumber
    ReDim preserve $eventarray[$rownumber-1]
  Else
    $ReadEventlog=''
    Return
  EndIf

  ReDim $readeventlog[$rownumber-1,$arraycolumns-1]
  $rownumber=0
  For Each $event In $eventarray
    $columnnumber = 0
    For Each $item In $event
      $itemname=$item.name
      $itemvalue=$item.value
      If $customwql=0 OR AScan($customfields,$itemname)+1
        Select
        Case $itemname='Data'
          $datastring=''
          For Each $byte In $item.value
            If $byte=0
              $byte=46
            EndIf
            $datastring=$datastring+Chr($byte)
          Next
          $readeventlog[$rownumber,$columnnumber]=$datastring
        Case $itemname='InsertionStrings'
          $readeventlog[$rownumber,$columnnumber]=Join($itemValue,@CRLF)
        Case $itemname='TimeGenerated' OR $itemName='TimeWritten'
          $time=Left($itemValue,4)+'/'+SubStr($itemValue,5,2)+'/'+SubStr($itemValue,7,2)+' '
          $time=$time+SubStr($itemValue,9,2)+':'+SubStr($itemValue,11,2)+':'+SubStr($itemValue,13,2)
          $readeventlog[$rownumber,$columnnumber]=$time
        Case 1
          $readeventlog[$rownumber,$columnnumber]=$itemValue
        EndSelect
        $columnnumber=$columnnumber+1
      EndIf
    Next
    $rownumber=$rownumber+1
  Next

  $objWMIResults = 0
  $objWBEM = 0
  $objLocator = 0

  Exit 0

EndFunction


{edit}

Apolagies for the long lines...

[ 26. September 2003, 07:28: Message edited by: MightyR1 ]

LonkeroAdministrator
(KiX Master Guru)
2003-09-10 02:39 AM
Re: capture net send messages

pat, did you manually screw up the font-color or what?

Radimus
(KiX Supporter)
2003-09-10 05:56 AM
Re: capture net send messages

I didn't want to use any other utils, but the autoitx.dll does it perfectly...

Please stand by... [Big Grin]

Radimus
(KiX Supporter)
2003-09-10 06:22 AM
Re: capture net send messages

code:
 
break on
;$=setconsole("minimize")

$autoIt=CreateObject("AutoItX.Control")

do 
	if $AutoIt.IfWinExist("Messenger Service", "")
		$=$AutoIt.WinActivate("Messenger Service", "")
		$=$AutoIt.Send("^c")
		$=$AutoIt.WinClose("Messenger Service", "")
		$Paste=$AutoIt.ClipGet()
		$text=split($paste,@crlf)
		$header	= split($text[3])
		$body	= ''
		for $l  = 5 to ubound($text) - 4
			$body = $body + @crlf + $text[$l]
			next
		$from	= $header[2]
		$to	= $header[4]
		$date	= $header[6]
		$time	= $header[7] + ' ' + $header[8]
		$body	= substr($body,3)
? $from
? $body
? '----'
		endif
	sleep 1
	until @error


MightyR1
(MM club member)
2003-09-10 07:29 AM
Re: capture net send messages

Rad,

tested mine??

Lonk,

nope, did not screw it up, was surprised myself... Any ideas?

JochenAdministrator
(KiX Supporter)
2003-09-10 08:56 AM
Re: capture net send messages

Whoa Patrick !

I was blind for about half an hour [Eek!]

Is this PostPrep'd ?
please check line 633 (depending on your version) in the source code to match this:


$o="<hr>"+$x[0]+"<span style='font-family:Courier New;font-size:13;color:#"+$b[6]+";background:transparent'>"+$d[6][0]

JochenAdministrator
(KiX Supporter)
2003-09-10 09:00 AM
Re: capture net send messages

hmmm ...

obviously PostPrep is not responsible for it ...
Looking at the source of this post there is this statement right before the postprep'd part starts :

fieldset style='background:#66FFFF;'

LonkeroAdministrator
(KiX Master Guru)
2003-09-11 12:02 AM
Re: capture net send messages

responsible of what?
pat, do you use your own modded version of 1.0.2?
if yes, the font-color is correct [Wink]
it's a bug in 1.0.2

MightyR1
(MM club member)
2003-09-10 06:38 PM
Re: capture net send messages

Jochen/Jooel

I indeed used a modded version of postprep1.0.2... Wanted a nice box around the code too.

So is it a bug or a 'behaviour by design'? [Wink] Is there a workaround???

If not I'll wait for the next release of Postprep.

LonkeroAdministrator
(KiX Master Guru)
2003-09-10 07:36 PM
Re: capture net send messages

dunno when that will happen.
1.1.0 has been on the table from the day 1.0.2 came avail.
well, at least almost

the engine for it has been ready for while but...
think we are gonna start to wait for 1.0.3 which is has just slight updates to 1.0.2