#92795 - 2003-09-09 09:08 PM
capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
does anyone know how to do this sort of thing???
Top
#92797 - 2003-09-09 09:34 PM
Re: capture net send messages
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
Rad, You can always use ALT+PRTSCN or better yet - http://www.structurise.com/kleptomania (not free). Kent
Top
#92799 - 2003-09-09 09:44 PM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
basically I want to capture the text from a received net send message...
Top
#92800 - 2003-09-09 09:47 PM
Re: capture net send messages
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
A simple Ctrl-C in W2K/XP will copy the text only to the clipboard.
Top
#92801 - 2003-09-09 09:50 PM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
hmmm.... I think I can work that. hehehehe thanks I tested: quote: --------------------------- Messenger Service --------------------------- Message from WHEELERC to WHEELERC on 9/9/2003 3:57:44 PM is howard full of shizit? --------------------------- OK ---------------------------
Top
#92802 - 2003-09-09 09:53 PM
Re: capture net send messages
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Glad to be of assistance...seems like you were not initially a believer That will teach you.
Top
#92803 - 2003-09-09 09:59 PM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
ok.... Do you have a way of reading from the clipboard??
Top
#92804 - 2003-09-09 10:08 PM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
apparently Setfocus can't find the messenger window...
Top
#92805 - 2003-09-09 10:11 PM
Re: capture net send messages
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Ctrl-V
Top
#92806 - 2003-09-09 10:37 PM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I have some code to parse the output of a pasted 'message' But I still can't get setfocus to connect and I can't think of a way to read the text without pasting it to a text doc. code: $text = ReadFile($temp) $header = split($text[3]) for $l = 5 to ubound($text) - 4 $body = $body + @crlf + $text[$l] next $from = $header[2] $to = $header[4] $date = $header[6] $time = $header[7] + ' ' + $header[8] $body = substr($body,2)
Top
#92811 - 2003-09-10 02:25 AM
Re: capture net send messages
MightyR1
MM club member
Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
To get the last message (thanks Jens for the UDF):Break on $rc =SetOption (wrapateol ,'on' )$events =Readeventlog ('system' ,26 )$ = $events [0 ,9 ] ? $ Exit 0 ;FUNCTION ReadEventlog() ; ;ACTION Retrieves events from the eventlog ; ;AUTHOR Jens Meyer ; ;VERSION 1.5 ; ;KIXTART VER 4.20 ; ;SYNTAX RETCODE = READEVENTLOG(EVENTLOG, EVENTID, OPTIONAL COMPUTER, OPTIONAL DATETIME, ; OPTIONAL USERNAME, OPTIONAL PASSWORD) ; ;PARAMETERS EVENTLOG ; Name of the eventlog, e.g. 'Security', 'System','Application' ; Alternatively, a custom WQL query can be provided. Date fields in ; a WQL query MUST be properly formatted as YYYY/MM/DD HH:MM:SS:000 ; ; EVENTID ; Optional Event ID number to be retrieved ; ; COMPUTER ; optional name of a remote computer which eventlog is to be queried. If no ; username/password is provided then the current users credentials will be ; used to connect to the remote event log. ; ; DATETIME ; optional date/time string denoting the start date of the events in ; the form of YYYY/MM/DD HH:MM:SS, YYY/MM/DD, or HH:MM:SS ; ; USERNAME ; optional username which will be used to connect to a remote computer ; ; PASSWORD ; optional password which will be used to connect to the remote computer ; ;RETURN array of events or empty string ; ;REMARKS returns a 2-dimensional array with the following columns. If custom WQL is ; used, then the SELECT part of the custom WQL determines the field assignments. ; ; Column 0 = Category ; Column 1 = CategoryString ; Column 2 = ComputerName ; Column 3 = Data ; Column 4 = EventCode ; Column 5 = EventIdentifier ; Column 6 = EventType ; Column 7 = InsertionStrings ; Column 8 = Logfile ; Column 9 = Message ; Column 10 = RecordNumber ; Column 11 = Source Name ; Column 12 = TimeGenerated ; Column 13 = TimeWritten ; Column 14 = Type ; Column 15 = User ; ;DEPENDENCIES WMI ; ;EXAMPLE $events = ReadEventlog('Security',528) ; $events = ReadEventlog('Security',528,,'COMPUTER') ; $events = ReadEventlog('Security',528,'2002/09/01 00:00:00','COMPUTER','Administrator','password') ; $events = ReadEventlog('SELECT TimeGenerated, User FROM Win32_NTLogEvent ; WHERE Logfile="Security" AND EventCode=528 AND ; TimeGenerated>="2002/09/01 00:00:00:000"' ; ;KIXTART BBS http:// www .kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=12&t=000270 ; Function ReadEventlog ($eventlog , optional $eventid , optional $computer , optional $datetime , optional $username , optional $Password ) Dim $objLocator , $objWBEM , $objWMIResults , $namespace , $objWMIResultsCopy Dim $event , $item , $wqlQuery , $eventarray , $itemname , $itemvalue Dim $customwql , $customfields , $field Dim $rownumber , $arrayrows , $arraycolumns , $columnnumber Dim $byte , $datastring , $date , $time , $querydate , $querytime , $timezone Dim $objWMIService , $colItems , $objItem $namespace = 'root\CIMV2' $arrayrows =50 If Trim ($eventlog )='' Exit 87 EndIf ; check to see whether we're connecting to a local or remote eventlog $computer =Trim ($computer ) Select Case $computer =@WKSTA $computer ='.' Case $computer Case 1 $computer ='.' EndSelect If $username AND $computer < >'.' ; create locator object for connection to a remote computer $objLocator = CreateObject ('WbemScripting.SWbemLocator' ) If @ERROR Exit @ERROR EndIf ; create a (credentialed, if username/password provided) connection to a remote computer $objWBEM =$objLocator.ConnectServer ($computer ,$namespace ,$username ,$Password ) If @ERROR Exit @ERROR EndIf ; set the impersonation level $objWBEM.Security_.ImpersonationLevel = 3 If @ERROR Exit @ERROR EndIf Else ;set the impersonation level and make sure we have security permissions If $eventlog ='Security' OR (Left ($eventlog ,6 )='select' AND InStr ($eventlog ,'Security' ) AND InStr ($eventlog ,'Logfile' )) $objWBEM =GetObject ('winmgmts:{impersonationLevel=impersonate, (Security)}!\\' +$computer +'\' +$namespace ) Else $objWBEM =GetObject ('winmgmts:{impersonationLevel=impersonate}!\\' +$computer +'\' +$namespace ) EndIf If @ERROR Exit @ERROR EndIf EndIf ; check to see whether we're looking for an event ID or if there's a custom query If Left ($eventlog ,6 )='select' $wqlquery =$eventlog $arraycolumns =Trim (SubStr ($wqlquery ,InStr ($wqlquery ,' ' )+1 ,InStr ($wqlquery ,'FROM' )-InStr ($wqlquery ,' ' )-2 )) If InStr ($arraycolumns ,'*' ) $arraycolumns =16 $customwql =0 Else $customfields =Split (Trim ($arraycolumns ),',' ) For $arraycolumns =0 to Ubound ($customfields ) $customfields [$arraycolumns ]=Trim ($customfields [$arraycolumns ]) Next $arraycolumns =Ubound ($customfields )+1 $customwql =1 EndIf Else $customwql =0 $arraycolumns =16 $eventid =Val ($eventid ) $wqlQuery ="SELECT * FROM Win32_NTLogEvent WHERE Logfile='" +$eventlog +"' AND EventCode=" +Val ($eventID ) If $datetime $colItems = $objWBEM.ExecQuery ('Select CurrentTimeZone from Win32_ComputerSystem' ) If @ERROR Exit @ERROR EndIf For Each $objItem In $colItems $timezone = $objItem.CurrentTimeZone Next $objWMIService = 0 $colItems = 0 $objItem = 0 $datetime =Trim ($datetime ) Select Case InStr ($datetime ,' ' ) $date =Left ($datetime ,InStr ($datetime ,' ' )-1 ) $time =SubStr ($datetime ,InStr ($datetime ,' ' )+1 ) Case InStr ($datetime ,'/' ) $date =$datetime $time ='00:00:00' Case InStr ($datetime ,':' ) $date =@DATE $time =$datetime Case 1 $date =@DATE $time =@TIME EndSelect If $date AND $time $datetime =Join (Split ($date ,'/' ),'' )+Join (Split ($time ,':' ),'' )+'.000000' +$timezone Else $datetime ='' EndIf $wqlQuery =$wqlQuery +' AND TimeGenerated>="' +$datetime +'"' EndIf EndIf $objWMIResults = $objWBEM.ExecQuery ($wqlQuery ,'WQL' ,48 ) If @ERROR Exit @ERROR EndIf $rownumber = 0 $columnnumber = 0 For Each $event In $objWMIResults If $rownumber mod $arrayrows = 0 ReDim preserve $eventarray [$rownumber +$arrayrows ] EndIf $eventarray [$rownumber ]=$event.Properties_ $rownumber =$rownumber +1 Next If $rownumber ReDim preserve $eventarray [$rownumber -1 ] Else $ReadEventlog ='' Return EndIf ReDim $readeventlog [$rownumber -1 ,$arraycolumns -1 ] $rownumber =0 For Each $event In $eventarray $columnnumber = 0 For Each $item In $event $itemname =$item.name $itemvalue =$item.value If $customwql =0 OR AScan ($customfields ,$itemname )+1 Select Case $itemname ='Data' $datastring ='' For Each $byte In $item.value If $byte =0 $byte =46 EndIf $datastring =$datastring +Chr ($byte ) Next $readeventlog [$rownumber ,$columnnumber ]=$datastring Case $itemname ='InsertionStrings' $readeventlog [$rownumber ,$columnnumber ]=Join ($itemValue ,@CRLF ) Case $itemname ='TimeGenerated' OR $itemName ='TimeWritten' $time =Left ($itemValue ,4 )+'/' +SubStr ($itemValue ,5 ,2 )+'/' +SubStr ($itemValue ,7 ,2 )+' ' $time =$time +SubStr ($itemValue ,9 ,2 )+':' +SubStr ($itemValue ,11 ,2 )+':' +SubStr ($itemValue ,13 ,2 ) $readeventlog [$rownumber ,$columnnumber ]=$time Case 1 $readeventlog [$rownumber ,$columnnumber ]=$itemValue EndSelect $columnnumber =$columnnumber +1 EndIf Next $rownumber =$rownumber +1 Next $objWMIResults = 0 $objWBEM = 0 $objLocator = 0 Exit 0 EndFunction {edit} Apolagies for the long lines... [ 26. September 2003, 07:28: Message edited by: MightyR1 ]
_________________________
Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top
#92813 - 2003-09-10 05:56 AM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I didn't want to use any other utils, but the autoitx.dll does it perfectly... Please stand by...
Top
#92814 - 2003-09-10 06:22 AM
Re: capture net send messages
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
code: break on ;$=setconsole("minimize") $autoIt=CreateObject("AutoItX.Control") do if $AutoIt.IfWinExist("Messenger Service", "") $=$AutoIt.WinActivate("Messenger Service", "") $=$AutoIt.Send("^c") $=$AutoIt.WinClose("Messenger Service", "") $Paste=$AutoIt.ClipGet() $text=split($paste,@crlf) $header = split($text[3]) $body = '' for $l = 5 to ubound($text) - 4 $body = $body + @crlf + $text[$l] next $from = $header[2] $to = $header[4] $date = $header[6] $time = $header[7] + ' ' + $header[8] $body = substr($body,3) ? $from ? $body ? '----' endif sleep 1 until @error
Top
Moderator: Shawn , ShaneEP , Ruud van Velsen , Arend_ , Jochen , Radimus , Glenn Barnas , Allen , Mart
0 registered
and 259 anonymous users online.