JMC31337 Posted September 7, 2021 Share Posted September 7, 2021 (edited) This can be used to monitor any user login sessions that transpire on a Server or Standalone system using services API call (yes this could probably be coded as an ACTUAL service but that's left for another day) Compile and run (I've tested this on a basic user account with no ACL except their own profile folder ACLs and it gathers all logged in users maintaining an array and comparing it against the total number of logged in sessions) Note: various source codes were changed around I just don't remember all the sites i used to put this together There is an embedded smtp mailer that will connect to zoho (for this example) along with a way to email the alerts to a phone number for smtp->text youll need to find your cell phone carriers smtp and find an email service that allows smtp IMAP connections using System; using System.Collections.Generic; using System.Linq; using System.Windows.Forms; using System.Net.Mail; using System.Runtime.InteropServices; namespace SmtpWatch { static class Program { public const int WTS_CURRENT_SERVER_HANDLE = 0; public const int WTS_CURRENT_SESSION = -1; [DllImport("WTSApi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern bool WTSSendMessage(IntPtr hServer, int SessionId, string pTitle, int TitleLength, string pMessage, int MessageLength, int Style, int Timeout, out int pResponse, Boolean bWait); [DllImport("WTSApi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern bool WTSEnumerateSessions(IntPtr hServer, int Reserved, int Version, out IntPtr ppSessionInfo, out int pCount); [DllImport("WTSApi32.dll", SetLastError = true, CharSet = CharSet.Auto)] public static extern void WTSFreeMemory(IntPtr pMemory); [DllImport("WTSApi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern bool WTSQuerySessionInformation(IntPtr hServer, int SessionId, WTS_INFO_CLASS WTSInfoClass, out IntPtr ppBuffer, out uint BytesReturned); public enum WTS_INFO_CLASS { WTSInitialProgram, WTSApplicationName, WTSWorkingDirectory, WTSOEMId, WTSSessionId, WTSUserName, WTSWinStationName, WTSDomainName, WTSConnectState, WTSClientBuildNumber, WTSClientName, WTSClientDirectory, WTSClientProductId, WTSClientHardwareId, WTSClientAddress, WTSClientDisplay, WTSClientProtocolType, WTSIdleTime, WTSLogonTime, WTSIncomingBytes, WTSOutgoingBytes, WTSIncomingFrames, WTSOutgoingFrames, WTSClientInfo, WTSSessionInfo, WTSSessionInfoEx, WTSConfigInfo, WTSValidationInfo, WTSSessionAddressV4, WTSIsRemoteSession } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct WTS_SESSION_INFO { public int SessionId; // session id public string pWinStationName; // name of WinStation this session is connected to public WTS_CONNECTSTATE_CLASS State; // connection state (see enum) } public enum WTS_CONNECTSTATE_CLASS { WTSActive, // User logged on to WinStation WTSConnected, // WinStation connected to client WTSConnectQuery, // In the process of connecting to client WTSShadow, // Shadowing another WinStation WTSDisconnected, // WinStation logged on without client WTSIdle, // Waiting for client to connect WTSListen, // WinStation is listening for connection WTSReset, // WinStation is being reset WTSDown, // WinStation is down due to error WTSInit, // WinStation in initialization } public static string[] sysun; public static string allsysun = ""; //============================================================== [STAThread] static void Main() { usermanip(0); MessageBox.Show("CURRENT LOGGED IN USERS: " + allsysun); string emallsysun = "CURRENT LOGGED IN USERS: " + allsysun; sendmail(emallsysun); while (true) { //check for new logons usermanip(1); allsysun = ""; } } //============================================================== //============================================================== static void sendmail(string str) { try { MailMessage mail = new MailMessage(); SmtpClient SmtpServer = new SmtpClient("smtp.zoho.com"); mail.From = new MailAddress("xxxxxxx@zohomail.com"); mail.To.Add("XXXXXXXXXXX@tmomail.net"); mail.Subject = "SYSTEM ACTIVITY (USERS)"; mail.Body = str; SmtpServer.Port = 587; SmtpServer.Credentials = new System.Net.NetworkCredential("jmc31337", "XXXXXXXXXXXXXXXX"); SmtpServer.EnableSsl = true; SmtpServer.Send(mail); } catch (Exception) { MessageBox.Show("SendMail Error Occurred"); } } //============================================================== //============================================================== static void usermanip(int softplc) { IntPtr pSessions = IntPtr.Zero; int nSessions; if(WTSEnumerateSessions((IntPtr)WTS_CURRENT_SERVER_HANDLE, 0, 1, out pSessions, out nSessions)) { int nDataSize = Marshal.SizeOf(typeof(WTS_SESSION_INFO)); IntPtr pCurrentSession = pSessions; if(sysun == null) { Array.Resize(ref sysun,nSessions); softplc = 0; } for (int Index = 0; Index < nSessions; Index++) { WTS_SESSION_INFO si = (WTS_SESSION_INFO)Marshal.PtrToStructure(pCurrentSession, typeof(WTS_SESSION_INFO)); uint nBytesReturned = 0; IntPtr pUserName = IntPtr.Zero; bool bRet = WTSQuerySessionInformation((IntPtr)WTS_CURRENT_SERVER_HANDLE, si.SessionId, WTS_INFO_CLASS.WTSUserName, out pUserName, out nBytesReturned); string sUserName = Marshal.PtrToStringUni(pUserName); //Console.WriteLine("User Name: {0}", sUserName); if(softplc == 0) { sysun[Index] = sUserName; allsysun += sUserName + " "; } if(sysun.Length > nSessions) { Index = 0; sysun = null; break; } if(sysun.Length < nSessions && !sysun.Contains(sUserName)) { if (sUserName != null) { //sysun[Index] = sUserName; string usrmail = sUserName; usrmail += " (LOGGED ON)"; MessageBox.Show(sUserName + " LOGGED ON"); //DING! sendmail(usrmail); sysun = null; break; } } pCurrentSession += nDataSize; } WTSFreeMemory(pSessions); } } //============================================================== //============================================================== } } --just found out coding all that in the STATHREAD section of the .net app keeps the winapp icon from appearing in taskbar and alt-tab app switcher (couldnt find the shrugger emoji) thnx for the thnx Edited September 7, 2021 by JMC31337 1 Link to comment Share on other sites More sharing options...
whoknows Posted September 7, 2021 Share Posted September 7, 2021 https://github.com/evandroabukamel/sill2-client/blob/master/sill2-client/sill2-client/WindowsSession.cs //use of : WindowsSession session = new WindowsSession(); session.StateChanged += new EventHandler<SessionSwitchEventArgs>(session_StateChanged); internal void session_StateChanged(object sender, SessionSwitchEventArgs e) { write_log(string.Format("State: {0}\t\tTime: {1} ", e.Reason, DateTime.Now)); } Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now