This question tells me how to detect a remote desktop session.
Do anybody know if it's possible to find out from where the remote connection was initialized?
-Vegar
+2
A:
Since it's in windows use netstat to check which machines you are connected to and on which ports and just parse out the address for the one that uses the port that remote desktop uses.
AFK
2010-03-17 10:20:50
And since remote desktop always uses port 3389, this will work. Thanks!
Vegar
2010-03-17 11:51:06
This would only work if you have a single remote connection else you cannot see which sessions connects to which remote machine.
Ritsaert Hornstra
2010-03-17 13:26:58
Is the output of `netstat` affected by the current locale? That can make string parsing *much* more complicated. Prefer an API solution over one that relies on external programs and variable output formats.
Rob Kennedy
2010-03-17 14:31:58
yea, I agree it's a nasty a solution, but it's a fast one.
AFK
2010-03-17 21:01:03
remote desktop doesn't always use port 3389, this can be user defined, and often is for security if a vpn isn't being used
MarkRobinson
2010-03-19 10:01:01
+3
A:
@Vegar, you can use the WTSEnumerateSessions and WTSQuerySessionInformation functions to retrieve this info.
check this link for an example using the Jedi Api Headers.
check this code.
program ProjectTsInfo;
{$APPTYPE CONSOLE}
Uses
Windows,
JwaWinType,
JwaWtsApi32,
JwaWinsock2,
SysUtils,
TypInfo;
type
PWtsSessionInfoAArray = ^TWtsSessionInfoAArray;
TWtsSessionInfoAArray = array[0..ANYSIZE_ARRAY-1] of WTS_SESSION_INFOA;
//Get the info for all clients connected
procedure GetAll_TSClientsInfo;
var
SessionInfoAArray: PWtsSessionInfoAArray;
ClientAddr : PWtsClientAddress;
ClientName : PAnsiChar;
//ClientInfo : PWTSCLIENT;
RetBytes : Cardinal;
IPAddr : String;
i : integer;
pCount : Cardinal;
SessionId : Cardinal;
begin
if WtsEnumerateSessions(WTS_CURRENT_SERVER, 0, 1, PWTS_SESSION_INFO(SessionInfoAArray), pCount) then
begin
for i := 0 to pCount - 1 do
begin
SessionId:=SessionInfoAArray^[i].SessionId;
WTSQuerySessionInformation(WTS_CURRENT_SERVER, SessionId, WTSClientAddress, Pointer(ClientAddr), RetBytes);
WTSQuerySessionInformation(WTS_CURRENT_SERVER, SessionId, WTSClientName, Pointer(ClientName), RetBytes);
//WTSQuerySessionInformation(WTS_CURRENT_SERVER, SessionId, WTSClientInfo, Pointer(ClientInfo), RetBytes); //This value is supported for Windows Server 2008 and Windows Vista with SP1.
try
case ClientAddr^.AddressFamily of
AF_INET:
IPAddr:= Format('%d.%d.%d.%d', [
ClientAddr^.Address[2],
ClientAddr^.Address[3],
ClientAddr^.Address[4],
ClientAddr^.Address[5]
]);
else
IPAddr:= '<unknow>';
end;
WriteLn(Format('Session Id : %d ', [SessionId]));
WriteLn(Format('Client Name : %s ', [ClientName]));
WriteLn(Format('Station Name: %s ', [SessionInfoAArray^[i].pWinStationName]));
WriteLn(Format('State : %s ', [GetEnumName(TypeInfo(WTS_CONNECTSTATE_CLASS),integer(SessionInfoAArray^[i].State))]));
WriteLn(Format('IP : %s ', [IPAddr]));
//supported for Windows Server 2008 and Windows Vista with SP1.
{
WriteLn(Format('ClientName : %s ', [ClientInfo^.ClientName]));
WriteLn(Format('Domain : %s ', [ClientInfo^.Domain]));
WriteLn(Format('UserName : %s ', [ClientInfo^.UserName]));
WriteLn(Format('WorkDirectory : %s ', [ClientInfo^.WorkDirectory]));
WriteLn(Format('InitialProgram : %s ', [ClientInfo^.InitialProgram]));
WriteLn(Format('EncryptionLevel : %d ', [ClientInfo^.EncryptionLevel]));
WriteLn(Format('HRes : %d ', [ClientInfo^.HRes]));
WriteLn(Format('VRes : %d ', [ClientInfo^.VRes]));
WriteLn(Format('ColorDepth : %d ', [ClientInfo^.ColorDepth]));
WriteLn(Format('ClientDirectory : %s ', [ClientInfo^.ClientDirectory]));
}
Writeln('');
finally
WTSFreeMemory(ClientAddr);
WTSFreeMemory(ClientName);
end;
end;
end;
WtsFreeMemory(SessionInfoAArray);
end;
//Get the ip address of the actual connected client
function GetIpActualClient : string;
var
ClientAddr : PWtsClientAddress;
RetBytes : Cardinal;
IPAddr : String;
SessionId : Cardinal;
begin
SessionId:=WTS_CURRENT_SESSION;
WTSQuerySessionInformation(WTS_CURRENT_SERVER, SessionId, WTSClientAddress, Pointer(ClientAddr), RetBytes);
try
case ClientAddr^.AddressFamily of
AF_INET:
IPAddr:= Format('%d.%d.%d.%d', [
ClientAddr^.Address[2],
ClientAddr^.Address[3],
ClientAddr^.Address[4],
ClientAddr^.Address[5]
]);
else
IPAddr:= '<unknow>';
end;
Result:=IPAddr;
finally
WTSFreeMemory(ClientAddr);
end;
end;
begin
Writeln('IP Actual client '+GetIpActualClient);
Writeln('-----------------------------------');
GetAll_TSClientsInfo;
Readln;
end.
UPDATE
As @Remko says, the WTSQuerySessionInformation function with the WTSClientAddress type, can return the local IP of the client. if you wanna get the real ip you can use the WinStationGetRemoteIPAddress helper function located in the JwaWinSta unit.
Var
Port : Word;
IpAddr : WideString;
Begin
WinStationGetRemoteIPAddress(WTS_CURRENT_SERVER,WTS_CURRENT_SESSION,IpAddr,Port);
End;
RRUZ
2010-03-17 13:39:57
Is it even necessary to use `WTSEnumerateSessions`? I think using `wts_Current_Session` for the session ID would be sufficient.
Rob Kennedy
2010-03-17 14:28:35
@Rob you are right the WTSEnumerateSessions function is to get the info for all sessions, i posted an example using wts_Current_Session and WTSEnumerateSessions. ;)
RRUZ
2010-03-17 14:58:17
I'm trying the WinStationGetRemoteIPaddress( ) now. I'm at home with a RDC to my office computer. When I call this method, it returns the ip address of my router, not my local machine.Btw, netstat returns WORKGROUP in this case. Not too useful...
Vegar
2010-03-17 19:19:53
@Vegar: yes of course it does, you make the connection with your *external* ip which in most cases is the ip that your router or modem has. WinStationGetRemoteIPAddress returns the IP address as reported by Terminal Server and it will match output of netstat on the server.
Remko
2010-03-17 19:26:40
+2
A:
WTSQuerySessionInformation returns the client IP as the client reports it, this will probably be (one) of it's local IP Address. If you want to know the REAL ip address and port that is connected you can use WinStationQueryInformationW with information class WinStationRemoteAddress. You will need my unit JwaWinsta from the Jedi Apilib.
I have provided a simple wrapper in the same unit as well:
function WinStationGetRemoteIPAddress(hServer: HANDLE; SessionId: DWORD;
var RemoteIPAddress: WideString; var Port: WORD): Boolean;
Remko
2010-03-17 15:45:24