WARD.NU
Return to WWW.WARD.NU
![]() |
RWhodwin GPL'ed RWho Daemon for Windows Version 0.3, compiled with Delphi 4.03, tested with Windows 95/98 Written By Ward van Wanrooij (ward@ward.nu, http://www.ward.nu) Copyright © 2000, Ward van Wanrooij Latest version can be obtained at http://www.ward.nu/computer/rwhodwin. |
Return to WWW.WARD.NU
Introduction
Download
History
Protocol
Documentation
Bugs
I thought it would be fun to see my Windows machines in the ruptime report on my Linux machine. So I started to search for an rwhod daemon for Windows. I was very amazed hoewever to see that no such program existed. Although I don't program in C and also am not a linux kernel hacker, I started to research the rwho protocol, rwhod.c and write an rwhod implementation for Windows. Surprisingly, I call the program RWhod for Windows. One more thing: I develop in Borland Delphi. So don't be shocked by seeing ObjectPascal code.
The source of rwhodwin is available under the GPL. If you make any modifications to the source code, I would be very happy to receive them. I am the current maintainer of rwhodwin.
It is highly recommended that you subscribe to the mailinglist to keep up-to-date about new releases.
22-05-2000 | Removed TWSocket dependency, added TSock dependency, since I am the current maintainer of TSock.Shortened the code by a few lines. (0.30) |
19-03-2000 | Bugfix for two typos, added note about strange behaviour using WinSock1. (0.22) |
19-02-2000 | Bugfix for Microsoft registry awkwardness. See Why #1 in code. Released version 0.21. |
05-02-2000 | Complete rewrite of the code. The former code was more fficient, but this one is far more clean. This one is truly object oriented programmed. Released version 0.2. |
02-02-2000 | Release of version 0.1-pre. |
01-02-2000 | Development on rwhodwin started. |
My Delphi implementation of the rwho protocol
A rwho message is normally sent via UDP from the current pc at the rwho port (513) to the rwho port of the broadcast-address. A single rwho message consists of one Twhod object, which in its turn consits of at least one Twhoent object. For every active console on the system, an extra Twhoent should be provided. If one user is active then two whoent structs should be provided!
length | name/type/description | example |
Toutmp = record | ||
08 | out_line:
array[0..7] of char; Console name. I used the value pts/0 because I had to use *some* value. |
70 74 73 2F
30 00 00 00 pts/0 |
08 | out_name:
array[0..7] of char; User name. I used the name windows to identify the packets. |
77 69 6F 64
6F 77 73 00 windows |
01 | out_time:
cardinal; Login time. I used the value of boottime, because the login-ime cannot be accessed in Windows. All cardinal values have to be transformed into network byte order before transmission. The function NetworkByteOrder(NBTIn: Cardinal): Cardinal; provides this functionality |
38 88 4A E2 |
end; | ||
Twhoent = record | ||
20 | we_utmp: Toutmp; | |
04 | we_idle: cardinal; The idle time in seconds for the console. If this time is greater than 1 hour, the user does not show up in rwho. So I used the value 1 hour, 1 minute to hide the windows user in rwho. |
00 00 0E 4C |
end; | ||
Twhod = record | ||
01 | wd_vers:
char Version number. This number should always be set to 01. |
01 |
01 | wd_type:
char; Status number. This number should always be set to 01, meaning up. |
01 |
02 | wd_fill:
array[0..1] of char; Two bytes used as fillers. These values should not be filled in. |
00 00 |
04 | wd_sendtime:
cardinal; The time at which the packet was sent. The time is coded in UTC in seconds since 01-01-1970, also known as the Epoch in the Unix world. |
38 96 F6 92 |
04 | wd_recvtime:
cardinal; The time at which the packet was received. The receiving operating system fills in this value. |
00 00 00 00 |
32 | wd_hostname[32]:
array[0..31] of char; The hostname of the sending machine. I use the API function GetHostname() to return the hostname. |
72 6f 67 65
72 77 69 6C 63 6F 00 00 .. 00 rogerwilco |
12 | wd_loadav[3]:
array[0..2] of cardinal; The load average in the last 1-, 5- and 15-minutes periods. I really do not know how the interpret the load-averages under Unix, and neither does anybody whom I have asked. rwhod for Windows sends the percentual usage of the primary CPU as the load average. The CPU usage is checked every 10 seconds. If anyone does have any information on the load average, then please contact me. |
00 00 00 10
00 00 00 15 00 00 00 20 0.10 0.21 0.32 |
04 | wd_boottime:
cardinal; The time the system booted. |
38 88 4A E2 |
24 | wd_we: array[0..41] of
Twhoent; The declaration of wd_we differs a little bit from its Unix cousin (wd_we[1024 / sizeof (struct whoent)]), but it is the same under this version of the rwho-protocol. You can recheck this yourself, if you want to. |
|
end; |
Installation and configuration of rwhodwin is fairly simple. Just enter your desired values in the registry (or load rwhodwin.reg) and start rwhodwin.exe.
name/type/description | example |
HKEY_LOCAL_MACHINE\Software\Ward\rwhodwin\Port
(string) Port at which connection should be initiated from and to. Default value is rwho or 513. |
who |
HKEY_LOCAL_MACHINE\Software\Ward\rwhodwin\Subnetmask
(string) Subnet which should receive the UDP broadcast. Default value is 255.255.255.255. |
192.168.255.255 |