古老的问题:怎么监听/阻截网络共享(137.138.139),win9x/Nt?

偶知:

在win9x下:
1.Netbios over tcp/ip的137,138,139有固定的AddressHandle,分别为0x00010000,0x00020001,0x00030002;但是不能截获打开Handle....(古怪的MS)
2.如果不是Over Tcp/Ip,so,hook Netbeui......

在winme下,
1.Over Tcp/Ip的AddressHandle不定,截获监听不到.
2.如果Over Netbeui,so,Hook.

在Nt下,
the same with Me.

大侠:
给点建议?

NetBEUI is a TRANSPORT that *usually* includes NetBIOS.  NetBIOS provides
three sets of SERVICES: name services, session services & datagram
services.  The name services are used to advertise services on the network
(alas, MS name services aren\'t that flash <bg>).  Therefore, it should be
obvious that NetBIOS is not limited to NetBEUI (you can access MS servers
with other transports).  In fact, NetBIOS is a now *separate* component on
NT.

So, NT has a transport called NBF (NetBEUI Frame Protocol) that has an
*interface* for NetBIOS.  Likewise, TCP/IP uses NBT (NetBIOS over TCP/IP)
that does the same job (from memory, using TCP/UDP ports 137, 138 & 139).
And NWLink (MS\'s IPX/SPX-compatible transport) provides NWBLink.  

In actual fact, the LMHost file is used to allow NetBIOS to resolve NetBIOS
names over TCP/IP that exist *outside* of the local subnet.  In the past,
such names were usually resolved via broadcasts (called b-node name
resolution).  Newer MS clients use a better method involving WINS to
resolve these names (called h-node name resolution).

If the client knows the IP address of the NetBIOS node that has that name
registered, it *can* talk to that machine even if cross routers when

Because NWLink doesn\'t need the equivalent of a LMHost file and does not
have all the configuration hassles that TCP/IP has (while still being
routable), it was \'favored son\' for a while.  However, with the advent of
Microsoft\'s decision to actively pursue the WWW/Internet phenomenon and the
development DHCP/WINS for NT, TCP/IP has now become their preferred
transport.

I hope this helps the person who posted the original question (I haven\'t
seen it, but I know that the answer below is not correct).