My technical notes: 2012

Saturday, May 12, 2012

How to verify user credentials programmatically (Windows)

We may use LogonUser like in the following example:

{

  char user[] = "USERNAME";

  char pass[] = "PASSWORD";

  char domain[] = "DOMAIN";

  BOOL result;

  HANDLE token = NULL;

  result = LogonUser(user, domain, pass, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token);

  if (result) {

    printf("user %s successfully logged on\n", user);

    CloseHandle(token);

  } else {

    printf("unable to logon: %d", GetLastError());

}

  /* it is always good to call SecureZeroMemory. Even in the sample */

  SecureZeroMemory(pass, sizeof(pass) / sizeof(*pass)); 

}

It is possible to pass domain as the second argument or provide username in the form username@domainname. In the later case the second argument must be NULL. The function cannot handle the form "DOMAINNAME\\USERNAME".

This is valid since Windows XP. In case of previous versions of Windows check the link http://support.microsoft.com/kb/180548

Saturday, February 25, 2012

How to get function's name from function's pointer in C? (GCC extensions)

In my previous post I described how to get function's name from function's pointer in C under Windows for debug purposes.

In GCC you may use backtrace_symbolos declared in <execinfo.h>. An example looks like:

#include <execinfo.h>

void *pfunc = ...; /* pointer to some function */

void *buffer[1] = {pfunc};

char **strings = backtrace_symbols(buffer, 1);

if (strings == NULL) {

  perror("backtrace_symbols");

} else {

  printf("%s\n", strings[0]);

  free(strings);

}

You have to link with -rdynamic flag. The output looks like:

./a.out(myfunc+0) [0x400987]

If function is static name is omitted.

I recommend to use the things like this for debugging only.

How to print stack trace in C / C++ (GCC)

While discovering and debugging a large project it may be quite useful to print a stack trace. In Java I could use something like
new Exception().printStackTrace()
for that purpose. (Yes, I know, it looks stupid and I prefer not to commit a code like that to CVS, but this dirty hack can still be quite useful while debugging).

Is their anyway to achieve the same goal in C / C++?

Of course there is no portable solution. But several platforms provide their extensions. I recently discovered that GCC provides functions backtrace() and backtrace_symbols() declared in <execinfo.h>. An example is available here: http://linux.die.net/man/3/backtrace_symbols. We need to link with -rdynamic option. The output contains the name of executable file, the name of function (if available) and looks like:

./a.out(myfunc3+0x1c) [0x400904]
./a.out [0x400985]
./a.out(myfunc+0x23) [0x4009aa]
./a.out(main+0x78) [0x400a24]
/lib64/libc.so.6(__libc_start_main+0xf4) [0x377281d974]
./a.out [0x400839]

Or, in case of C++, the output can be:

a.out(_Z7myfunc3v+0x1c) [0x4009b4]
a.out(__gxx_personality_v0+0x18d) [0x400a35]
a.out(_Z6myfunci+0x23) [0x400a5b]
a.out(_Z6myfunci+0x1c) [0x400a54]
a.out(main+0x76) [0x400ad4]
/lib64/libc.so.6(__libc_start_main+0xf4) [0x377281d974]
a.out(__gxx_personality_v0+0x41) [0x4008e9]

Note that static function name is omitted in case of C or replaced with some dummy name in case of C++.

I still miss the information like source file names and line numbers. But at least this could give an idea of what to debug next.

However, I still wouldn't commit a code like that to production.

Sunday, February 19, 2012

How to get function's name from function's pointer in C? (Windows)

Suppose that I am debugging a code written on C which deals with a pointer to function. This pointer is initialized somewhere else and may actually point to function1, function2 etc. I need to find out
the real name of the function and print this information to the log, ideally together with source file name and line number (all this information is available if debugging information is turned on).

Yes, I know that I can set a breakpoint and see the actual value of pointer in debug windows. But sometimes I find a log a bit more useful.

Of course there is no reliable and cross-platform solution. The C language itself does not provide the possibilities like this. However, we may find API for certain platforms and/or certain debugging information.

For instance, in case of Windows the solution can be found with the help of DbgHelp functions: SymGetSymFromAddr64 and SymGetLineFromAddr64.

To be able to call both of them, we need to enable debug information. To be able to use SymGetLineFromAddr64, we need to turn on profile information as well (although it is not mentioned in the documentation, but it seems that SymGetLineFromAddr64 is not working without profile information).

The program needs to be linked with Dbghelp.lib.

Before their use we must call SymInitialize.

Now let's put it all together:

#if defined _DEBUG

#include <dbghelp.h>

BOOL InitDebug()

{

    BOOL initRes;

  SymSetOptions(SYMOPT_LOAD_LINES);

    initRes = SymInitialize(GetCurrentProcess(), NULL, TRUE);

    if (!initRes) 

{

        printf(_T("SymInitialize failed with error %d"), GetLastError());

}

    return initRes;

}

BOOL TracePointerInfo(DWORD64 addr)

{

    char symbolName[MAX_SYM_NAME + 1];

    char buffer[sizeof(IMAGEHLP_SYMBOL64) + MAX_SYM_NAME*sizeof(TCHAR)] = {0};

    IMAGEHLP_LINE64 line;

    DWORD64 dis64 = 0;

    DWORD dis = 0;

    IMAGEHLP_SYMBOL64 *pSym = NULL;

    BOOL res;

    pSym = (IMAGEHLP_SYMBOL64 *) buffer;

    pSym->SizeOfStruct = sizeof(IMAGEHLP_SYMBOL64);

    pSym->MaxNameLength = MAX_PATH;

    res = SymGetSymFromAddr64(GetCurrentProcess(), addr, &dis64, pSym);

    if (!res) 

{

        /* TODO: call your trace function instead of printf */

        printf("SymGetSymFromAddr64 fails, error=%ld\n", GetLastError());

        return FALSE;

}

    else

{

        strcpy(symbolName, pSym->Name);

}

    memset(&line, 0, sizeof(line));

    line.SizeOfStruct = sizeof(line);

    res = SymGetLineFromAddr64(GetCurrentProcess(), addr, &dis, &line);

    if (!res) 

{

        printf("SymGetLineFromAddr64 fails, error=%ld\n", GetLastError());

        return FALSE;

}

    else

{

        printf("function=%s (%s, %d)\n", symbolName, line.FileName, line.LineNumber);

}

    return TRUE;

}

#define TRACE_POINTER_INIT InitDebug()

#define TRACE_POINTER(f) TracePointerInfo((DWORD64)(f))

#else

#define TRACE_POINTER_INIT

#define TRACE_POINTER(f)

#endif

To use it, call TRACE_POINTER_INIT somewhere in the beginning of your program.
To trace information about function pointer myfunction, use
TRACE_POINTER(myfunction);

Possible problems and how to fix them:
1. SymGetSymFromAddr64 fails, last error is 487 (Attempt to access invalid address. ). Answer: most likely debug information is not found. Rebuild the project for Debug.

2. SymGetSymFromAddr64 fails, last error is 6 (The handle is invalid). Answer: most likely SymInitialize was not called.

3. SymGetSymFromAddr64 succeed but SymGetLineFromAddr64 fails, last error is 487. That was the most tricky for me: documentation says nothing about it. It seems that you have to enable profile information (Project->Properties, Configuration Properties, Linker, Advanced, make sure that Profile is "Enable ..."). However I found it by playing with options. I didn't find any explanation in the documentation.

Size of primitive types in C language on different platforms

I am working on the project which is written in C and can be compiled and run on a variety of platforms. Of course I see a lot of compatibility issues. In order to be better prepared for them I write a simple program which just prints the sizes of primitive types.

Here is the program itself:

#include <stdio.h>

int main(int argc, char* argv[])
{
        printf("sizeof(char)=%ld\n", sizeof(char));
        printf("sizeof(wchar_t)=%ld\n", sizeof(wchar_t));
        printf("sizeof(short)=%ld\n", sizeof(short));
        printf("sizeof(int)=%ld\n", sizeof(int));
        printf("sizeof(long)=%ld\n", sizeof(long));
        printf("sizeof(long long)=%ld\n", sizeof(long long));
        printf("sizeof(void*)=%ld\n", sizeof(void*));
        printf("sizeof(size_t)=%ld\n", sizeof(size_t));
}

Results are below. In case of 32 platforms, everything is clear. Things become more interesting in case of 64 platforms...

Visual C, Win32:

sizeof(char)=1
sizeof(wchar_t)=2
sizeof(short)=2
sizeof(int)=4
sizeof(long)=4
sizeof(long long)=8
sizeof(void*)=4
sizeof(size_t)=4

Visual C, Win64:
sizeof(char)=1
sizeof(wchar_t)=2
sizeof(short)=2
sizeof(int)=4
sizeof(long)=4
sizeof(long long)=8
sizeof(void*)=8
sizeof(size_t)=8

Note that size_t on Win64 takes 8 bytes. This means that the code like
int temp = strlen("temp");
may now generate warning like "conversion from 'size_t' to 'int', possible loss of data". The warning will be generated if type of temp is changed to unsigned int, long or unsigned long.

IBM XL C compiler (on AIX):

sizeof(char)=1
sizeof(wchar_t)=2
sizeof(short)=2
sizeof(int)=4
sizeof(long)=4
sizeof(long long)=8
sizeof(void*)=4
sizeof(size_t)=4

IBM xlc compiler, with -q64 switch:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=8
sizeof(long long)=8
sizeof(void*)=8
sizeof(size_t)=8

Note that long on 64 platform is 8 bytes unlike the Microsoft Visual C. Another interesting fact is that size of wchar_t depends on 32/64 mode as well.

HP-UX C compiler:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=4
sizeof(long long)=8
sizeof(void*)=4
sizeof(size_t)=4

HP-UX C compiler, with +DD64 switch:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=8
sizeof(long long)=8
sizeof(void*)=8
sizeof(size_t)=8

By default this compiler does not recognize wchar_t type. To use it, I have to include additional file <whcar.h>. Unlike IBM, the size of wchar_t is 4 in both versions.

GCC on 32 platform:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=4
sizeof(long long)=8
sizeof(void*)=4
sizeof(size_t)=4

GCC on 64 platform:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=8
sizeof(long long)=8
sizeof(void*)=8
sizeof(size_t)=8

Sun Studio 12 C Compiler:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=4
sizeof(long long)=8
sizeof(void*)=4
sizeof(size_t)=4

Sun Studio 12 C Compiler with -m64 switch:

sizeof(char)=1
sizeof(wchar_t)=4
sizeof(short)=2
sizeof(int)=4
sizeof(long)=8
sizeof(long long)=8
sizeof(void*)=8
sizeof(size_t)=8

Note: as above, additional #include <wchar.h> ir required for wchar_t.

Saturday, February 4, 2012

How to calculate MD5 hash value using OpenSSL library

OpenSSL is an open source library which provides the basic cryptographic functions (see http://www.openssl.org/ for details).

This post describes how to use cryptographic hash functions (MD5 as an example) provided by this library.

Actually, type "man EVP_get_digestbyname" and you will see description of the needed functions and a sample.

Here is the example with my comments:

#include <stdio.h> 

#include <openssl/evp.h>

main(int argc, char *argv[])
{
EVP_MD_CTX mdctx;
const EVP_MD *md;
char input[] = "md5";
unsigned char output[EVP_MAX_MD_SIZE];
int output_len, i;

/* Initialize digests table */
OpenSSL_add_all_digests();

/* You can pass the name of another algorithm supported by your version of OpenSSL here */
/* For instance, MD2, MD4, SHA1, RIPEMD160 etc. Check the OpenSSL documentation for details */
md = EVP_get_digestbyname("MD5");

if(!md) {
printf("Unable to init MD5 digest\n");
exit(1);
}

EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, md, NULL);
EVP_DigestUpdate(&mdctx, input, strlen(input));
/* to add more data to hash, place additional calls to EVP_DigestUpdate here */
EVP_DigestFinal_ex(&mdctx, output, &output_len);
EVP_MD_CTX_cleanup(&mdctx);

/* Now output contains the hash value, output_len contains length of output, which is 128 bit or 16 byte in case of MD5 */

printf("Digest is: ");
for(i = 0; i < output_len; i++) printf("%02x", output[i]);
printf("\n");
}

Link with crypto library (-lcrypto).

How to monitor the contents of a directory and its subdirectories on Windows.

I need a function that is notified about changes in a directory tree. How can I implement it?

First of all we may use FindFirstChangeNotification / FindNextChangeNotification functions. They return a handle that can be used in one of the wait functions (for instance, WaitForSingleObject, WaitForMultipleObjects etc). An example can be found here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365261%28v=vs.85%29.aspx

This solution has a small problem: a caller is notified when a change occurs but this API does not provide any way to check what exactly was changed. Of course it is possible to store a list of files with their attributes (such as file size and file modification time) but probably there is a better solution?

I found the function ReadDirectoryChangesW a bit more useful. It provides information about what exactly was changed (file name and action description, i.e. add/change etc).

To use it, first of all we need to get a handle of the specified directory with the help of CreateFile (dwDesiredAccess argument should have FILE_LIST_DIRECTORY, dwFlagsAndAttributes should have FILE_FLAG_BACKUP_SEMANTICS). Pass this handle with a buffer into ReadDirectoryChangesW. The buffer should be large enough to hold one or several items of type FILE_NOTIFY_INFORMATION. The synchronous version of function returns when the content of directory is changed (actually it is possible to make asynchronous calls as well, but this is beyond the scope of this post).

So a very simple synchronous sample looks like (Unicode version):

#include <windows.h>

void TestDirChanges(LPCWSTR path)
{
    /*
    FileName member of FILE_NOTIFY_INFORMATION has only one WCHAR according to definition. Most likely, this field will have more characters.
    So the expected size of one item is (sizeof(FILE_NOTIFY_INFORMATION) + MAX_PATH * sizeof(WCHAR)).
    Prepare buffer for 256 items.
    */
    char buf[256 * (sizeof(FILE_NOTIFY_INFORMATION) + MAX_PATH * sizeof(WCHAR))] = {0};
    DWORD bytesReturned = 0;
    BOOL result = FALSE;
    FILE_NOTIFY_INFORMATION *fni = NULL;

    HANDLE hDir = CreateFile(path,
        FILE_LIST_DIRECTORY | STANDARD_RIGHTS_READ,
        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
        NULL,
        OPEN_EXISTING,
        FILE_FLAG_BACKUP_SEMANTICS,
        NULL);

    if (!hDir || hDir == INVALID_HANDLE_VALUE)
    {
        wprintf(L"CreateFile failed\n");
        return;
    }

    while (1)
    {
        result = ReadDirectoryChangesW(hDir,
            buf,
            sizeof(buf) / sizeof(*buf),
            TRUE, /* monitor the entire subtree */
            FILE_NOTIFY_CHANGE_FILE_NAME |
                FILE_NOTIFY_CHANGE_DIR_NAME |
                FILE_NOTIFY_CHANGE_ATTRIBUTES |
                FILE_NOTIFY_CHANGE_SIZE |
                FILE_NOTIFY_CHANGE_LAST_WRITE |
                FILE_NOTIFY_CHANGE_LAST_ACCESS |
                FILE_NOTIFY_CHANGE_CREATION |
                FILE_NOTIFY_CHANGE_SECURITY,
            &bytesReturned,
            NULL,
            NULL);

        if (result && bytesReturned)
        {
            wchar_t filename[MAX_PATH];
            wchar_t action[256];
            for (fni = (FILE_NOTIFY_INFORMATION*)buf; fni; )
            {
                switch (fni->Action)
                {
                case FILE_ACTION_ADDED:
                    wcscpy_s(action, sizeof(action) / sizeof(*action), L"File added:");
                    break;

                case FILE_ACTION_REMOVED:
                    wcscpy_s(action, sizeof(action) / sizeof(*action), L"File removed:");
                    break;

                case FILE_ACTION_MODIFIED:
                    wcscpy_s(action, sizeof(action) / sizeof(*action), L"File modified:");
                    break;

                case FILE_ACTION_RENAMED_OLD_NAME:
                    wcscpy_s(action, sizeof(action) / sizeof(*action), L"File renamed, was:");
                    break;

                case FILE_ACTION_RENAMED_NEW_NAME:
                    wcscpy_s(action, sizeof(action) / sizeof(*action), L"File renamed, now is:");
                    break;

                default:
                    swprintf_s(action, sizeof(action) / sizeof(*action), L"Unkonwn action: %ld. File name is:", fni->Action);
                }

                if (fni->FileNameLength)
                {
                    wcsncpy_s(filename, MAX_PATH, fni->FileName, fni->FileNameLength / 2);
                    filename[fni->FileNameLength / 2] = 0;
                    wprintf(L"%s '%s'\n", action, filename);
                }
                else
                {
                    wprintf(L"%s <EMPTY>\n", action);
                }

                if (fni->NextEntryOffset)
                {
                    char *p = (char*)fni;
                    fni = (FILE_NOTIFY_INFORMATION*)(p + fni->NextEntryOffset);
                }
                else
                {
                    fni = NULL;
                }
            }
        }
        else
        {
            wprintf(L"ReadDirectoryChangesW failed\n");
        }
    }

    CloseHandle(hDir);
}

The call might look similar to
TestDirChanges(L"C:\\Documents and Settings\\SomeUser\\1\\").

In order to make the things simpler I didn't introduce any way to stop, so this sample runs forever (until Ctrl-C or kill).

Sunday, January 8, 2012

Useful Linux commands

Useful information about Linux commands.

1. The very famous "Argument list too long" issue.
When I try to copy too many files with command like
cp /blablabla/somedir/* ./
I got error like "-bash: /bin/cp: Argument list too long". The same problem appears in any command where asterisk applies to a large count of files.

An easy way to deal with it is to use find command. For instance,
find /blablabla/somedir/ -name "*" -exec cp -p {} ./ \;

2. Rather useful GUI to build find command:
http://find.unixpin.com/

3. Get information about executable files and/or shared libraries.

ldd prints the shared libraries required by each program or shared library specified on the command line.
For instance,
ldd a.out - prints out the list of *.so files on which a.out depends.

nm - list symbols from object files (for instance, can be used to get list of functions in *.so file).

file - determine file type.
For instance,
file a.out prints out the file format and target architecture (i.e. 32 or 64).

objdump - display information from object files.

For instance,
objdump -f a.out
may be used to get file format as well;

objdump -x a.out
prints out a lot of useful information.

4. How to find out Linux distribution name and version.

cat /etc/*-release - for distribution name.
uname -mrs - prints the machine hardware name, the kernel release and the kernel name. This can be used to get CPU type: CPU is 64bit if you see x86_64.
lsb_release -a - prints Linux Standard Base and distribution-specific information.

More information is available here and here.

5. lsof - list open files.
lsof -i :8000 - who is listening on the port 8000.

Monday, January 2, 2012

How to list all users of the given group (Linux)

Let's say I have a group name and I want function that lists all users of this group.

From the first point of view, the solutions is obvious. There is a function getgrnam which returns a pointer to struct group which has array of strings gr_mem (type "man getgrnam" for details). So we need to call the function and iterate through gr_mem until we meet NULL.

However, this is not accurate. The problem is that this function parses the group databases. Some users may be not present in the group database but may have group id set as a field in /etc/passwd. So we need to iterate through all users to find those of them who have group id equal to the id of the given group.

The following code illustrates this approach. Please note that it is a sample only. In the real project you will need to check for duplicates because some users may be listed twice.

#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include <stdio.h>

void list_all_users(const char *groupname) {
struct group *grp = getgrnam(groupname);

if (grp) {
    unsigned int i = 0;
    struct passwd *user_info;

    printf("group %s has the following members:\n", groupname);

     /* iterate through groups database */
    while (grp->gr_mem[i]) {
      printf(" %s\n", grp->gr_mem[i]);
    }

    for (user_info = getpwent(); user_info; user_info = getpwent()) {
      if (user_info->pw_gid == grp->gr_gid) {
        printf(" %s\n", user_info->pw_name);
      }
    }

    endpwent();
} else {
    printf("group %s not found", groupname);
}

}

How to list all users / groups programmatically (Linux)

In my previous post I described how to list all users / groups on Windows machine.

This post describes how to list all users / groups of Linux server.

Use functions getpwent for users and getgrent() for groups (type man getpwent or man getgreent for details).

The sample code looks like:

#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>

void list_users(void) {
struct passwd *p = getpwent();

for (; p; p = getpwent()) {
puts(p->pw_name);
}

endpwent();
}

void list_groups(void) {
struct group *p = getgrent();

for (; p; p = getgrent()) {
puts(p->gr_name);
}

endgrent();
}

How to list all users / groups of domain programmatically (Windows)

To list all users of domain in command line, use command "net users /domain". The command "net users" without /domain switch returns all users of the local workstation.

To list all groups of domain in command line, use command "net groups /domain". Again, the same command without /domain switch returns all groups of the local workstation.

How to get the same reports programmatically?

Use the function NetQueryDisplayInformation in both cases. MSDN provides example code of how to use it. Depending on parameter the function returns array of NET_DISPLAY_USER or NET_DISPLAY_GROUP structures. Pass NULL for the first parameter, this will list all users / groups from local computer.

How to deal with the domain? It seems that we may use the function NetServerEnum with SV_TYPE_DOMAIN_CTRL as servertype parameter (see MSDN for the sample). Note that you need to run the program as administrator. This returns domain controller, which can be used as the first parameter for NetQueryDisplayInformation.

Don't be surprised: depending on the configuration of your network, domain controller name may be equal or not equal to the domain name.

But wait! The command "net users /domain" does not require to be run under administrator account, while our program does. So it seems there could be a better solution.

For this case you may find the DsEnumerateDomainTrusts function more useful. Pass NULL as the first parameter and DS_DOMAIN_PRIMARY as a flag. This function exists since Windows 2000, so in case of old good Windows NT you may still choose NetServerEnum... but I don't find this information useful nowadays.

Now lets put it all together. NetQueryDisplayInformation works with Unicode strings only. DsEnumerateDomainTrusts exists in both versions. To make the things easier I assume that Unicode is set. So the sample code looks like:

#include <Dsgetdc.h>
#include <lm.h>

DWORD GetAllUsersOfPrimaryDomain()
{
PNET_DISPLAY_USER pBuff, p;
DWORD res, dwRec, i = 0;
ULONG domainsCount;
PDS_DOMAIN_TRUSTS domain;

res = DsEnumerateDomainTrusts(NULL, DS_DOMAIN_PRIMARY, &domain, &domainsCount);

if (res != ERROR_SUCCESS)
{
    printf("DsEnumerateDomainTrusts failed with error %ld\n", res);
    return res;
}

printf("DsEnumerateDomainTrusts returns %ld domain, this test will print users for the first one (%S) ", domainsCount, domain->DnsDomainName);

do // begin do
{
      //
      // Call the NetQueryDisplayInformation function;
      //   specify information level 3 (group account information).
      //
      res = NetQueryDisplayInformation(domain->DnsDomainName, 1, i, 1000, MAX_PREFERRED_LENGTH, &dwRec, (PVOID*)&pBuff);
      //
      // If the call succeeds,
      //
      if((res==ERROR_SUCCESS) || (res==ERROR_MORE_DATA))
      {
         p = pBuff;
         for(;dwRec>0;dwRec--)
         {
            //
            // Print the retrieved group information.
            //
            printf("Name:      %S\n"
                  "Comment:   %S\n"
                  "Full name: %u\n"
                  "--------------------------------\n",
                  p->usri1_name,
                  p->usri1_comment,
                  p->usri1_full_name);
            //
            // If there is more data, set the index.
            //
            i = p->usri1_next_index;
            p++;
         }
         //
         // Free the allocated memory.
         //
         NetApiBufferFree(pBuff);
      }
      else
         printf("Error: %u\n", res);
   //
   // Continue while there is more data.
   //
} while (res==ERROR_MORE_DATA); // end do

    NetApiBufferFree(domain);

return ERROR_SUCCESS;
}

(NetQueryDisplayInformation part of this sample was copied from MSDN).

One more question is left. Suppose you have a user with fullname "DOMAINNAME\USERNAME" and you want to list all users of DOMAINNAME. As I mentioned before domain controller name may be equal or not equal to domain name. So if you pass DOMAINNAME as an argument into NetQueryDisplayInformation you may get error. How to get domain controller of DOMAINNAME?

In this case use the function NetGetAnyDCName like in the following sample:

LPWSTR controller = NULL;
NetGetAnyDCName(null, L“DOMAINNAME”, &controller);
/* ...now pass controller to NetQueryDisplayInformation as above... */
NetApiBufferFree(domain_controller);