In the search for the self or how to find out your IP address and other stuff in Win95 and WinNT

Stas Khirman (staskh@rocketmail.com)

Raz Galili (razgalili@hotmail.com)

Definition of the problem

What is your current IP address? You can not program for TCP/IP without finding yourself needing this piece of information sometime. There is an API function for that now, isn't it? Just call gethostbyname() for "localhost" and you would get your IP address.

Well, yes you can, and no, it is not enough. First of all, this function gives you your IP address only, it does not give you any other information you would like to know, like your network mask. Also, this function would only give you ONE IP address, while you might have more then one: there are a lot of computers out there with both a modem and a network adapters.

And to top all that, if anything is wrong with your TCP/IP settings, you would get the wrong IP address.

Windows 95 and Windows NT contains a bunch of network statistic utilities: IPCONFIG on NT and WINIPCFG on Win95 both detect your IP addresses, network mask, even you adapter MAC address. NETSTAT utility show list of active TCP and UDP connection, and detailed transmit statistic. ROUTE utility give you read and write access to your routing table and ARP give you same access to you address resolution table. This shows that Windows have some way to access the internal TCP/IP information and we do not. We have a right to know!

The need to find the IP addresses of a machine was the original motive that drove us into looking closer at some of those Windows 95 and NT programs, and trying to figure out how they do it.

The solution

There is one thing common to IPCONFIG, NETSTAT, ROUTE and ARP utilities. All of them use a DLL called INETMIB1.DLL .

This DLL is present both on any Windows 95 and NT. Microsoft documentation describes this DLL as extension for SNMP extendable agent. This DLL - if accessed right - would give all the information we are looking for, and much, much more. All we have to do is to simulate the Windows extendible agent, and request the DLL for the right OIDs.

Now we would attempt to explain what is SMNP, what is the extensible agent, what is an OID and how to parsuade inetmib1.dll to speak with us.

What is SNMP

SNMP stands for Simple Network Management Protocol. SNMP was developed to answer the complex problem of managing networks. Many devices are connected to network today: printers, routers, repeaters, and bridges, multi-functional servers, mainframes and desktop computers, actually everything but the coffee machine and the toaster are connected together, (and both the coffee machine and the toaster are going to be plugged into the net really soon). Each of these devices has different problems to solve. All those devices present unique problems, different status information they can present for retrieval and different settings to set.

SNMP is presenting a way to handle all those devices through the net itself, a reliable way to alter and retrieve data remotely on a variety of different platforms. It is powerful and flexible enough in order to supports every different kind of data structure and request type for every network device that exists today and may exist in the future. It is the most widely adopted network management protocol.

In the SNMP model there is a software agent residing on the network device. This agent collects the related information about that device. The information can be retrieved from the agent by a manger component through the net. The manger can reside anywhere on the net - usually it is on a different machine then the agent. The manager can send queries and requests to the agent that would handle them for the manger.

SMNP data structures

The data handled by the SNMP agent is organized into units that are called "management information bases" or MIBs for short. MIBs are described via a precise definition language called "Abstract Syntax Notation". A manager can talk to an agent, understand the agent information and handle it, if the manager has the MIB of the agent.

For example, a hardware vendor might create a new device, let’s say the device is called "elephant", a pink network elephant. With the new product the manufacturer would also create a diskette with a MIB file, describing the data structure needed to handle the new device. This MIB file can be fed into the any SNMP system management tools. The elephant would have an agent running that would be able to collect all the information the network manager need to know. This information would be organized in the data structures described by the MIB, and the SMNP management tools the system manger already using, would be able to read this information from the elephant.

The information described by the MIB might describe unlimited number of objects. Each object has a unique identifier, called OID. An OID is a sequence of numbers that identify an object. Every object that can be handled through SNMP has a unique OID. All the OIDs in the world are organized in one big tree-like structure. The sequence of the numbers that is the OID are the identifiers of the branches of the tree. Every subtree in the tree is assigned by the IETF to ensure that all branches are unique.

Each branch has a name and a number assigned to it. All SNMP objects are somewhere under the subtree iso.org.dod.internet which is 1.3.6.1.

All of TCP/IP basic objects are contained inside the sub tree called MIB-II base. The MibII definition can be obtained from RFC1213 . Reading the MibII file we can see that to obtain system description, we need to read the value from iso.org.dod.internet.mgmt.mib-2.system.sysDescr (1.3.6.1.2.1.1.1.0)

The last number identifier, 0, show that to read sysDescr we would need to read a scalar value.

Scalar values are easy to read. Reading elements of a table is a little bit trickier then reading simple values. For exemple, to read the current IP address of our machine, we need to read the value from: iso. org. dod. internet. mgmt. mib-2. ip. ipAddrTable. ipAddrEntry. ipAddress. IPADDRESSREALVALUE or (to make an infinite story long) 1, 3, 6, 1, 2, 1, 4 , 20, 1 ,1,?,?,?,?. Each of the question marks stands for one number of the ip. If your IP address is, say 123.45.67.89 then you would find on your machine the value 1, 3, 6, 1, 2, 1, 4 , 20, 1 ,1, 123, 45, 67, 89. Of course to read this value you would need to know it exists.

IpAddress is element of table indexed by this address itself. To get access to some table object we have to concatenate it base OID with its index. In our example we meet a deadloop – we need to know ip address to retrieve it!

SNMP solves this problem by supporting a command set that allows the user to search its data tree. If you have a given OID you can ask for the value of the object with next OID. In our case, if we would ask for the value of the element next to 1.3.6.1.2.1.4.20.1.1 we would receive a full OID and value of our first IP interface. With the full OID of our first interface ip we can use the "get next" request to get the IP address of the second interface and so on.

To get the IP Masks we need use 1.3.6.1.2.1.4.20.1.3 as our starting OID.

SMNP and Windows

Windows 95 and Windows NT both give the option to install SNMP agent. (Windows NT also let you install SNMP manager). Windows SNMP service is built so it is easily extendable. The SNMP agent could be easily extended by extension DLLs. Those DLLs talk with the agent through an API of three functions. Each and every one of those DLLs exports the following 3 functions:

* SnmpExtensionInit - The extension agent initialization function.

* SnmpExtensionQuery - The main query function through which the agent Extension DLL.

* SnmpExtensionTrap - handling of traps created by the Extension DLL.

The Dll might also support the

*SnmpExtensionInitEx() - This is an extended version of SnmpExtensionInit that enable the extendible agent to query the extension DLL some more.

Windows SNMP services are thread a DLL called "inetmib1.dll" as an extensible agent. This DLL is present on any Windows 95 and NT. It is there even if the SNMP agent was not installed. This extension agent DLL is the one responsible to connect between the SNMP and the TCP/IP subsystems.

All is left to do now, is to load the DLL, simulate an init by the agent, and then query it for the IP number and whatever else we could ask for.

SNMP Command Set

SNMP has three Basic Commands - Get, Set, And GetNext. In every call to SnmpExtensionQuery one command is called but it can be done on a multiple number of data elements. A structure of type RFC1157VarBindList is passed to the function. This structure is a list of VarBind elements that is defined like this:

typedef struct {

            RFC1157VarBind *list;

            UINT len;

} RFC1157VarBindList;

typedef struct vb {

            AsnObjectName name;

            AsnObjectSyntax value;

} RFC1157VarBind;

A VarBind structure contain both the name (OID) of the element, and it's value.

Get and Set are used to access actual data objects and we do not need them to get the information we are interested in.

GetNext is a little different then Get and Set. It is used to travel a long the tree of the OIDs that the agent support. When a call is made to SnmpExtensionQuery with GetNext the function returns the first value that the agent supports that is s lexicographically greater than the supplied OID.

How to talk to inetmib1.dll

To start using an SNMP extension DLL the system (and us) first has to call SnmpExtensionInit(). This function needs 3 parameters - time zero reference, a handle to a trap event and an object identifier to received the supported view. A full understanding of this function and it's big brother SnmpExtensionInitEx() is needed to fully investigate the snmp extension DLL. Since we are not going to fully investigate it here -- we would just be happy with the fact that MibII has a short version of it that pass it default values.

We then call Query with GetNext request, repeating the call until there are no more ip address to return. When we start, the VarBind we pass to the function contains

iso.org.dod.internet.mgmt.mib-2.ip.ipAddrTable.ipAddrEntry.ipAddress (i.e. 1,3,6,1,2,1,4,20,1,1) in each and every call, the value which we get back is different, and this value we pass to the function.

If we had 3 IP addresses 205.5.3.1 205.5.3.3 and 205.5.3.6 the first time we call the function we would get in return 1,3,6,1,2,1,4,20,1,1,205.5.3.1. the second time we would receive 1,3,6,1,2,1,4,20,1,1,205.5.3.3 and the third time 1,3,6,1,2,1,4,20,1,1,205.5.3.6. the forth time would return something that begins with 1,3,6,1,2,1,4,20,1,2 or with 1,3,6,1,2,1,4,20,1,3. by this change we now that the function has failed to get any more ip numbers.

The Attached code

In the attached code MibAccess.cpp and MibAccess.h we loaded inetmib1.dll, and got the address to it's four interface functions. The functions can be called through the methods of MibExtLoad class. During the construction of the class, the class loads the mib dll into memory and get the addresses of it's functions.

The MibII class is a more specialized class then MibExtLoad. it explicitly loads inetmib1.dll, and give access to the data we are looking for - the ip address and mask.

MibAccess code use some standard SNMP utility function to build, compare and release SNMP internal structures. So you could link it with snmpapi.lib included in WinNT SDK and MSVC also. Unfortunately, compiled and linked example will work correctly at WindowNT only. Win95 does not contains appropriate snmpapi.dll file.   Ooops...But how could I build SNMP client for Win95 in this case??? At least MSDN documentation clime that I could do it!!!! Trick is here - old versions of Win95 and WinNT SDK contains other version of snmp.h and snmp.lib (instead of snmpapi.lib). This is a restricted version of SNMP which do not relay on snmpapi.dll existence. However, not every one have old MSDN disks, and we was asked many times to help to solve this problem for Win95. So we disassemble some part of snmpapi.lib, reconstruct requested functions, and re-implement them on snmpapi.c file. All you are need - add snmpapi.c file to you project.

While using GetIpAddress please notice that it would give you the loopback ip address (127.0.0.1). This IP address always exists.

Summery

The original reason to write this article was to help us find something we did not know about ourselves – while Microsoft does. Our IP address. After obtaining the MIB2 file we noticed that we could get out of it not only the IP address but also the Network MAC address, TCP and UDP connections currently active and a bunch of statistics. We did not show here how to do it, but we showed enough information so you can do it yourself. After all – you do have the right to know!!!


Last Edited :06/29/98 03:32:20 PM