GoudanLabs/remote-volume-monitor
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Initial commit - 按新规范整理目录结构

Browse Source 
- Code/: 源代码、配置文件、文档、工具
- Releases/: 发布包(v1.0)
- Test/: 测试用例和测试脚本
This commit is contained in:
Agent
2026-03-20 06:54:40 +08:00
commit 45e7d9553a
29 changed files with 5068 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

229
Test/Scripts/test_rdp_detection.py Normal file
View File

@@ -0,0 +1,229 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
RDP 连接检测测试工具
用于诊断 RDP 检测问题
"""
import os
import subprocess
import sys
def print_header(title):
print("\n" + "=" * 60)
print(f" {title}")
print("=" * 60)
def check_environment_variables():
"""检查环境变量"""
print_header("1. 环境变量检查")
vars_to_check = [
'SESSIONNAME',
'USERNAME',
'USERDOMAIN',
'COMPUTERNAME',
]
for var in vars_to_check:
value = os.environ.get(var, '(未设置)')
print(f" {var}: {value}")
session_name = os.environ.get('SESSIONNAME', '')
if session_name.startswith('RDP'):
print(f"\n ✓ SESSIONNAME 以 RDP 开头,检测到远程会话")
return True
else:
print(f"\n ⚠ SESSIONNAME 不以 RDP 开头")
return False
def check_query_user():
"""检查 query user 命令输出"""
print_header("2. query user 命令检查")
try:
result = subprocess.run(
['query', 'user'],
capture_output=True,
text=True,
shell=True,
timeout=5
)
print(f" 返回码:{result.returncode}")
print(f"\n 标准输出:")
for line in result.stdout.split('\n'):
print(f" {line}")
if result.stderr:
print(f"\n 错误输出:")
for line in result.stderr.split('\n'):
print(f" {line}")
# 分析输出
output_lower = result.stdout.lower()
print(f"\n 分析结果:")
# 检查 RDP/TCP 关键字
if 'rdp' in output_lower or 'tcp' in output_lower:
print(f" ✓ 包含 'rdp''tcp' 关键字")
# 逐行检查
for line in result.stdout.strip().split('\n'):
line_lower = line.lower()
if 'rdp' in line_lower or 'tcp' in line_lower:
if 'active' in line_lower:
print(f" ✓ 检测到活跃的 RDP/TCP 会话:{line.strip()}")
elif '>' in line:
print(f" ✓ 当前会话是 RDP/TCP{line.strip()}")
else:
print(f" ⚠ 未包含 'rdp''tcp' 关键字")
# 检查会话数量
lines = [l for l in result.stdout.strip().split('\n') if l.strip() and not l.startswith(' ')]
if len(lines) > 1:
print(f" ⚠ 检测到 {len(lines)-1} 个会话(可能有多用户)")
return True
except FileNotFoundError:
print(f" ✗ query 命令不存在(仅在 Windows 上可用)")
return False
except Exception as e:
print(f" ✗ 执行失败:{e}")
return False
def check_registry():
"""检查注册表"""
print_header("3. 注册表检查")
try:
import winreg
# 检查 Terminal Server 设置
try:
key = winreg.OpenKey(
winreg.HKEY_LOCAL_MACHINE,
r"SYSTEM\CurrentControlSet\Control\Terminal Server"
)
try:
val, _ = winreg.QueryValueEx(key, "fDenyTSConnections")
if val == 0:
print(f" ✓ 终端服务已启用")
else:
print(f" ⚠ 终端服务被禁用")
except:
print(f" ⚠ 无法读取 fDenyTSConnections")
winreg.CloseKey(key)
except Exception as e:
print(f" ⚠ Terminal Server 键值访问失败:{e}")
# 检查当前会话
try:
key = winreg.OpenKey(
winreg.HKEY_CURRENT_USER,
r"Volatile Environment"
)
print(f" ✓ 当前用户环境键可访问")
winreg.CloseKey(key)
except:
print(f" ⚠ 当前用户环境键访问失败")
return True
except ImportError:
print(f" ⚠ winreg 模块不可用(非 Windows 系统?)")
return False
except Exception as e:
print(f" ✗ 检查失败:{e}")
return False
def check_network():
"""检查网络连接"""
print_header("4. 网络连接检查")
try:
result = subprocess.run(
['netstat', '-an'],
capture_output=True,
text=True,
shell=True,
timeout=5
)
output_lower = result.stdout.lower()
# 检查 RDP 端口 3389
if '3389' in output_lower:
print(f" ✓ 检测到 RDP 端口 (3389) 活动")
# 统计连接数
lines = output_lower.split('\n')
rdp_connections = [l for l in lines if '3389' in l and 'established' in l]
if rdp_connections:
print(f" ✓ 发现 {len(rdp_connections)} 个 RDP 连接:")
for conn in rdp_connections[:5]: # 最多显示 5 个
print(f" {conn.strip()}")
else:
print(f" ⚠ 未检测到 RDP 端口 (3389) 活动")
return True
except Exception as e:
print(f" ✗ 检查失败:{e}")
return False
def main():
print("\n")
print("" + "" * 58 + "")
print("" + " " * 15 + "RDP 连接检测诊断工具" + " " * 15 + "")
print("" + "" * 58 + "")
print(f"\n 计算机名:{os.environ.get('COMPUTERNAME', 'Unknown')}")
print(f" 用户名:{os.environ.get('USERNAME', 'Unknown')}")
print(f" 时间:{subprocess.run(['date'], capture_output=True, text=True, shell=True).stdout.strip()}")
# 执行各项检查
env_result = check_environment_variables()
query_result = check_query_user()
registry_result = check_registry()
network_result = check_network()
# 总结
print_header("诊断总结")
if env_result:
print(" ✓ 环境变量检测到 RDP 会话")
print("\n 建议:程序应该能检测到 RDP 连接")
elif query_result:
print(" ⚠ 环境变量未检测到,但 query user 可能有信息")
print("\n 建议:检查 query user 输出中的 RDP/TCP 关键字")
else:
print(" ✗ 未检测到 RDP 会话特征")
print("\n 可能原因:")
print(" 1. 当前是本地登录,不是 RDP 远程连接")
print(" 2. RDP 连接已断开")
print(" 3. 终端服务被禁用")
print(" 4. 使用了其他远程工具(如 TeamViewer、AnyDesk")
print("\n 测试完成!")
print("\n")
# 返回结果
if env_result or query_result:
sys.exit(0) # 检测到 RDP
else:
sys.exit(1) # 未检测到 RDP
if __name__ == '__main__':
main()

144
Test/Scripts/test_rdp_disconnect.py Normal file
View File

@@ -0,0 +1,144 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
RDP 断开检测测试工具
专门测试 RDP 断开后的检测逻辑
"""
import subprocess
import os
def check_query_user():
"""检查 query user 输出"""
print("\n" + "=" * 60)
print(" query user 命令输出")
print("=" * 60)
try:
result = subprocess.run(
['query', 'user'],
capture_output=True,
text=True,
shell=True,
timeout=5
)
print(f"\n{result.stdout}")
if result.stderr:
print(f"错误:{result.stderr}")
# 详细分析
print("\n" + "=" * 60)
print(" 详细分析")
print("=" * 60)
lines = result.stdout.strip().split('\n')
for i, line in enumerate(lines):
line_stripped = line.strip()
line_lower = line_stripped.lower()
if not line_stripped:
continue
print(f"\n{i+1} 行:{line_stripped}")
# 检查标记
markers = []
if '>' in line_stripped:
markers.append("✓ 当前会话")
if 'rdp' in line_lower:
markers.append("RDP 连接")
if 'tcp' in line_lower:
markers.append("TCP 连接")
if 'active' in line_lower:
markers.append("活跃状态")
if 'disc' in line_lower:
markers.append("已断开")
if 'Console' in line_stripped or 'console' in line_lower:
markers.append("控制台")
if markers:
print(f" 标记:{', '.join(markers)}")
# 判断
if '>' in line_stripped:
if 'active' in line_lower and ('rdp' in line_lower or 'tcp' in line_lower):
print(f" → 结论:当前是活跃的 RDP 连接")
elif 'disc' in line_lower and ('rdp' in line_lower or 'tcp' in line_lower):
print(f" → 结论RDP 已断开,应恢复本地音量")
elif 'Console' in line_stripped:
print(f" → 结论:本地控制台会话")
else:
print(f" → 结论:未知状态")
return True
except FileNotFoundError:
print("✗ query 命令不存在(仅在 Windows 上可用)")
return False
except Exception as e:
print(f"✗ 执行失败:{e}")
return False
def check_sessionname():
"""检查 SESSIONNAME 环境变量"""
print("\n" + "=" * 60)
print(" 环境变量检查")
print("=" * 60)
session_name = os.environ.get('SESSIONNAME', '(未设置)')
username = os.environ.get('USERNAME', '(未设置)')
print(f"\nSESSIONNAME: {session_name}")
print(f"USERNAME: {username}")
if session_name.startswith('RDP'):
print(f"\n⚠ SESSIONNAME 以 RDP 开头")
print(f" 但这可能是已断开的会话,需要结合 query user 判断")
elif session_name == 'Console':
print(f"\n✓ SESSIONNAME 是 Console本地会话")
else:
print(f"\n? SESSIONNAME 未知格式")
return session_name
def main():
print("\n")
print("" + "" * 58 + "")
print("" + " " * 12 + "RDP 断开检测诊断工具" + " " * 12 + "")
print("" + "" * 58 + "")
print("\n此工具用于诊断 RDP 断开后的检测问题")
print("适用于:断开 RDP 后程序仍显示远程连接的情况")
# 检查
session_name = check_sessionname()
check_query_user()
# 总结
print("\n" + "=" * 60)
print(" 诊断总结")
print("=" * 60)
print("\n📋 判断规则:")
print(" 1. 当前会话(带 >+ active + RDP/TCP = 活跃远程连接")
print(" 2. 当前会话(带 >+ disc + RDP/TCP = 已断开,应恢复音量")
print(" 3. 当前会话(带 >+ Console = 本地会话")
print(" 4. 无活跃 RDP 会话 = 本地状态")
print("\n💡 如果断开 RDP 后仍显示远程连接:")
print(" - 检查是否有 'disc' 标记被误判为 'active'")
print(" - 检查是否有多个会话(一个断开 + 一个活跃)")
print(" - 查看上方详细分析,确认哪一行被判定为远程")
print("\n✅ 测试完成!")
print("\n")
if __name__ == '__main__':
main()