Re: Remotely execute programs/exe

---

• From: Gerry Hickman <gerry666uk@xxxxxxxxxxxxxxxx>
• Date: Fri, 29 Sep 2006 11:42:01 +0100

---

Hi,

Starting a program on the target machine is easy using Win32_Process.Create() but talking to that program from the calling machine is not so easy, and note also that the program you start will not have access to any network resources (unless you set the whole thing up with that in mind). You may also have trouble getting the Exit code of the program you started and would have to set up polling or an Event sink to find out when it ends.

tasleem wrote:

i had checked the vbs file it was not working now i will check the c++ code thanks for giving me the time.

"SSN" wrote:

C++ code to run cmd.exe remotely .. may be this will help u..


BOOL CreateRemoteDirectory( _bstr_t pstrDirName ,
_bstr_t pstrUser,
_bstr_t pstrPwd,
_bstr_t pstrDomain,
_bstr_t pstrWorkStation )
{
// DCOM Initialize..
HRESULT hRes = S_FALSE;
hRes = CoInitializeEx(0, COINIT_MULTITHREADED);

if(FAILED(hRes))
{
WriteLog(_T("Failed to initialize COM library. Error code = 0x%X") ,
hRes);
return 0;
}

if(! bGlobal )
{
hRes = CoInitializeSecurity( NULL , // Security descriptor
-1, // COM negotiates authentication service
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication level for
proxies
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation level for
proxies
NULL, // Authentication info
EOAC_NONE, // Additional capabilities of the client or server
NULL // Reserved
);


if (FAILED(hRes))
{
WriteLog(_T("Failed to initialize security. Error code = 0x%X") ,
hRes);
CoUninitialize();
return hRes;
}
bGlobal = true;
}

// To create a connection to a WMI namespace Initialize the
IWbemLocator
// interface through a call to CoCreateInstance
IWbemLocator *pLoc = 0;
hRes = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *) &pLoc);
if (FAILED(hRes))
{

WriteLog(_T("Failed to create IWbemLocator object. Err code =
0x%X") ,hRes);
CoUninitialize();
return 0; // Program has failed.
}

_bstr_t strNetworkResource = _T("\\\\");
strNetworkResource += pstrWorkStation;
strNetworkResource += _T("\\ROOT\\CIMV2");

_bstr_t strUser = _T("");
strUser += pstrDomain;
strUser += _T("\\");
strUser += pstrUser;

/**
* Format specification to give parameter values.
*
........................................................................................................
* _bstr_t(L"\\\\RTR\\ROOT\\CIMV2"), // WMI namespace (remote
Instance)
* _bstr_t(L"workgroup\\administrator"), // User name
* _bstr_t(L"fiscindia"), // User password
* NULL,NULL, // No Need of username & Password for Local
machine
*
........................................................................................................
**/

// Connect to the root\default namespace with the given user.
// Connect to WMI through a call to the IWbemLocator::ConnectServer
method.
IWbemServices *pSvc = 0;
hRes = pLoc->ConnectServer(
strNetworkResource , // WMI namespace
strUser, // User name
pstrPwd, // User password
0, // Locale
NULL, // Security flags
0, // Authority
0, // Context object
&pSvc // IWbemServices proxy
);

if (FAILED(hRes))
{
WriteLog(_T("Could not connect. Error code = 0x%X") ,hRes);
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}

WriteLog(_T("Connected cimv2 WMI namespace") );

/* After you retrieve a pointer to an IWbemServices proxy, you must
set the
security on the proxy to access WMI through the proxy. You must set
the
security because the IWbemServices proxy grants access to an out-of
process
object. In general, COM security does not allow one process to
access another
process if you do not set the proper security properties. For more
information,
see Setting the Security on IWbemServices and Other Proxies.
Connections to
different operating systems require varying levels of
authentication and
impersonation.

To set the security levels on a WMI connection,
Set the security levels on the IWbemServices proxy with a call to
CoSetProxyBlanket
*/

// Set the proxy so that impersonation of the client occurs.
SEC_WINNT_AUTH_IDENTITY_W* pAuthIdentity = new
SEC_WINNT_AUTH_IDENTITY_W;
ZeroMemory(pAuthIdentity, sizeof(SEC_WINNT_AUTH_IDENTITY_W));

pAuthIdentity->User = new WCHAR[32];
wcscpy(pAuthIdentity->User , pstrUser );
pAuthIdentity->UserLength = wcslen(pAuthIdentity->User);

pAuthIdentity->Domain = new WCHAR[32];
wcscpy(pAuthIdentity->Domain, pstrDomain );
pAuthIdentity->DomainLength = wcslen(pAuthIdentity->Domain);

pAuthIdentity->Password = new WCHAR[32];
wcscpy(pAuthIdentity->Password, pstrPwd );
pAuthIdentity->PasswordLength = wcslen(pAuthIdentity->Password);

pAuthIdentity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;


hRes = CoSetProxyBlanket(pSvc,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHZ_NONE,
NULL,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,
pAuthIdentity,
EOAC_NONE
);

if (FAILED(hRes))
{
WriteLog(_T("Could not set proxy blanket. Error code = 0x%X") , hRes
);
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0;
}

IWbemClassObject * pClass = NULL;
IWbemClassObject * pInClass = NULL;
IWbemClassObject * pInInst = NULL;
IWbemClassObject * pOutInst = NULL;

// Get the class object for the Share operation
hRes = pSvc->GetObject(_bstr_t(L"Win32_Process"), 0, NULL, &pClass,
NULL);
if (FAILED(hRes))
{
WriteLog(_T("Get Object Win32_Share Failed.. Error code = 0x%X") ,
hRes );
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}


hRes = pClass->GetMethod(_bstr_t(L"Create"), 0, &pInClass, NULL);
if (FAILED(hRes))
{
WriteLog(_T("Create Win32_Share Failed.. Error code = 0x%X") , hRes
);
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
hRes = pInClass->SpawnInstance(0, &pInInst);
if (FAILED(hRes))
{
WriteLog(_T("Create Win32_Share Object spawn Failed.. Error code =
0x%X") , hRes );
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}

// Set the properties .
VARIANT var;
var.vt = VT_BSTR;
var.bstrVal= L"cmd.exe /c md c:\\A1";

hRes = pInInst->Put(_bstr_t(L"CommandLine"), 0, &var, 0);
if (FAILED(hRes))
{
WriteLog(_T("Failed to set the property Path. Error code = 0x%X") ,
hRes );
pInInst->Release();
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}

VariantClear(&var);

// Call the method.
hRes = pSvc->ExecMethod( _bstr_t(L"Win32_Process"),
_bstr_t(L"Create"),
0, NULL,
pInInst,
&pOutInst,
NULL);
if (FAILED(hRes))
{
WriteLog(_T("Failed to Call the method create on Win32_Share. Error
code = 0x%X") , hRes );
pInInst->Release();
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}


// Display the results. Note that the return value is in the
// property "ReturnValue" and the returned string is in the
// property "sOutArg".
BSTR Text;
hRes = pOutInst->GetObjectText(0, &Text);
if (FAILED(hRes))
WriteLog(_T("Failed to get Object Text (return value). Error code =
0x%X") , hRes );
else
WriteLog(_T("Success fully called create The return object text
is:%s"), _com_util::ConvertBSTRToString(Text));


WriteLog(_T("Successfully created Folder "));
pOutInst->Release();
pInInst->Release();
pInClass->Release();
pClass->Release();

delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;

--
Gerry Hickman (London UK)
.

---

• References:
  • Re: Remotely execute programs/exe
    • From: tasleem
  • Re: Remotely execute programs/exe
    • From: SSN
  • Re: Remotely execute programs/exe
    • From: tasleem

• Prev by Date: Re: WMI CopyFolder functionality in C++
• Next by Date: Re: Updated: Error on Win2K Server
• Previous by thread: Re: Remotely execute programs/exe
• Next by thread: Re: WMI CopyFolder functionality in C++
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: WMI CopyFolder functionality in C++ ... HRESULT hRes = S_FALSE; ... /* After you retrieve a pointer to an IWbemServices proxy, ... security on the proxy to access WMI through the proxy. ... delete pAuthIdentity; ... (microsoft.public.win32.programmer.wmi) Re: Remotely execute programs/exe ... HRESULT hRes = S_FALSE; ... /* After you retrieve a pointer to an IWbemServices proxy, ... security on the proxy to access WMI through the proxy. ... delete pAuthIdentity; ... (microsoft.public.win32.programmer.wmi) Re: Remotely execute programs/exe ... HRESULT hRes = S_FALSE; ... security on the proxy to access WMI through the proxy. ... delete pAuthIdentity; ... Dim strComputer ... (microsoft.public.win32.programmer.wmi) Re: WMI CopyFolder functionality in C++ ... HRESULT hRes = S_FALSE; ... /* After you retrieve a pointer to an IWbemServices proxy, ... security on the proxy to access WMI through the proxy. ... delete pAuthIdentity; ... (microsoft.public.win32.programmer.wmi)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.win32.programmer.wmi  > 2006-10