Re: Remotely execute programs/exe
- From: "SSN" <shaji.s.nair@xxxxxxxxx>
- Date: 28 Sep 2006 23:42:55 -0700
C++ code to run cmd.exe remotely .. may be this will help u..
BOOL CreateRemoteDirectory( _bstr_t pstrDirName ,
_bstr_t pstrUser,
_bstr_t pstrPwd,
_bstr_t pstrDomain,
_bstr_t pstrWorkStation )
{
// DCOM Initialize..
HRESULT hRes = S_FALSE;
hRes = CoInitializeEx(0, COINIT_MULTITHREADED);
if(FAILED(hRes))
{
WriteLog(_T("Failed to initialize COM library. Error code = 0x%X") ,
hRes);
return 0;
}
if(! bGlobal )
{
hRes = CoInitializeSecurity( NULL , // Security descriptor
-1, // COM negotiates authentication service
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication level for
proxies
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation level for
proxies
NULL, // Authentication info
EOAC_NONE, // Additional capabilities of the client or server
NULL // Reserved
);
if (FAILED(hRes))
{
WriteLog(_T("Failed to initialize security. Error code = 0x%X") ,
hRes);
CoUninitialize();
return hRes;
}
bGlobal = true;
}
// To create a connection to a WMI namespace Initialize the
IWbemLocator
// interface through a call to CoCreateInstance
IWbemLocator *pLoc = 0;
hRes = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *) &pLoc);
if (FAILED(hRes))
{
WriteLog(_T("Failed to create IWbemLocator object. Err code =
0x%X") ,hRes);
CoUninitialize();
return 0; // Program has failed.
}
_bstr_t strNetworkResource = _T("\\\\");
strNetworkResource += pstrWorkStation;
strNetworkResource += _T("\\ROOT\\CIMV2");
_bstr_t strUser = _T("");
strUser += pstrDomain;
strUser += _T("\\");
strUser += pstrUser;
/**
* Format specification to give parameter values.
*
........................................................................................................
* _bstr_t(L"\\\\RTR\\ROOT\\CIMV2"), // WMI namespace (remote
Instance)
* _bstr_t(L"workgroup\\administrator"), // User name
* _bstr_t(L"fiscindia"), // User password
* NULL,NULL, // No Need of username & Password for Local
machine
*
........................................................................................................
**/
// Connect to the root\default namespace with the given user.
// Connect to WMI through a call to the IWbemLocator::ConnectServer
method.
IWbemServices *pSvc = 0;
hRes = pLoc->ConnectServer(
strNetworkResource , // WMI namespace
strUser, // User name
pstrPwd, // User password
0, // Locale
NULL, // Security flags
0, // Authority
0, // Context object
&pSvc // IWbemServices proxy
);
if (FAILED(hRes))
{
WriteLog(_T("Could not connect. Error code = 0x%X") ,hRes);
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
WriteLog(_T("Connected cimv2 WMI namespace") );
/* After you retrieve a pointer to an IWbemServices proxy, you must
set the
security on the proxy to access WMI through the proxy. You must set
the
security because the IWbemServices proxy grants access to an out-of
process
object. In general, COM security does not allow one process to
access another
process if you do not set the proper security properties. For more
information,
see Setting the Security on IWbemServices and Other Proxies.
Connections to
different operating systems require varying levels of
authentication and
impersonation.
To set the security levels on a WMI connection,
Set the security levels on the IWbemServices proxy with a call to
CoSetProxyBlanket
*/
// Set the proxy so that impersonation of the client occurs.
SEC_WINNT_AUTH_IDENTITY_W* pAuthIdentity = new
SEC_WINNT_AUTH_IDENTITY_W;
ZeroMemory(pAuthIdentity, sizeof(SEC_WINNT_AUTH_IDENTITY_W));
pAuthIdentity->User = new WCHAR[32];
wcscpy(pAuthIdentity->User , pstrUser );
pAuthIdentity->UserLength = wcslen(pAuthIdentity->User);
pAuthIdentity->Domain = new WCHAR[32];
wcscpy(pAuthIdentity->Domain, pstrDomain );
pAuthIdentity->DomainLength = wcslen(pAuthIdentity->Domain);
pAuthIdentity->Password = new WCHAR[32];
wcscpy(pAuthIdentity->Password, pstrPwd );
pAuthIdentity->PasswordLength = wcslen(pAuthIdentity->Password);
pAuthIdentity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
hRes = CoSetProxyBlanket(pSvc,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHZ_NONE,
NULL,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,
pAuthIdentity,
EOAC_NONE
);
if (FAILED(hRes))
{
WriteLog(_T("Could not set proxy blanket. Error code = 0x%X") , hRes
);
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0;
}
IWbemClassObject * pClass = NULL;
IWbemClassObject * pInClass = NULL;
IWbemClassObject * pInInst = NULL;
IWbemClassObject * pOutInst = NULL;
// Get the class object for the Share operation
hRes = pSvc->GetObject(_bstr_t(L"Win32_Process"), 0, NULL, &pClass,
NULL);
if (FAILED(hRes))
{
WriteLog(_T("Get Object Win32_Share Failed.. Error code = 0x%X") ,
hRes );
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
hRes = pClass->GetMethod(_bstr_t(L"Create"), 0, &pInClass, NULL);
if (FAILED(hRes))
{
WriteLog(_T("Create Win32_Share Failed.. Error code = 0x%X") , hRes
);
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
hRes = pInClass->SpawnInstance(0, &pInInst);
if (FAILED(hRes))
{
WriteLog(_T("Create Win32_Share Object spawn Failed.. Error code =
0x%X") , hRes );
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
// Set the properties .
VARIANT var;
var.vt = VT_BSTR;
var.bstrVal= L"cmd.exe /c md c:\\A1";
hRes = pInInst->Put(_bstr_t(L"CommandLine"), 0, &var, 0);
if (FAILED(hRes))
{
WriteLog(_T("Failed to set the property Path. Error code = 0x%X") ,
hRes );
pInInst->Release();
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
VariantClear(&var);
// Call the method.
hRes = pSvc->ExecMethod( _bstr_t(L"Win32_Process"),
_bstr_t(L"Create"),
0, NULL,
pInInst,
&pOutInst,
NULL);
if (FAILED(hRes))
{
WriteLog(_T("Failed to Call the method create on Win32_Share. Error
code = 0x%X") , hRes );
pInInst->Release();
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0; // Program has failed.
}
// Display the results. Note that the return value is in the
// property "ReturnValue" and the returned string is in the
// property "sOutArg".
BSTR Text;
hRes = pOutInst->GetObjectText(0, &Text);
if (FAILED(hRes))
WriteLog(_T("Failed to get Object Text (return value). Error code =
0x%X") , hRes );
else
WriteLog(_T("Success fully called create The return object text
is:%s"), _com_util::ConvertBSTRToString(Text));
WriteLog(_T("Successfully created Folder "));
pOutInst->Release();
pInInst->Release();
pInClass->Release();
pClass->Release();
delete [] pAuthIdentity->User;
delete [] pAuthIdentity->Domain;
delete [] pAuthIdentity->Password;
delete pAuthIdentity;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1;
}
tasleem wrote:
can it not be done in the c++,any ways thanks for ur answer.
"Richard Mueller" wrote:
"tasleem" <tasleem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:19492D8A-8A01-4501-8E73-C2EEA0788F11@xxxxxxxxxxxxxxxx
hi all i want that my executable should execute on other computer through
the
WMI,i had searched a lot on that but no such example that execute the
programs on others computer on LAN,
There were examples of WQL that tells how many process r running on other
computer etc not the specific example whichi want. thanks in advance
what i want is take the file path and execute that file on other computer
to
which i give the ip/name in connectoserver function of iweblocator.
Hi,
I've used VBScript code similar to below. This example runs explorer.exe,
which is assumed to be on the path. This connects by computer NetBIOS name,
but you can substitute IP address.
=======
Option Explicit
Dim strComputer
Dim strUser
Dim strPassword
Dim objSWbemLocator
Dim objSWbemServices
Dim objProcess
Dim intReturnCode
strComputer = InputBox("Enter remove computer name", "RunRemote")
strUser = InputBox("Enter user name on remote computer", "RunRemote")
strPassword = InputBox("Enter password", "RunRemote")
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer _
(strComputer, "root\cimv2", strUser, strPassword)
Set objProcess = objSWbemServices.Get("Win32_Process")
intReturnCode = objProcess.Create("explorer.exe")
If (intReturnCode <> 0) Then
Call MsgBox("Failed to start Explorer")
Else
Call MsgBox("Explorer started on remote computer")
End If
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
.
- Follow-Ups:
- Re: Remotely execute programs/exe
- From: tasleem
- Re: Remotely execute programs/exe
- References:
- Re: Remotely execute programs/exe
- From: tasleem
- Re: Remotely execute programs/exe
- Prev by Date: Re: WMI CopyFolder functionality in C++
- Next by Date: Re: WMI call across domain fails.
- Previous by thread: Re: Remotely execute programs/exe
- Next by thread: Re: Remotely execute programs/exe
- Index(es):
Relevant Pages
|
Loading
