HRESULT GetInputParameters(__in IWbemServices* pSvc, __in PCWSTR pClassName, __in PCWSTR pMethodName, __out IWbemClassObject** ppInParams) { HRESULT hr; IWbemClassObject* pClass = NULL; IWbemClassObject* pInParamsDefinition = NULL; IWbemClassObject* pInParamsLocal = NULL; hr = pSvc->GetObject(_bstr_t(pClassName), 0, NULL, &pClass, NULL); if(HB_FAILED(hr)) { goto cleanexit; } hr = pClass->GetMethod(_bstr_t(pMethodName), 0, &pInParamsDefinition, NULL); if(HB_FAILED(hr)) { goto cleanexit; } hr = pInParamsDefinition->SpawnInstance(0, &pInParamsLocal); if(HB_FAILED(hr)) { goto cleanexit; } *ppInParams = pInParamsLocal; pInParamsLocal = NULL; cleanexit: HB_SAFE_RELEASE(pClass); HB_SAFE_RELEASE(pInParamsDefinition); HB_SAFE_RELEASE(pInParamsLocal); return hr; }
int main(int iArgCnt, char ** argv) { IWbemLocator *pLocator = NULL; IWbemServices *pNamespace = 0; IWbemClassObject * pClass = NULL; IWbemClassObject * pOutInst = NULL; IWbemClassObject * pInClass = NULL; IWbemClassObject * pInInst = NULL; BSTR Text = NULL; HRESULT hr = S_OK; BSTR path = SysAllocString(L"root\\default"); BSTR ClassPath = SysAllocString(L"MethProvSamp"); BSTR MethodName = SysAllocString(L"Echo"); BSTR ArgName = SysAllocString(L"sInArg"); if (!path || ! ClassPath || !MethodName || ! ArgName) { printf("SysAllocString failed. Out of memory.\n"); goto cleanup; } // Initialize COM and connect up to CIMOM hr = CoInitialize(0); if (FAILED(hr)) { printf("CoInitialize returned 0x%x:", hr); goto cleanup; } // NOTE: // When using asynchronous WMI API's remotely in an environment where the "Local System" account // has no network identity (such as non-Kerberos domains), the authentication level of // RPC_C_AUTHN_LEVEL_NONE is needed. However, lowering the authentication level to // RPC_C_AUTHN_LEVEL_NONE makes your application less secure. It is wise to // use semi-synchronous API's for accessing WMI data and events instead of the asynchronous ones. hr = CoInitializeSecurity ( NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_SECURE_REFS, //change to EOAC_NONE if you change dwAuthnLevel to RPC_C_AUTHN_LEVEL_NONE NULL ); if (FAILED(hr)) { printf("CoInitializeSecurity returned 0x%x:", hr); goto cleanup; } hr = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &pLocator); if (FAILED(hr)) { printf("CoCreateInstance returned 0x%x:", hr); goto cleanup; } hr = pLocator->ConnectServer(path, NULL, NULL, NULL, 0, NULL, NULL, &pNamespace); printf("\n\nConnectServer returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Get the class object hr = pNamespace->GetObject(ClassPath, 0, NULL, &pClass, NULL); printf("\nGetObject returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Get the input argument and set the property hr = pClass->GetMethod(MethodName, 0, &pInClass, NULL); printf("\nGetMethod returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; hr = pInClass->SpawnInstance(0, &pInInst); printf("\nSpawnInstance returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; VARIANT var; var.vt = VT_BSTR; var.bstrVal= SysAllocString(L"hello"); if (var.bstrVal == NULL) goto cleanup; hr = pInInst->Put(ArgName, 0, &var, 0); VariantClear(&var); // Call the method hr = pNamespace->ExecMethod(ClassPath, MethodName, 0, NULL, pInInst, &pOutInst, NULL); printf("\nExecMethod returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Display the results. hr = pOutInst->GetObjectText(0, &Text); if(hr != WBEM_S_NO_ERROR) goto cleanup; printf("\n\nThe object text of the output object is:\n%S", Text); printf("Terminating normally\n"); // Free up resources cleanup: SysFreeString(path); SysFreeString(ClassPath); SysFreeString(MethodName); SysFreeString(ArgName); SysFreeString(Text); if (pClass) pClass->Release(); if (pInInst) pInInst->Release(); if (pInClass) pInClass->Release(); if (pOutInst) pOutInst->Release(); if (pLocator) pLocator->Release(); if (pNamespace) pNamespace->Release(); CoUninitialize(); return 0; }
bool StoreSD(IWbemServices * pSession, PSECURITY_DESCRIPTOR pSD) { bool bRet = false; HRESULT hr; if (!IsValidSecurityDescriptor(pSD)) return false; // Get the class object IWbemClassObject * pClass = NULL; _bstr_t InstPath(L"__systemsecurity=@"); _bstr_t ClassPath(L"__systemsecurity"); hr = pSession->GetObject(ClassPath, 0, NULL, &pClass, NULL); if(FAILED(hr)) return false; // Get the input parameter class _bstr_t MethName(L"SetSD"); IWbemClassObject * pInClassSig = NULL; hr = pClass->GetMethod(MethName,0, &pInClassSig, NULL); pClass->Release(); if(FAILED(hr)) return false; // spawn an instance of the input parameter class IWbemClassObject * pInArg = NULL; pInClassSig->SpawnInstance(0, &pInArg); pInClassSig->Release(); if(FAILED(hr)) return false; // move the SD into a variant. SAFEARRAY FAR* psa; SAFEARRAYBOUND rgsabound[1]; rgsabound[0].lLbound = 0; long lSize = GetSecurityDescriptorLength(pSD); rgsabound[0].cElements = lSize; psa = SafeArrayCreate( VT_UI1, 1 , rgsabound ); if(psa == NULL) { pInArg->Release(); return false; } char * pData = NULL; hr = SafeArrayAccessData(psa, (void HUGEP* FAR*)&pData); if(FAILED(hr)) { pInArg->Release(); return false; } memcpy(pData, pSD, lSize); SafeArrayUnaccessData(psa); _variant_t var; var.vt = VT_I4|VT_ARRAY; var.parray = psa; // put the property hr = pInArg->Put(L"SD" , 0, &var, 0); if(FAILED(hr)) { pInArg->Release(); return false; } // Execute the method IWbemClassObject * pOutParams = NULL; hr = pSession->ExecMethod(InstPath, MethName, 0, NULL, pInArg, NULL, NULL); if(FAILED(hr)) printf("\nPut failed, returned 0x%x",hr); return bRet; }
////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Description : // Sends WMI command to target after logging on. ////////////////////////////////////////////////////////////////////////////////////////////////////////////// DWORD startWMICommand(char* command, char* target, char* username, char* password) { HRESULT hres; IWbemLocator *pLoc = NULL; IWbemServices *pSvc = NULL; COAUTHIDENTITY *userAcct = NULL ; COAUTHIDENTITY authIdent; char* serverWMIA; PWCHAR serverWMIW; PWCHAR usernameW; PWCHAR commandW; PWCHAR passwordW; WCHAR pszDomain[CREDUI_MAX_USERNAME_LENGTH+1]; WCHAR pszUserName[CREDUI_MAX_USERNAME_LENGTH+1]; PWCHAR slash; int len = 0; // WCHAR len = strlen(target)+12; serverWMIA = (char*)malloc(sizeof(char)*(len)); strcpy_s(serverWMIA, len, target); strcat_s(serverWMIA, len, "\\ROOT\\CIMV2"); len = MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,NULL,0); serverWMIW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,serverWMIW,len); free(serverWMIA); len = MultiByteToWideChar(CP_ACP,0,username,-1,NULL,0); usernameW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,username,-1,usernameW,len); len = MultiByteToWideChar(CP_ACP,0,password,-1,NULL,0); passwordW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,password,-1,passwordW,len); len = MultiByteToWideChar(CP_ACP,0,command,-1,NULL,0); commandW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,command,-1,commandW,len); hres = CoInitializeEx(0, COINIT_MULTITHREADED); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); return -1; } hres = CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,RPC_C_IMP_LEVEL_IDENTIFY,NULL,EOAC_NONE,NULL); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); CoUninitialize(); return -1; } hres = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator, (LPVOID *) &pLoc); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); CoUninitialize(); return -1; } //WMI connection hres = pLoc->ConnectServer(_bstr_t(serverWMIW),_bstr_t(usernameW),_bstr_t(passwordW),NULL,NULL,NULL,NULL,&pSvc); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pLoc->Release(); CoUninitialize(); return -1; } //Set ProxyBlanket options memset(&authIdent, 0, sizeof(COAUTHIDENTITY)); authIdent.PasswordLength = wcslen (passwordW); authIdent.Password = (USHORT*)passwordW; slash = wcschr (usernameW, L'\\'); if(slash == NULL) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } wcscpy_s(pszUserName,CREDUI_MAX_USERNAME_LENGTH+1, slash+1); authIdent.User = (USHORT*)pszUserName; authIdent.UserLength = wcslen(pszUserName); wcsncpy_s(pszDomain, CREDUI_MAX_USERNAME_LENGTH+1, usernameW, slash - usernameW); authIdent.Domain = (USHORT*)pszDomain; authIdent.DomainLength = slash - usernameW; authIdent.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; userAcct = &authIdent; //Set the ProxyBlanket hres = CoSetProxyBlanket(pSvc,RPC_C_AUTHN_DEFAULT,RPC_C_AUTHZ_DEFAULT,COLE_DEFAULT_PRINCIPAL,RPC_C_AUTHN_LEVEL_PKT_PRIVACY,RPC_C_IMP_LEVEL_IMPERSONATE,userAcct,EOAC_NONE); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } BSTR MethodName = SysAllocString(L"Create"); BSTR ClassName = SysAllocString(L"Win32_Process"); IWbemClassObject* pClass = NULL; hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL); IWbemClassObject* pInParamsDefinition = NULL; hres = pClass->GetMethod(MethodName, 0, &pInParamsDefinition, NULL); IWbemClassObject* pClassInstance = NULL; hres = pInParamsDefinition->SpawnInstance(0, &pClassInstance); // Create the values for the "in" parameters VARIANT varCommand; varCommand.vt = VT_BSTR; varCommand.bstrVal = BSTR(commandW); // Store the value for the "in" parameters hres = pClassInstance->Put(L"CommandLine", 0, &varCommand, 0); // Execute Method IWbemClassObject* pOutParams = NULL; hres = pSvc->ExecMethod(ClassName, MethodName, 0, NULL, pClassInstance, &pOutParams, NULL); if (FAILED(hres)) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); VariantClear(&varCommand); SysFreeString(ClassName); SysFreeString(MethodName); pClass->Release(); pInParamsDefinition->Release(); pOutParams->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); SecureZeroMemory(pszUserName, sizeof(pszUserName)); SecureZeroMemory(pszDomain, sizeof(pszDomain)); VariantClear(&varCommand); SysFreeString(ClassName); SysFreeString(MethodName); pClass->Release(); pInParamsDefinition->Release(); pOutParams->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return 0; }