HRESULT GetInputParameters(__in IWbemServices* pSvc, __in PCWSTR pClassName, __in PCWSTR pMethodName, __out IWbemClassObject** ppInParams)
{
HRESULT hr;
IWbemClassObject* pClass = NULL;
IWbemClassObject* pInParamsDefinition = NULL;
IWbemClassObject* pInParamsLocal = NULL;
hr = pSvc->GetObject(_bstr_t(pClassName),
0,
NULL,
&pClass,
NULL);
if(HB_FAILED(hr)) {
goto cleanexit;
}
hr = pClass->GetMethod(_bstr_t(pMethodName),
0,
&pInParamsDefinition,
NULL);
if(HB_FAILED(hr)) {
goto cleanexit;
}
hr = pInParamsDefinition->SpawnInstance(0, &pInParamsLocal);
if(HB_FAILED(hr)) {
goto cleanexit;
}
*ppInParams = pInParamsLocal;
pInParamsLocal = NULL;
cleanexit:
HB_SAFE_RELEASE(pClass);
HB_SAFE_RELEASE(pInParamsDefinition);
HB_SAFE_RELEASE(pInParamsLocal);
return hr;
}
int main(int iArgCnt, char ** argv)
{
IWbemLocator *pLocator = NULL;
IWbemServices *pNamespace = 0;
IWbemClassObject * pClass = NULL;
IWbemClassObject * pOutInst = NULL;
IWbemClassObject * pInClass = NULL;
IWbemClassObject * pInInst = NULL;
BSTR Text = NULL;
HRESULT hr = S_OK;
BSTR path = SysAllocString(L"root\\default");
BSTR ClassPath = SysAllocString(L"MethProvSamp");
BSTR MethodName = SysAllocString(L"Echo");
BSTR ArgName = SysAllocString(L"sInArg");
if (!path || ! ClassPath || !MethodName || ! ArgName)
{
printf("SysAllocString failed. Out of memory.\n");
goto cleanup;
}
// Initialize COM and connect up to CIMOM
hr = CoInitialize(0);
if (FAILED(hr))
{
printf("CoInitialize returned 0x%x:", hr);
goto cleanup;
}
// NOTE:
// When using asynchronous WMI API's remotely in an environment where the "Local System" account
// has no network identity (such as non-Kerberos domains), the authentication level of
// RPC_C_AUTHN_LEVEL_NONE is needed. However, lowering the authentication level to
// RPC_C_AUTHN_LEVEL_NONE makes your application less secure. It is wise to
// use semi-synchronous API's for accessing WMI data and events instead of the asynchronous ones.
hr = CoInitializeSecurity ( NULL, -1, NULL, NULL,
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_SECURE_REFS, //change to EOAC_NONE if you change dwAuthnLevel to RPC_C_AUTHN_LEVEL_NONE
NULL );
if (FAILED(hr))
{
printf("CoInitializeSecurity returned 0x%x:", hr);
goto cleanup;
}
hr = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *) &pLocator);
if (FAILED(hr))
{
printf("CoCreateInstance returned 0x%x:", hr);
goto cleanup;
}
hr = pLocator->ConnectServer(path, NULL, NULL, NULL, 0, NULL, NULL, &pNamespace);
printf("\n\nConnectServer returned 0x%x:", hr);
if(hr != WBEM_S_NO_ERROR)
goto cleanup;
// Get the class object
hr = pNamespace->GetObject(ClassPath, 0, NULL, &pClass, NULL);
printf("\nGetObject returned 0x%x:", hr);
if(hr != WBEM_S_NO_ERROR)
goto cleanup;
// Get the input argument and set the property
hr = pClass->GetMethod(MethodName, 0, &pInClass, NULL);
printf("\nGetMethod returned 0x%x:", hr);
if(hr != WBEM_S_NO_ERROR)
goto cleanup;
hr = pInClass->SpawnInstance(0, &pInInst);
printf("\nSpawnInstance returned 0x%x:", hr);
if(hr != WBEM_S_NO_ERROR)
goto cleanup;
VARIANT var;
var.vt = VT_BSTR;
var.bstrVal= SysAllocString(L"hello");
if (var.bstrVal == NULL)
goto cleanup;
hr = pInInst->Put(ArgName, 0, &var, 0);
VariantClear(&var);
// Call the method
hr = pNamespace->ExecMethod(ClassPath, MethodName, 0, NULL, pInInst, &pOutInst, NULL);
printf("\nExecMethod returned 0x%x:", hr);
if(hr != WBEM_S_NO_ERROR)
goto cleanup;
// Display the results.
hr = pOutInst->GetObjectText(0, &Text);
if(hr != WBEM_S_NO_ERROR)
goto cleanup;
printf("\n\nThe object text of the output object is:\n%S", Text);
printf("Terminating normally\n");
// Free up resources
cleanup:
SysFreeString(path);
SysFreeString(ClassPath);
SysFreeString(MethodName);
SysFreeString(ArgName);
SysFreeString(Text);
if (pClass)
pClass->Release();
if (pInInst)
pInInst->Release();
if (pInClass)
pInClass->Release();
if (pOutInst)
pOutInst->Release();
if (pLocator)
pLocator->Release();
if (pNamespace)
pNamespace->Release();
CoUninitialize();
return 0;
}
bool StoreSD(IWbemServices * pSession, PSECURITY_DESCRIPTOR pSD)
{
bool bRet = false;
HRESULT hr;
if (!IsValidSecurityDescriptor(pSD))
return false;
// Get the class object
IWbemClassObject * pClass = NULL;
_bstr_t InstPath(L"__systemsecurity=@");
_bstr_t ClassPath(L"__systemsecurity");
hr = pSession->GetObject(ClassPath, 0, NULL, &pClass, NULL);
if(FAILED(hr))
return false;
// Get the input parameter class
_bstr_t MethName(L"SetSD");
IWbemClassObject * pInClassSig = NULL;
hr = pClass->GetMethod(MethName,0, &pInClassSig, NULL);
pClass->Release();
if(FAILED(hr))
return false;
// spawn an instance of the input parameter class
IWbemClassObject * pInArg = NULL;
pInClassSig->SpawnInstance(0, &pInArg);
pInClassSig->Release();
if(FAILED(hr))
return false;
// move the SD into a variant.
SAFEARRAY FAR* psa;
SAFEARRAYBOUND rgsabound[1]; rgsabound[0].lLbound = 0;
long lSize = GetSecurityDescriptorLength(pSD);
rgsabound[0].cElements = lSize;
psa = SafeArrayCreate( VT_UI1, 1 , rgsabound );
if(psa == NULL)
{
pInArg->Release();
return false;
}
char * pData = NULL;
hr = SafeArrayAccessData(psa, (void HUGEP* FAR*)&pData);
if(FAILED(hr))
{
pInArg->Release();
return false;
}
memcpy(pData, pSD, lSize);
SafeArrayUnaccessData(psa);
_variant_t var;
var.vt = VT_I4|VT_ARRAY;
var.parray = psa;
// put the property
hr = pInArg->Put(L"SD" , 0, &var, 0);
if(FAILED(hr))
{
pInArg->Release();
return false;
}
// Execute the method
IWbemClassObject * pOutParams = NULL;
hr = pSession->ExecMethod(InstPath,
MethName,
0,
NULL, pInArg,
NULL, NULL);
if(FAILED(hr))
printf("\nPut failed, returned 0x%x",hr);
return bRet;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Description :
// Sends WMI command to target after logging on.
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
DWORD startWMICommand(char* command, char* target, char* username, char* password)
{
HRESULT hres;
IWbemLocator *pLoc = NULL;
IWbemServices *pSvc = NULL;
COAUTHIDENTITY *userAcct = NULL ;
COAUTHIDENTITY authIdent;
char* serverWMIA;
PWCHAR serverWMIW;
PWCHAR usernameW;
PWCHAR commandW;
PWCHAR passwordW;
WCHAR pszDomain[CREDUI_MAX_USERNAME_LENGTH+1];
WCHAR pszUserName[CREDUI_MAX_USERNAME_LENGTH+1];
PWCHAR slash;
int len = 0;
// WCHAR
len = strlen(target)+12;
serverWMIA = (char*)malloc(sizeof(char)*(len));
strcpy_s(serverWMIA, len, target);
strcat_s(serverWMIA, len, "\\ROOT\\CIMV2");
len = MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,NULL,0);
serverWMIW = (PWCHAR)malloc(sizeof(WCHAR)*len);
MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,serverWMIW,len);
free(serverWMIA);
len = MultiByteToWideChar(CP_ACP,0,username,-1,NULL,0);
usernameW = (PWCHAR)malloc(sizeof(WCHAR)*len);
MultiByteToWideChar(CP_ACP,0,username,-1,usernameW,len);
len = MultiByteToWideChar(CP_ACP,0,password,-1,NULL,0);
passwordW = (PWCHAR)malloc(sizeof(WCHAR)*len);
MultiByteToWideChar(CP_ACP,0,password,-1,passwordW,len);
len = MultiByteToWideChar(CP_ACP,0,command,-1,NULL,0);
commandW = (PWCHAR)malloc(sizeof(WCHAR)*len);
MultiByteToWideChar(CP_ACP,0,command,-1,commandW,len);
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if(hres<0)
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
return -1;
}
hres = CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,RPC_C_IMP_LEVEL_IDENTIFY,NULL,EOAC_NONE,NULL);
if(hres<0)
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
CoUninitialize();
return -1;
}
hres = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator, (LPVOID *) &pLoc);
if(hres<0)
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
CoUninitialize();
return -1;
}
//WMI connection
hres = pLoc->ConnectServer(_bstr_t(serverWMIW),_bstr_t(usernameW),_bstr_t(passwordW),NULL,NULL,NULL,NULL,&pSvc);
if(hres<0)
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
pLoc->Release();
CoUninitialize();
return -1;
}
//Set ProxyBlanket options
memset(&authIdent, 0, sizeof(COAUTHIDENTITY));
authIdent.PasswordLength = wcslen (passwordW);
authIdent.Password = (USHORT*)passwordW;
slash = wcschr (usernameW, L'\\');
if(slash == NULL)
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return -1;
}
wcscpy_s(pszUserName,CREDUI_MAX_USERNAME_LENGTH+1, slash+1);
authIdent.User = (USHORT*)pszUserName;
authIdent.UserLength = wcslen(pszUserName);
wcsncpy_s(pszDomain, CREDUI_MAX_USERNAME_LENGTH+1, usernameW, slash - usernameW);
authIdent.Domain = (USHORT*)pszDomain;
authIdent.DomainLength = slash - usernameW;
authIdent.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
userAcct = &authIdent;
//Set the ProxyBlanket
hres = CoSetProxyBlanket(pSvc,RPC_C_AUTHN_DEFAULT,RPC_C_AUTHZ_DEFAULT,COLE_DEFAULT_PRINCIPAL,RPC_C_AUTHN_LEVEL_PKT_PRIVACY,RPC_C_IMP_LEVEL_IMPERSONATE,userAcct,EOAC_NONE);
if(hres<0)
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return -1;
}
BSTR MethodName = SysAllocString(L"Create");
BSTR ClassName = SysAllocString(L"Win32_Process");
IWbemClassObject* pClass = NULL;
hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL);
IWbemClassObject* pInParamsDefinition = NULL;
hres = pClass->GetMethod(MethodName, 0,
&pInParamsDefinition, NULL);
IWbemClassObject* pClassInstance = NULL;
hres = pInParamsDefinition->SpawnInstance(0, &pClassInstance);
// Create the values for the "in" parameters
VARIANT varCommand;
varCommand.vt = VT_BSTR;
varCommand.bstrVal = BSTR(commandW);
// Store the value for the "in" parameters
hres = pClassInstance->Put(L"CommandLine", 0, &varCommand, 0);
// Execute Method
IWbemClassObject* pOutParams = NULL;
hres = pSvc->ExecMethod(ClassName, MethodName, 0,
NULL, pClassInstance, &pOutParams, NULL);
if (FAILED(hres))
{
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
VariantClear(&varCommand);
SysFreeString(ClassName);
SysFreeString(MethodName);
pClass->Release();
pInParamsDefinition->Release();
pOutParams->Release();
pSvc->Release();
pLoc->Release();
CoUninitialize();
return -1;
}
free(usernameW);
free(passwordW);
free(commandW);
free(serverWMIA);
free(serverWMIW);
SecureZeroMemory(pszUserName, sizeof(pszUserName));
SecureZeroMemory(pszDomain, sizeof(pszDomain));
VariantClear(&varCommand);
SysFreeString(ClassName);
SysFreeString(MethodName);
pClass->Release();
pInParamsDefinition->Release();
pOutParams->Release();
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0;
}
