HRESULT ExecuteMethod3InInstance( __in IWbemServices* WbemServices, __in IWbemClassObject* ClassObj, __in const BSTR InstancePath, __in ULONG InData1, __in ULONG InData2 ) { HRESULT status; IWbemClassObject* inputParamsObj = NULL; IWbemClassObject* inputParamsInstanceObj = NULL; IWbemClassObject* outputParamsInstanceObj = NULL; const BSTR methodName = SysAllocString(TOASTER_METHOD_3); VARIANT funcParam; // // Get the input parameters class objects for the method. // status = ClassObj->GetMethod(methodName, 0, &inputParamsObj, NULL); if (FAILED(status)) { goto exit; } // // Spawn an instance of the input parameters class object. // status = inputParamsObj->SpawnInstance(0, &inputParamsInstanceObj); if (FAILED(status)) { goto exit; } // // Set the input variables values (i.e., inData1, inData2 for ToasterMethod3). // funcParam.vt = VT_I4; funcParam.ulVal = InData1; status = inputParamsInstanceObj->Put(L"InData1", 0, &funcParam, 0); if (FAILED(status)) { goto exit; } funcParam.vt = VT_I4; funcParam.ulVal = InData2; status = inputParamsInstanceObj->Put(L"InData2", 0, &funcParam, 0); if (FAILED(status)) { goto exit; } // // Call the method. // printf("\n"); printf("Instance Path .: %ws\n", (wchar_t*)InstancePath); printf(" Method Name..: %ws\n", (wchar_t*)methodName); status = WbemServices->ExecMethod(InstancePath, methodName, 0, NULL, inputParamsInstanceObj, &outputParamsInstanceObj, NULL); if (FAILED(status)) { goto exit; } // // Get the "in" Parameter values from the input parameters object. // status = inputParamsInstanceObj->Get(L"InData1", 0, &funcParam, NULL, NULL); if (FAILED(status)) { goto exit; } printf(" InData1...: %d\n", funcParam.ulVal); status = inputParamsInstanceObj->Get(L"InData2", 0, &funcParam, NULL, NULL); if (FAILED(status)) { goto exit; } printf(" InData2...: %d\n", funcParam.ulVal); // // Get the "out" Parameter values from the output parameters object. // status = outputParamsInstanceObj->Get(L"OutData1", 0, &funcParam, NULL, NULL); if (FAILED(status)) { goto exit; } printf(" OutData1..: %d\n", funcParam.ulVal); status = outputParamsInstanceObj->Get(L"OutData2", 0, &funcParam, NULL, NULL); if (FAILED(status)) { goto exit; } printf(" OutData2..: %d\n", funcParam.ulVal); exit: if (methodName != NULL) { SysFreeString(methodName); } if (inputParamsObj != NULL) { inputParamsObj->Release(); } if (inputParamsInstanceObj != NULL) { inputParamsInstanceObj->Release(); } if (outputParamsInstanceObj != NULL) { outputParamsInstanceObj->Release(); } return status; }
HRESULT GetAndSetValuesInClass( _In_ IWbemServices* WbemServices, _In_opt_ PWSTR UserId, _In_opt_ PWSTR Password, _In_opt_ PWSTR DomainName ) /*++ Routine Description: This routine enumerates the instances of the Toaster Device Information class and gets/sets the value of one of its Properties. Arguments: WbemServices - Pointer to the WBEM services interface used for accessing the WMI services. UserId - Pointer to the user id information or NULL. Password - Pointer to password or NULL. If the user id is not specified, this parameter is ignored. DomainName - Pointer to domain name or NULL. If the user id is not specified, this parameter is ignored. Return Value: HRESULT Status code. --*/ { HRESULT status = S_OK; IEnumWbemClassObject* enumerator = NULL; IWbemClassObject* classObj = NULL; IWbemClassObject* instanceObj = NULL; const BSTR className = SysAllocString(TOASTER_DEVICE_INFO_CLASS); VARIANT instProperty; ULONG nbrObjsSought = 1; ULONG nbrObjsReturned; // // Create an Enumeration object to enumerate the instances of the given class. // status = WbemServices->CreateInstanceEnum(className, WBEM_FLAG_SHALLOW | WBEM_FLAG_RETURN_IMMEDIATELY | WBEM_FLAG_FORWARD_ONLY, NULL, &enumerator); if (FAILED(status)) { goto exit; } // // Set authentication information for the interface. // status = SetInterfaceSecurity(enumerator, UserId, Password, DomainName); if (FAILED(status)) { goto exit; } do { // // Get the instance object for each instance of the class. // status = enumerator->Next(WBEM_INFINITE, nbrObjsSought, &instanceObj, &nbrObjsReturned); if (status == WBEM_S_FALSE) { status = S_OK; break; } if (FAILED(status)) { if (status == WBEM_E_INVALID_CLASS) { printf("ERROR: Toaster driver may not be active on the system.\n"); } goto exit; } // // To obtain the object path of the object for which the method has to be // executed, query the "__PATH" property of the WMI instance object. // status = instanceObj->Get(_bstr_t(L"__PATH"), 0, &instProperty, 0, 0); if (FAILED(status)) { goto exit; } printf("\n"); printf("Instance Path .: %ws\n", (wchar_t*)instProperty.bstrVal); // // Get the current value of the DummyValue property. // status = instanceObj->Get(TOASTER_VAR1, 0, &instProperty, NULL, NULL); if (FAILED(status)) { goto exit; } printf(" Property ....: %ws\n", TOASTER_VAR1); printf(" Old Value ...: %d\n", instProperty.lVal); // // Set a new value for the DummyValue property. // instProperty.lVal++; status = instanceObj->Put(TOASTER_VAR1, 0, &instProperty, 0); if (FAILED(status)) { goto exit; } status = WbemServices->PutInstance(instanceObj, WBEM_FLAG_UPDATE_ONLY, NULL, NULL); if (FAILED(status)) { goto exit; } status = instanceObj->Get(_bstr_t(TOASTER_VAR1), 0, &instProperty, NULL, NULL); if (FAILED(status)) { goto exit; } printf(" New Value ...: %d\n", instProperty.lVal); instanceObj->Release(); instanceObj = NULL; } while (!FAILED(status)); exit: if (className != NULL) { SysFreeString(className); } if (classObj != NULL) { classObj->Release(); } if (enumerator != NULL) { enumerator->Release(); } if (instanceObj != NULL) { instanceObj->Release(); } return status; }
int ipmi_cmdraw_ms(uchar cmd, uchar netfn, uchar lun, uchar sa, uchar bus, uchar *pdata, int sdata, uchar *presp, int *sresp, uchar *pcc, char fdebugcmd) { int bRet; HRESULT hres; IWbemClassObject* pInParams = NULL; /*class definition*/ IWbemClassObject* pInReq = NULL; /*instance*/ IWbemClassObject* pOutResp = NULL; VARIANT varCmd, varNetfn, varLun, varSa, varSize, varData; SAFEARRAY* psa = NULL; long i; uchar *p; fdebugms = fdebugcmd; if (!fmsopen) { bRet = ipmi_open_ms(fdebugcmd); if (bRet != 0) return(bRet); } bRet = -1; hres = pClass->GetMethod(L"RequestResponse",0,&pInParams,NULL); if (FAILED(hres)) { if (fdebugcmd) printf("ipmi_cmdraw_ms: Cannot get RequestResponse method\n"); return (bRet); } #ifdef WDM_FIXED /* see http://support.microsoft.com/kb/951242 for WDM bug info */ hres = pInParams->SpawnInstance(0,&pInReq); if (FAILED(hres)) { if (fdebugcmd) printf("ipmi_cmdraw_ms: Cannot get RequestResponse instance\n"); return (bRet); } // also substitute pInReq for pInParams below if this gets fixed. #endif VariantInit(&varCmd); varCmd.vt = VT_UI1; varCmd.bVal = cmd; hres = pInParams->Put(_bstr_t(L"Command"), 0, &varCmd, 0); // VariantClear(&varCmd); if (FAILED(hres)) goto MSRET; VariantInit(&varNetfn); varNetfn.vt = VT_UI1; varNetfn.bVal = netfn; hres = pInParams->Put(_bstr_t(L"NetworkFunction"), 0, &varNetfn, 0); // VariantClear(&varNetfn); if (FAILED(hres)) goto MSRET; VariantInit(&varLun); varLun.vt = VT_UI1; varLun.bVal = lun; hres = pInParams->Put(_bstr_t(L"Lun"), 0, &varLun, 0); // VariantClear(&varLun); if (FAILED(hres)) goto MSRET; VariantInit(&varSa); varSa.vt = VT_UI1; varSa.bVal = sa; hres = pInParams->Put(_bstr_t(L"ResponderAddress"), 0, &varSa, 0); // VariantClear(&varSa); if (FAILED(hres)) goto MSRET; VariantInit(&varSize); varSize.vt = VT_I4; varSize.lVal = sdata; hres = pInParams->Put(_bstr_t(L"RequestDataSize"), 0, &varSize, 0); // VariantClear(&varSize); if (FAILED(hres)) goto MSRET; SAFEARRAYBOUND rgsabound[1]; rgsabound[0].cElements = sdata; rgsabound[0].lLbound = 0; psa = SafeArrayCreate(VT_UI1,1,rgsabound); if(!psa) { printf("ipmi_cmdraw_ms: SafeArrayCreate failed\n"); goto MSRET; } #ifdef SHOULD_WORK_BUT_NO /* The SafeArrayPutElement does not put the data in the right * place, so skip this and copy the raw data below. */ VARIANT tvar; if (fdebugcmd && sdata > 0) { printf("psa1(%p):",psa); dumpbuf((uchar *)psa,42,1); } for(i =0; i< sdata; i++) { VariantInit(&tvar); tvar.vt = VT_UI1; tvar.bVal = pdata[i]; hres = SafeArrayPutElement(psa, &i, &tvar); // VariantClear(&tvar); if (FAILED(hres)) { printf("ipmi_cmdraw_ms: SafeArrayPutElement(%d) failed\n",i); goto MSRET; } } /*end for*/ if (fdebugcmd && sdata > 0) { printf("psa2(%p):",psa); dumpbuf((uchar *)psa,42,1); } #endif /* Copy the real RequestData into psa */ memcpy(psa->pvData,pdata,sdata); VariantInit(&varData); varData.vt = VT_ARRAY | VT_UI1; varData.parray = psa; hres = pInParams->Put(_bstr_t(L"RequestData"), 0, &varData, 0); // VariantClear(&varData); if (FAILED(hres)) { printf("Put(RequestData) error %x\n",hres); goto MSRET; } #ifdef TEST_METHODS IWbemClassObject* pOutSms = NULL; if (fdebugcmd) printf("ipmi_cmdraw_ms: calling SMS_Attention(%ls)\n", V_BSTR(&varPath)); hres = pSvc->ExecMethod( V_BSTR(&varPath), _bstr_t(L"SMS_Attention"), 0, NULL, NULL, &pOutSms, NULL); if (FAILED(hres)) { printf("ipmi_cmdraw_ms: SMS_Attention method error %x\n",hres); goto MSRET; } if (fdebugcmd) printf("ipmi_cmdraw_ms: SMS_Attention method ok\n"); /* This does work, without input parameters */ pOutSms->Release(); #endif hres = pSvc->ExecMethod( V_BSTR(&varPath), _bstr_t(L"RequestResponse"), 0, NULL, pInParams, &pOutResp, NULL); if (fdebugcmd) { printf("ipmi_cmdraw_ms(cmd=%x,netfn=%x,lun=%x,sa=%x,sdata=%d)" " RequestResponse ret=%x\n", cmd,netfn,lun,sa,sdata,hres); if (sdata > 0) { printf("ipmi_cmdraw_ms: req data(%d):",sdata); dumpbuf(pdata,sdata,0); } } if (FAILED(hres)) { printf("ipmi_cmdraw_ms: RequestResponse error %x %s\n", hres,res_str(hres)); #ifdef EXTRA_DESC /* This does not usually add any meaning for IPMI. */ BSTR desc; IErrorInfo *pIErrorInfo; GetErrorInfo(0,&pIErrorInfo); pIErrorInfo->GetDescription(&desc); printf("ipmi_cmdraw_ms: ErrorInfoDescr: %ls\n",desc); SysFreeString(desc); #endif bRet = -1; /*fall through for cleanup and return*/ } else { /*successful, get ccode and response data */ VARIANT varByte, varRSz, varRData; VariantInit(&varByte); VariantInit(&varRSz); VariantInit(&varRData); long rlen; hres = pOutResp->Get(_bstr_t(L"CompletionCode"),0, &varByte, NULL, 0); if (FAILED(hres)) goto MSRET; if (fdebugcmd) printf("ipmi_cmdraw_ms: CompletionCode %x returned\n", V_UI1(&varByte) ); *pcc = V_UI1(&varByte); hres = pOutResp->Get(_bstr_t(L"ResponseDataSize"),0, &varRSz, NULL, 0); if (FAILED(hres)) goto MSRET; rlen = V_I4(&varRSz); if (rlen > 1) rlen--; /*skip cc*/ if (rlen > *sresp) { if (fdebugcmd) printf("ResponseData truncated from %d to %d\n", rlen,*sresp); rlen = *sresp; /*truncate*/ } *sresp = (int)rlen; hres = pOutResp->Get(_bstr_t(L"ResponseData"),0, &varRData, NULL,0); if (FAILED(hres)) { /*ignore failure */ if (fdebugcmd) printf("Get ResponseData error %x\n",hres); } else { /* success */ #ifdef SHOULD_WORK_BUT_NO uchar *pa; p = (uchar*)varRData.parray->pvData; pa = (uchar*)varRData.parray; printf("pa=%p, pa+12=%p p=%p\n",pa,(pa+12),p); if (fdebugcmd) { printf("Data.vt = %04x, Data.parray(%p):", varRData.vt, varRData.parray); // 0x2011 means VT_ARRAY | VT_UI1 dumpbuf((uchar *)varRData.parray,40,1); } /* The SafeArrayGetElement does not get the data from the right * place, so skip this and copy the raw data below. */ VARIANT rgvar[NVAR]; if (rlen > NVAR) *pcc = 0xEE; for (i = 0; i <= rlen; i++) VariantInit(&rgvar[i]); /* copy the response data from varRData to presp */ for( i = 0; i <= rlen; i++) { hres = SafeArrayGetElement(varRData.parray, &i, &rgvar[i]); if (FAILED(hres)) { if (fdebugcmd) printf("ipmi_cmdraw_ms: SafeArrayGetElement(%d) failed\n",i); break; } if (fdebugcmd) { printf("Data[%d] vt=%02x val=%02x, rgvar(%p):",i, rgvar[i].vt, V_UI1(&rgvar[i]),&rgvar[i]); dumpbuf((uchar *)&rgvar[i],12,0); } /* skip the completion code */ // if (i > 0) presp[i-1] = V_UI1(&rgvar[i]); } /*end for*/ #endif /* * parray from a GetDeviceId response: * 0015CEE0: 01 00 80 00 01 00 00 00 00 00 00 00 00 cf 15 00 * 0015CEF0: 10 00 00 00 00 00 00 00 03 00 06 00 95 01 08 00 * ^- datalen=0x10 * 0015CF00: 00 20 01 00 19 02 9f 57 01 ... * ^- start of data (cc=00, ...) */ /* Copy the real ResponseData into presp. */ p = (uchar*)varRData.parray->pvData; for( i = 0; i <= rlen; i++) { /* skip the completion code */ if (i > 0) presp[i-1] = p[i]; } if (fdebugcmd) { printf("ipmi_cmdraw_ms: resp data(%d):",rlen+1); dumpbuf(p,rlen+1,0); } } bRet = 0; } MSRET: #define CLEAN_OK 1 #ifdef CLEAN_OK /* VariantClear(&var*) should be done by pInParams->Release() */ if (psa != NULL) SafeArrayDestroy(psa); if (pInParams != NULL) pInParams->Release(); if (pOutResp != NULL) pOutResp->Release(); #endif return(bRet); }
int main(int iArgCnt, char ** argv) { IWbemLocator *pLocator = NULL; IWbemServices *pNamespace = 0; IWbemClassObject * pClass = NULL; IWbemClassObject * pOutInst = NULL; IWbemClassObject * pInClass = NULL; IWbemClassObject * pInInst = NULL; BSTR Text = NULL; HRESULT hr = S_OK; BSTR path = SysAllocString(L"root\\default"); BSTR ClassPath = SysAllocString(L"MethProvSamp"); BSTR MethodName = SysAllocString(L"Echo"); BSTR ArgName = SysAllocString(L"sInArg"); if (!path || ! ClassPath || !MethodName || ! ArgName) { printf("SysAllocString failed. Out of memory.\n"); goto cleanup; } // Initialize COM and connect up to CIMOM hr = CoInitialize(0); if (FAILED(hr)) { printf("CoInitialize returned 0x%x:", hr); goto cleanup; } // NOTE: // When using asynchronous WMI API's remotely in an environment where the "Local System" account // has no network identity (such as non-Kerberos domains), the authentication level of // RPC_C_AUTHN_LEVEL_NONE is needed. However, lowering the authentication level to // RPC_C_AUTHN_LEVEL_NONE makes your application less secure. It is wise to // use semi-synchronous API's for accessing WMI data and events instead of the asynchronous ones. hr = CoInitializeSecurity ( NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_SECURE_REFS, //change to EOAC_NONE if you change dwAuthnLevel to RPC_C_AUTHN_LEVEL_NONE NULL ); if (FAILED(hr)) { printf("CoInitializeSecurity returned 0x%x:", hr); goto cleanup; } hr = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &pLocator); if (FAILED(hr)) { printf("CoCreateInstance returned 0x%x:", hr); goto cleanup; } hr = pLocator->ConnectServer(path, NULL, NULL, NULL, 0, NULL, NULL, &pNamespace); printf("\n\nConnectServer returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Get the class object hr = pNamespace->GetObject(ClassPath, 0, NULL, &pClass, NULL); printf("\nGetObject returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Get the input argument and set the property hr = pClass->GetMethod(MethodName, 0, &pInClass, NULL); printf("\nGetMethod returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; hr = pInClass->SpawnInstance(0, &pInInst); printf("\nSpawnInstance returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; VARIANT var; var.vt = VT_BSTR; var.bstrVal= SysAllocString(L"hello"); if (var.bstrVal == NULL) goto cleanup; hr = pInInst->Put(ArgName, 0, &var, 0); VariantClear(&var); // Call the method hr = pNamespace->ExecMethod(ClassPath, MethodName, 0, NULL, pInInst, &pOutInst, NULL); printf("\nExecMethod returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Display the results. hr = pOutInst->GetObjectText(0, &Text); if(hr != WBEM_S_NO_ERROR) goto cleanup; printf("\n\nThe object text of the output object is:\n%S", Text); printf("Terminating normally\n"); // Free up resources cleanup: SysFreeString(path); SysFreeString(ClassPath); SysFreeString(MethodName); SysFreeString(ArgName); SysFreeString(Text); if (pClass) pClass->Release(); if (pInInst) pInInst->Release(); if (pInClass) pInClass->Release(); if (pOutInst) pOutInst->Release(); if (pLocator) pLocator->Release(); if (pNamespace) pNamespace->Release(); CoUninitialize(); return 0; }
bool StoreSD(IWbemServices * pSession, PSECURITY_DESCRIPTOR pSD) { bool bRet = false; HRESULT hr; if (!IsValidSecurityDescriptor(pSD)) return false; // Get the class object IWbemClassObject * pClass = NULL; _bstr_t InstPath(L"__systemsecurity=@"); _bstr_t ClassPath(L"__systemsecurity"); hr = pSession->GetObject(ClassPath, 0, NULL, &pClass, NULL); if(FAILED(hr)) return false; // Get the input parameter class _bstr_t MethName(L"SetSD"); IWbemClassObject * pInClassSig = NULL; hr = pClass->GetMethod(MethName,0, &pInClassSig, NULL); pClass->Release(); if(FAILED(hr)) return false; // spawn an instance of the input parameter class IWbemClassObject * pInArg = NULL; pInClassSig->SpawnInstance(0, &pInArg); pInClassSig->Release(); if(FAILED(hr)) return false; // move the SD into a variant. SAFEARRAY FAR* psa; SAFEARRAYBOUND rgsabound[1]; rgsabound[0].lLbound = 0; long lSize = GetSecurityDescriptorLength(pSD); rgsabound[0].cElements = lSize; psa = SafeArrayCreate( VT_UI1, 1 , rgsabound ); if(psa == NULL) { pInArg->Release(); return false; } char * pData = NULL; hr = SafeArrayAccessData(psa, (void HUGEP* FAR*)&pData); if(FAILED(hr)) { pInArg->Release(); return false; } memcpy(pData, pSD, lSize); SafeArrayUnaccessData(psa); _variant_t var; var.vt = VT_I4|VT_ARRAY; var.parray = psa; // put the property hr = pInArg->Put(L"SD" , 0, &var, 0); if(FAILED(hr)) { pInArg->Release(); return false; } // Execute the method IWbemClassObject * pOutParams = NULL; hr = pSession->ExecMethod(InstPath, MethName, 0, NULL, pInArg, NULL, NULL); if(FAILED(hr)) printf("\nPut failed, returned 0x%x",hr); return bRet; }
////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Description : // Sends WMI command to target after logging on. ////////////////////////////////////////////////////////////////////////////////////////////////////////////// DWORD startWMICommand(char* command, char* target, char* username, char* password) { HRESULT hres; IWbemLocator *pLoc = NULL; IWbemServices *pSvc = NULL; COAUTHIDENTITY *userAcct = NULL ; COAUTHIDENTITY authIdent; char* serverWMIA; PWCHAR serverWMIW; PWCHAR usernameW; PWCHAR commandW; PWCHAR passwordW; WCHAR pszDomain[CREDUI_MAX_USERNAME_LENGTH+1]; WCHAR pszUserName[CREDUI_MAX_USERNAME_LENGTH+1]; PWCHAR slash; int len = 0; // WCHAR len = strlen(target)+12; serverWMIA = (char*)malloc(sizeof(char)*(len)); strcpy_s(serverWMIA, len, target); strcat_s(serverWMIA, len, "\\ROOT\\CIMV2"); len = MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,NULL,0); serverWMIW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,serverWMIW,len); free(serverWMIA); len = MultiByteToWideChar(CP_ACP,0,username,-1,NULL,0); usernameW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,username,-1,usernameW,len); len = MultiByteToWideChar(CP_ACP,0,password,-1,NULL,0); passwordW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,password,-1,passwordW,len); len = MultiByteToWideChar(CP_ACP,0,command,-1,NULL,0); commandW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,command,-1,commandW,len); hres = CoInitializeEx(0, COINIT_MULTITHREADED); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); return -1; } hres = CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,RPC_C_IMP_LEVEL_IDENTIFY,NULL,EOAC_NONE,NULL); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); CoUninitialize(); return -1; } hres = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator, (LPVOID *) &pLoc); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); CoUninitialize(); return -1; } //WMI connection hres = pLoc->ConnectServer(_bstr_t(serverWMIW),_bstr_t(usernameW),_bstr_t(passwordW),NULL,NULL,NULL,NULL,&pSvc); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pLoc->Release(); CoUninitialize(); return -1; } //Set ProxyBlanket options memset(&authIdent, 0, sizeof(COAUTHIDENTITY)); authIdent.PasswordLength = wcslen (passwordW); authIdent.Password = (USHORT*)passwordW; slash = wcschr (usernameW, L'\\'); if(slash == NULL) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } wcscpy_s(pszUserName,CREDUI_MAX_USERNAME_LENGTH+1, slash+1); authIdent.User = (USHORT*)pszUserName; authIdent.UserLength = wcslen(pszUserName); wcsncpy_s(pszDomain, CREDUI_MAX_USERNAME_LENGTH+1, usernameW, slash - usernameW); authIdent.Domain = (USHORT*)pszDomain; authIdent.DomainLength = slash - usernameW; authIdent.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; userAcct = &authIdent; //Set the ProxyBlanket hres = CoSetProxyBlanket(pSvc,RPC_C_AUTHN_DEFAULT,RPC_C_AUTHZ_DEFAULT,COLE_DEFAULT_PRINCIPAL,RPC_C_AUTHN_LEVEL_PKT_PRIVACY,RPC_C_IMP_LEVEL_IMPERSONATE,userAcct,EOAC_NONE); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } BSTR MethodName = SysAllocString(L"Create"); BSTR ClassName = SysAllocString(L"Win32_Process"); IWbemClassObject* pClass = NULL; hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL); IWbemClassObject* pInParamsDefinition = NULL; hres = pClass->GetMethod(MethodName, 0, &pInParamsDefinition, NULL); IWbemClassObject* pClassInstance = NULL; hres = pInParamsDefinition->SpawnInstance(0, &pClassInstance); // Create the values for the "in" parameters VARIANT varCommand; varCommand.vt = VT_BSTR; varCommand.bstrVal = BSTR(commandW); // Store the value for the "in" parameters hres = pClassInstance->Put(L"CommandLine", 0, &varCommand, 0); // Execute Method IWbemClassObject* pOutParams = NULL; hres = pSvc->ExecMethod(ClassName, MethodName, 0, NULL, pClassInstance, &pOutParams, NULL); if (FAILED(hres)) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); VariantClear(&varCommand); SysFreeString(ClassName); SysFreeString(MethodName); pClass->Release(); pInParamsDefinition->Release(); pOutParams->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); SecureZeroMemory(pszUserName, sizeof(pszUserName)); SecureZeroMemory(pszDomain, sizeof(pszDomain)); VariantClear(&varCommand); SysFreeString(ClassName); SysFreeString(MethodName); pClass->Release(); pInParamsDefinition->Release(); pOutParams->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return 0; }