HRESULT WMI::GetProcStringProperty(DWORD pid, TCHAR *name, TCHAR *value, DWORD len) { IWbemClassObject *obj; VARIANT var; result = wbem->GetObject(GetProcQuery(pid), 0, 0, &obj, 0); if (FAILED(result)) { return result; } result = obj->Get(name, 0, &var, 0, 0); if (SUCCEEDED(result)) { if (var.vt == VT_NULL) { result = E_INVALIDARG; } else { lstrcpyn(value, var.bstrVal, len); } VariantClear(&var); } obj->Release(); return result; }
int main(int iArgCnt, char ** argv) { IWbemLocator *pLocator = NULL; IWbemServices *pNamespace = 0; IWbemClassObject * pClass = NULL; IWbemClassObject * pOutInst = NULL; IWbemClassObject * pInClass = NULL; IWbemClassObject * pInInst = NULL; BSTR Text = NULL; HRESULT hr = S_OK; BSTR path = SysAllocString(L"root\\default"); BSTR ClassPath = SysAllocString(L"MethProvSamp"); BSTR MethodName = SysAllocString(L"Echo"); BSTR ArgName = SysAllocString(L"sInArg"); if (!path || ! ClassPath || !MethodName || ! ArgName) { printf("SysAllocString failed. Out of memory.\n"); goto cleanup; } // Initialize COM and connect up to CIMOM hr = CoInitialize(0); if (FAILED(hr)) { printf("CoInitialize returned 0x%x:", hr); goto cleanup; } // NOTE: // When using asynchronous WMI API's remotely in an environment where the "Local System" account // has no network identity (such as non-Kerberos domains), the authentication level of // RPC_C_AUTHN_LEVEL_NONE is needed. However, lowering the authentication level to // RPC_C_AUTHN_LEVEL_NONE makes your application less secure. It is wise to // use semi-synchronous API's for accessing WMI data and events instead of the asynchronous ones. hr = CoInitializeSecurity ( NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_SECURE_REFS, //change to EOAC_NONE if you change dwAuthnLevel to RPC_C_AUTHN_LEVEL_NONE NULL ); if (FAILED(hr)) { printf("CoInitializeSecurity returned 0x%x:", hr); goto cleanup; } hr = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &pLocator); if (FAILED(hr)) { printf("CoCreateInstance returned 0x%x:", hr); goto cleanup; } hr = pLocator->ConnectServer(path, NULL, NULL, NULL, 0, NULL, NULL, &pNamespace); printf("\n\nConnectServer returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Get the class object hr = pNamespace->GetObject(ClassPath, 0, NULL, &pClass, NULL); printf("\nGetObject returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Get the input argument and set the property hr = pClass->GetMethod(MethodName, 0, &pInClass, NULL); printf("\nGetMethod returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; hr = pInClass->SpawnInstance(0, &pInInst); printf("\nSpawnInstance returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; VARIANT var; var.vt = VT_BSTR; var.bstrVal= SysAllocString(L"hello"); if (var.bstrVal == NULL) goto cleanup; hr = pInInst->Put(ArgName, 0, &var, 0); VariantClear(&var); // Call the method hr = pNamespace->ExecMethod(ClassPath, MethodName, 0, NULL, pInInst, &pOutInst, NULL); printf("\nExecMethod returned 0x%x:", hr); if(hr != WBEM_S_NO_ERROR) goto cleanup; // Display the results. hr = pOutInst->GetObjectText(0, &Text); if(hr != WBEM_S_NO_ERROR) goto cleanup; printf("\n\nThe object text of the output object is:\n%S", Text); printf("Terminating normally\n"); // Free up resources cleanup: SysFreeString(path); SysFreeString(ClassPath); SysFreeString(MethodName); SysFreeString(ArgName); SysFreeString(Text); if (pClass) pClass->Release(); if (pInInst) pInInst->Release(); if (pInClass) pInClass->Release(); if (pOutInst) pOutInst->Release(); if (pLocator) pLocator->Release(); if (pNamespace) pNamespace->Release(); CoUninitialize(); return 0; }
////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Description : // Sends WMI command to target after logging on. ////////////////////////////////////////////////////////////////////////////////////////////////////////////// DWORD startWMICommand(char* command, char* target, char* username, char* password) { HRESULT hres; IWbemLocator *pLoc = NULL; IWbemServices *pSvc = NULL; COAUTHIDENTITY *userAcct = NULL ; COAUTHIDENTITY authIdent; char* serverWMIA; PWCHAR serverWMIW; PWCHAR usernameW; PWCHAR commandW; PWCHAR passwordW; WCHAR pszDomain[CREDUI_MAX_USERNAME_LENGTH+1]; WCHAR pszUserName[CREDUI_MAX_USERNAME_LENGTH+1]; PWCHAR slash; int len = 0; // WCHAR len = strlen(target)+12; serverWMIA = (char*)malloc(sizeof(char)*(len)); strcpy_s(serverWMIA, len, target); strcat_s(serverWMIA, len, "\\ROOT\\CIMV2"); len = MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,NULL,0); serverWMIW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,serverWMIA,-1,serverWMIW,len); free(serverWMIA); len = MultiByteToWideChar(CP_ACP,0,username,-1,NULL,0); usernameW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,username,-1,usernameW,len); len = MultiByteToWideChar(CP_ACP,0,password,-1,NULL,0); passwordW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,password,-1,passwordW,len); len = MultiByteToWideChar(CP_ACP,0,command,-1,NULL,0); commandW = (PWCHAR)malloc(sizeof(WCHAR)*len); MultiByteToWideChar(CP_ACP,0,command,-1,commandW,len); hres = CoInitializeEx(0, COINIT_MULTITHREADED); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); return -1; } hres = CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,RPC_C_IMP_LEVEL_IDENTIFY,NULL,EOAC_NONE,NULL); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); CoUninitialize(); return -1; } hres = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator, (LPVOID *) &pLoc); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); CoUninitialize(); return -1; } //WMI connection hres = pLoc->ConnectServer(_bstr_t(serverWMIW),_bstr_t(usernameW),_bstr_t(passwordW),NULL,NULL,NULL,NULL,&pSvc); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pLoc->Release(); CoUninitialize(); return -1; } //Set ProxyBlanket options memset(&authIdent, 0, sizeof(COAUTHIDENTITY)); authIdent.PasswordLength = wcslen (passwordW); authIdent.Password = (USHORT*)passwordW; slash = wcschr (usernameW, L'\\'); if(slash == NULL) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } wcscpy_s(pszUserName,CREDUI_MAX_USERNAME_LENGTH+1, slash+1); authIdent.User = (USHORT*)pszUserName; authIdent.UserLength = wcslen(pszUserName); wcsncpy_s(pszDomain, CREDUI_MAX_USERNAME_LENGTH+1, usernameW, slash - usernameW); authIdent.Domain = (USHORT*)pszDomain; authIdent.DomainLength = slash - usernameW; authIdent.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; userAcct = &authIdent; //Set the ProxyBlanket hres = CoSetProxyBlanket(pSvc,RPC_C_AUTHN_DEFAULT,RPC_C_AUTHZ_DEFAULT,COLE_DEFAULT_PRINCIPAL,RPC_C_AUTHN_LEVEL_PKT_PRIVACY,RPC_C_IMP_LEVEL_IMPERSONATE,userAcct,EOAC_NONE); if(hres<0) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } BSTR MethodName = SysAllocString(L"Create"); BSTR ClassName = SysAllocString(L"Win32_Process"); IWbemClassObject* pClass = NULL; hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL); IWbemClassObject* pInParamsDefinition = NULL; hres = pClass->GetMethod(MethodName, 0, &pInParamsDefinition, NULL); IWbemClassObject* pClassInstance = NULL; hres = pInParamsDefinition->SpawnInstance(0, &pClassInstance); // Create the values for the "in" parameters VARIANT varCommand; varCommand.vt = VT_BSTR; varCommand.bstrVal = BSTR(commandW); // Store the value for the "in" parameters hres = pClassInstance->Put(L"CommandLine", 0, &varCommand, 0); // Execute Method IWbemClassObject* pOutParams = NULL; hres = pSvc->ExecMethod(ClassName, MethodName, 0, NULL, pClassInstance, &pOutParams, NULL); if (FAILED(hres)) { free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); VariantClear(&varCommand); SysFreeString(ClassName); SysFreeString(MethodName); pClass->Release(); pInParamsDefinition->Release(); pOutParams->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return -1; } free(usernameW); free(passwordW); free(commandW); free(serverWMIA); free(serverWMIW); SecureZeroMemory(pszUserName, sizeof(pszUserName)); SecureZeroMemory(pszDomain, sizeof(pszDomain)); VariantClear(&varCommand); SysFreeString(ClassName); SysFreeString(MethodName); pClass->Release(); pInParamsDefinition->Release(); pOutParams->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return 0; }