tags:

views:

404

answers:

4
+1  Q: 

How to start a process on a remote machine in C++ under Windows

Hi!

I'm using Dev-C++ under Windows. My question is how can i start a process on a remote machine? I know that PsExec can do that, but if it's possible, i want to avoid to use it. If someone can give some example code, i would appreciate it :)

Thanks in advance!

kampi

+2  A: 

If this was easy, hackers would be starting up malware on all machines exposed to the internet.

PSExec uses the Services Control Manager over a LAN to start a service EXE from 'here', i.e. the machine where you run it. It requires a lot of security privileges - e.g. admin rights.

If you don't want to do this, you can look into SSH (there are open source examples) or Remote Command Prompt (in Windows Resource Kit).

JBRWilkinson  2009-10-12 13:35:21
If i know correctly, then in Java it is possible, to create a process on a remote computer much much easier. That'a the reason why i asked, if it's possible in C++. By the way the target machines are domain members, and i am admin all of the computers, or if i am not i would specify a user who is.
kampi  2009-10-12 14:39:46
If you are uber-admin, you can use the following technique:1) COPY the thing you want to run to \\targetmachine\C$\Someplace, using MoveFileEx() API2) Use OpenSCManager("\\targetmachine",...) API to connect to the Service Control Manager3) Use ServiceControl() API to 'run' the EXE as a service. It isn't a service, but your EXE will run up before the SCM realises this.
JBRWilkinson  2009-10-13 13:26:24
Could you maybe give me an example how to use ServiceControl() ? I can't find anywhere an example, that i can use to :(
kampi  2009-10-13 18:59:55
http://msdn.microsoft.com/en-us/library/ms682006(VS.85).aspx
JBRWilkinson  2009-10-19 18:39:19
A: 

It would be best if you already have a service running on the remote machine which you can ask to run a program. Windows itself does not provide anything useful out of the box; it does ship with a remote shell service (which is usually deactivated or not even installed).

IIUC, what psexec does is this:

  1. copy a the binary onto the remote machine, using an administrative share
  2. install the binary remotely as a service, using remote registry operations
  3. start the service remotely, using the service control manager API.

If you don't want to use psexec, you could still do the same. Notice that you need quite some privileges to do so.

Martin v. Löwis  2009-10-12 13:37:36
This was a bit too much :) So, could you maybe give me an example, how to do this that? I'm not a professional programmer, C++ is just on of my hobbys. Unfortonately i don't know, which API-s should i use. Could you help me a little me bit more? Thx in advance!
kampi  2009-10-12 17:17:11
A: 

The simple answer is that you can't. All you can do is send a message to the remote machine asking it to start the process for you. PsExec runs on the remote machine listening for specific messages and starting processes in response to them.

You can either use an existing protocol, like PsExec, or create your own. Creating your own requires that you can install a service on the remote machine. If the remote machine is not under your control then this isn't possible. If you do design your own system you must be careful when designing the protocol as you don't want to inadvertantly open a security hole in your system.

Skizz

Skizz  2009-10-12 13:45:15
This is incorrect - you don't have to have PSExec already 'listening' on the slave machine to use it.
JBRWilkinson  2010-03-10 11:41:41
But surely something has to be listening, if not PsExec then something else. If PsExec is not listening itself, then something else must wake up PsExec when the request arrives, which is sort of the same thing. Data sent to a computer will be thrown away unless something on the computer is listening and performing actions in response to the data.
Skizz  2010-03-10 11:54:55
+1  A: 

You can use WMI... (C# example so you'll have to find the equivalent C++)

    ConnectionOptions connectOptions = new ConnectionOptions();
    connectOptions.Username = "Administrator";
    connectOptions.Password = "TopSecret";
    ManagementScope scope = new ManagementScope(
        @"\\" + machine + @"\root\cimv2",
        connectOptions);

    scope.Connect();
    ManagementPath path = new ManagementPath(@"Win32_Process");
    ManagementClass proc = new ManagementClass(scope, path, new ObjectGetOptions());
    ManagementBaseObject args = proc.GetMethodParameters("Create");
    args["CommandLine"] = "C:\\Windows\\notepad.exe";
    proc.InvokeMethod("Create", args, null);
RichAmberale  2009-10-12 21:38:39

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS