Skip to content

Instantly share code, notes, and snippets.

@EvanMcBroom

EvanMcBroom/exec_remote_process.cpp

Last active September 1, 2024 05:14
Show Gist options
  • Save EvanMcBroom/99ea88304faec38d3ed1deefd1aba6f9 to your computer and use it in GitHub Desktop.
Save EvanMcBroom/99ea88304faec38d3ed1deefd1aba6f9 to your computer and use it in GitHub Desktop.
Download ZIP
Examples of using an impersonation token instead of explicit credentials to create a process on a remote host via DCOM and MS-WMI.
Raw
exec_remote_process.cpp
// Copyright (C) 2024 Evan McBroom
#include <Windows.h>
#include <iostream>
#include <vector>
#include <WbemCli.h>
#include <atlbase.h>
#include <iomanip>
// The modified, compiled IDL file from:
// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wmi/
#include "ms_wmi_h.h"
#include "ms_wmi_i.c"
#pragma comment(lib, "WbemUuid.lib")
WCHAR domainName[] = L"DOMAIN NAME";
WCHAR userName[] = L"USER NAME";
WCHAR password[] = L"PASSWORD";
WCHAR address[] = L"IP ADDRESS OR HOST NAME";
WCHAR process[] = L"calc.exe";
// An alternative option to set EOAC_STATIC_CLOAKING or EOAC_DYNAMIC_CLOAKING on an individual
// interface instead of on the entire process (e.g., CoInitializeSecurity) if desired.
bool SetProxyBlanket(IUnknown* iunknown) {
return SUCCEEDED(CoSetProxyBlanket(iunknown, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHZ_NONE, nullptr, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, nullptr, EOAC_STATIC_CLOAKING));
}
int main() {
// Set an impersonation token that will use explicit credentials
// when doing NTLM authentication to a remote host. Kerberos
// tickets may also be added to the logon session via PTT while
// the token is being impersonated.
HANDLE token;
size_t result = LogonUserW(userName, domainName, password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, &token);
(void)ImpersonateLoggedOnUser(token);
// Start COM and set it to always use the current impersonation token (e.g., EOAC_STATIC_CLOAKING),
// and for COM to choose how to authenticate (e.g., authentication service = -1). NTLM and/or kerberos
// can be explicitly set via the authentication list parameter if desired.
(void)CoInitialize(nullptr);
result = CoInitializeSecurity(nullptr, -1, nullptr, nullptr, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, nullptr, EOAC_STATIC_CLOAKING, nullptr);
// Create an object on a remote host.
// For the CLSID_WbemLevel1Login object, this requires you to use Administrative credentials.
// CLSID_WbemLevel1Login does not allow you to immediately query IWbemLevel1Login so you
// must query for IUnknown first.
COSERVERINFO serverInfo = { 0 };
serverInfo.pwszName = address;
MULTI_QI interfaces = { 0 };
interfaces.pIID = &IID_IUnknown;
if (SUCCEEDED(result = CoCreateInstanceEx(CLSID_WbemLevel1Login, nullptr, CLSCTX_REMOTE_SERVER, &serverInfo, 1, &interfaces))) {
// Convert IUnknown to IWbemLevel1Login.
// This takes a few seconds to complete the first time you do it on the host,
// or if you have not called it in a while and the previous instance has been
// destroyed (e.g., due to a timeout).
CComPtr<IUnknown> iUnknown{ interfaces.pItf };
CComPtr<IWbemLevel1Login> wbemLevel1Login;
if (SUCCEEDED(result = iUnknown.QueryInterface(&wbemLevel1Login))) {
WCHAR address[] = L"ROOT\\CIMV2";
CComPtr<IWbemServices> wbemServices;
if (SUCCEEDED(result = wbemLevel1Login->NTLMLogin(address, nullptr, 0, nullptr, &wbemServices))) {
// Get the WMI object
CComPtr<IWbemClassObject> win32Process;
wbemServices->GetObjectW(CComBSTR{ L"Win32_Process" }, 0, nullptr, &win32Process, nullptr);
// Get the signature (e.g., the definition) of the input parameters.
CComPtr<IWbemClassObject> inSignature;
win32Process->GetMethod(L"Create", 0, &inSignature, nullptr);
CComPtr<IWbemClassObject> inParameters;
// Create an instance of the input parameters for use to set them to
// actual values.
inSignature->SpawnInstance(0, &inParameters);
CComVariant variant(process);
inParameters->Put(L"CommandLine", 0, &variant, 0);
// Execute the Win32_Process:Create and show its output parameters.
CComPtr<IWbemClassObject> outParameters;
wbemServices->ExecMethod(CComBSTR{ "Win32_Process" }, CComBSTR{ "Create" }, 0, nullptr, inParameters, &outParameters, nullptr);
outParameters->Get(L"ProcessId", 0, &variant, nullptr, nullptr);
std::cout << "ProcessId: " << variant.uintVal << std::endl;
outParameters->Get(L"ReturnValue", 0, &variant, nullptr, nullptr);
std::cout << "ReturnValue: " << variant.uintVal << std::endl;
}
std::cout << result;
}
}
if (result) {
std::cout << "Result: " << std::hex << result << std::endl;
}
}
Raw
exec_remote_process.cs
// Copyright (C) 2024 Evan McBroom
using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
namespace ExecRemoteProcess
{
class Program
{
public enum RPC_AUTHN_LEVEL
{
PKT_PRIVACY = 6
}
public enum RPC_IMP_LEVEL
{
IMPERSONATE = 3
}
public enum EOLE_AUTHENTICATION_CAPABILITIES
{
DYNAMIC_CLOAKING = 0x40
}
// Argument marshaling taking from:
// https://learn.microsoft.com/en-us/dotnet/framework/interop/default-marshalling-for-objects
[ComImport]
[Guid("F309AD18-D86A-11d0-A075-00C04FB68820")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IWbemLevel1Login
{
[return: MarshalAs(UnmanagedType.Interface)]
int EstablishPosition(/* ... */);
int RequestChallenge(/* ... */);
int WBEMLogin(/* ... */);
int NTLMLogin([In, MarshalAs(UnmanagedType.LPWStr)] string wszNetworkResource, [In, MarshalAs(UnmanagedType.LPWStr)] string wszPreferredLocale, [In] long lFlags, [In, MarshalAs(UnmanagedType.IUnknown)] Object pCtx, [MarshalAs(UnmanagedType.IUnknown)] ref Object ppNamespace);
}
[ComImport]
[Guid("9556dc99-828c-11cf-a37e-00aa003240c7")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IWbemServices
{
[return: MarshalAs(UnmanagedType.Interface)]
int OpenNamespace(/* ... */);
int CancelAsyncCall(/* ... */);
int QueryObjectSink(/* ... */);
int GetObject([MarshalAs(UnmanagedType.BStr)] string strObjectPath, [In] long lFlags, [In, Optional, MarshalAs(UnmanagedType.IUnknown)] Object pCtx, [In, Out, Optional, MarshalAs(UnmanagedType.IUnknown)] ref Object ppObject, [In, Out, Optional, MarshalAs(UnmanagedType.IUnknown)] ref Object ppCallResult);
int GetObjectAsync(/* ... */);
int PutClass(/* ... */);
int PutClassAsync(/* ... */);
int DeleteClass(/* ... */);
int DeleteClassAsync(/* ... */);
int CreateClassEnum(/* ... */);
int CreateClassEnumAsync(/* ... */);
int PutInstance(/* ... */);
int PutInstanceAsync(/* ... */);
int DeleteInstance(/* ... */);
int DeleteInstanceAsync(/* ... */);
int CreateInstanceEnum(/* ... */);
int CreateInstanceEnumAsync(/* ... */);
int ExecQuery(/* ... */);
int ExecQueryAsync(/* ... */);
int ExecNotificationQuery(/* ... */);
int ExecNotificationQueryAsync(/* ... */);
int ExecMethod([MarshalAs(UnmanagedType.BStr)] string strObjectPath, [MarshalAs(UnmanagedType.BStr)] string strMethodName, [In] long lFlags, [In, Optional, MarshalAs(UnmanagedType.IUnknown)] Object pCtx, [In, Optional, MarshalAs(UnmanagedType.IUnknown)] Object pInParams, [In, Out, Optional, MarshalAs(UnmanagedType.IUnknown)] ref Object ppOutParams, [In, Out, Optional, MarshalAs(UnmanagedType.IUnknown)] ref Object ppCallResult);
int ExecMethodAsync(/* ... */);
}
[ComImport]
[Guid("dc12a681-737f-11cf-884d-00aa004b2e24")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IWbemClassObject
{
[return: MarshalAs(UnmanagedType.Interface)]
int GetQualifierSet(/* ... */);
int Get([In, MarshalAs(UnmanagedType.LPWStr)] string wszName, [In] long lFlags, [In, Out] ref Object pVal, [In, Out, Optional] ref int pType, [In, Out, Optional] ref int plFlavor);
int Put([In, MarshalAs(UnmanagedType.LPWStr)] string wszName, [In] long lFlags, [In] ref Object pVal, [In, Optional] int Type);
int Delete(/* ... */);
int GetNames(/* ... */);
int BeginEnumeration(/* ... */);
int Next(/* ... */);
int EndEnumeration(/* ... */);
int GetPropertyQualifierSet(/* ... */);
int Clone(/* ... */);
int GetObjectText(/* ... */);
int SpawnDerivedClass(/* ... */);
int SpawnInstance([In] long lFlags, [MarshalAs(UnmanagedType.IUnknown)] ref Object ppNewInstance);
int CompareTo(/* ... */);
int GetPropertyOrigin(/* ... */);
int InheritsFrom(/* ... */);
int GetMethod([In, MarshalAs(UnmanagedType.LPWStr)] string wszName, [In] long lFlags, [MarshalAs(UnmanagedType.IUnknown)] ref Object ppInSignature, [MarshalAs(UnmanagedType.IUnknown)] ref Object ppOutSignature);
int PutMethod(/* ... */);
int DeleteMethod(/* ... */);
int BeginMethodEnumeration(/* ... */);
int NextMethod(/* ... */);
int EndMethodEnumeration(/* ... */);
int GetMethodQualifierSet(/* ... */);
int GetMethodOrigin(/* ... */);
}
[DllImport("ole32.dll")]
static extern int CoInitializeSecurity(IntPtr pSecDesc, int cAuthSvc, IntPtr asAuthSvc, IntPtr pReserved1, RPC_AUTHN_LEVEL dwAuthnLevel, RPC_IMP_LEVEL dwImpLevel, IntPtr pAuthList, EOLE_AUTHENTICATION_CAPABILITIES dwCapabilities, IntPtr pReserved3);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LogonUser(String username, String domain, String password, int logonType, int logonProvider, ref IntPtr token);
static public string domainName = "DOMAIN NAME";
static public string userName = "USER NAME";
static public string password = "PASSWORD";
static public string address = "IP ADDRESS OR HOST NAME";
static public string process = "calc.exe";
static void Main()
{
CoInitializeSecurity(IntPtr.Zero, -1, IntPtr.Zero, IntPtr.Zero, RPC_AUTHN_LEVEL.PKT_PRIVACY, RPC_IMP_LEVEL.IMPERSONATE, IntPtr.Zero, EOLE_AUTHENTICATION_CAPABILITIES.DYNAMIC_CLOAKING, IntPtr.Zero);
// Set an impersonation token that will use explicit credentials
// when doing NTLM authentication to a remote host. Kerberos
// tickets may also be added to the logon session via PTT while
// the token is being impersonated.
var LOGON32_LOGON_NEW_CREDENTIALS = 9;
var LOGON32_PROVIDER_WINNT50 = 3;
IntPtr token = IntPtr.Zero;
LogonUser(userName, domainName, password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, ref token);
var context = WindowsIdentity.Impersonate(token);
// Create an object on a remote host.
// For the CLSID_WbemLevel1Login object, this requires you to use Administrative credentials.
// CLSID_WbemLevel1Login does not allow you to immediately query IWbemLevel1Login so you
// must query for IUnknown first.
var CLSID_WbemLevel1Login = new Guid("8BC3F05E-D86B-11D0-A075-00C04FB68820");
var typeInfo = Type.GetTypeFromCLSID(CLSID_WbemLevel1Login, address, true);
var wbemLevel1Login = (IWbemLevel1Login)Activator.CreateInstance(typeInfo);
object output = null;
var result = wbemLevel1Login.NTLMLogin("ROOT\\CIMV2", null, 0, null, ref output);
// Get the WMI object
var wbemServices = (IWbemServices)output;
result = wbemServices.GetObject("Win32_Process", 0, null, ref output, null);
var win32Process = (IWbemClassObject)output;
// Get the signature (e.g., the definition) of the input parameters.
result = win32Process.GetMethod("Create", 0, ref output, null);
var inSignature = (IWbemClassObject)output;
// Create an instance of the input parameters for use to set them to
// actual values.
inSignature.SpawnInstance(0, ref output);
var inParameters = (IWbemClassObject)output;
var input = (object)process;
result = inParameters.Put("CommandLine", 0, ref input);
// Execute the Win32_Process:Create and show its output parameters.
result = wbemServices.ExecMethod("Win32_Process", "Create", 0, null, inParameters, ref output, null);
Object value = null;
((IWbemClassObject)output).Get("ProcessId", 0, ref value);
Console.Out.WriteLine("ProcessId: " + value.ToString());
((IWbemClassObject)output).Get("ReturnValue", 0, ref value);
Console.Out.WriteLine("ReturnValue: " + value.ToString());
Console.In.ReadLine();
}
}
}
Raw
ms_wmi.idl
// The IDL from the following link, modified to compile cleanly.
// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wmi/c2ea576a-0a62-4da8-a472-bafde9541f0f
import "oaidl.idl";
import "ocidl.idl";
interface IWbemClassObject;
interface IWbemServices;
interface IWbemObjectSink;
interface IEnumWbemClassObject;
interface IWbemCallResult;
interface IWbemContext;
interface IWbemBackupRestore;
interface IWbemBackupRestoreEx;
interface IWbemLoginClientID;
interface IWbemLevel1Login;
interface IWbemLoginHelper;
[
restricted,
uuid(8BC3F05E-D86B-11d0-A075-00C04FB68820)
]
coclass WbemLevel1Login {
interface IWbemLevel1Login;
};
[
restricted,
uuid(674B6698-EE92-11d0-AD71-00C04FD8FDFF)
]
coclass WbemContext
{
interface IWbemContext;
};
[
uuid(9A653086-174F-11d2-B5F9-00104B703EFD)
]
coclass WbemClassObject
{
interface IWbemClassObject;
};
[
uuid(C49E32C6-BC8B-11d2-85D4-00105A1F8304)
]
coclass WbemBackupRestore
{
interface IWbemBackupRestoreEx;
};
#define OPTIONAL in, unique
interface IWbemQualifierSet;
[
local,
restricted,
object,
uuid(dc12a681-737f-11cf-884d-00aa004b2e24)
]
interface IWbemClassObject : IUnknown
{
};
interface IWbemServices;
[
object,
restricted,
uuid(7c857801-7381-11cf-884d-00aa004b2e24)
]
interface IWbemObjectSink : IUnknown
{
HRESULT Indicate(
[in] long lObjectCount,
[in, size_is(lObjectCount)]
IWbemClassObject** apObjArray
);
HRESULT SetStatus(
[in] long lFlags,
[in] HRESULT hResult,
[in] BSTR strParam,
[in] IWbemClassObject* pObjParam
);
};
[
object,
restricted,
uuid(027947e1-d731-11ce-a357-000000000001)
]
interface IEnumWbemClassObject : IUnknown
{
HRESULT Reset();
HRESULT Next(
[in] long lTimeout,
[in] ULONG uCount,
[out, size_is(uCount), length_is(*puReturned)]
IWbemClassObject** apObjects,
[out] ULONG* puReturned
);
HRESULT NextAsync(
[in] ULONG uCount,
[in] IWbemObjectSink* pSink
);
HRESULT Clone(
[out] IEnumWbemClassObject** ppEnum
);
HRESULT Skip(
[in] long lTimeout,
[in] ULONG nCount
);
};
[
object,
restricted,
local,
uuid(44aca674-e8fc-11d0-a07c-00c04fb68820)
]
interface IWbemContext : IUnknown
{
};
[
object,
restricted,
uuid(44aca675-e8fc-11d0-a07c-00c04fb68820)
]
interface IWbemCallResult : IUnknown
{
HRESULT GetResultObject(
[in] long lTimeout,
[out] IWbemClassObject** ppResultObject
);
HRESULT GetResultString(
[in] long lTimeout,
[out] BSTR* pstrResultString
);
HRESULT GetResultServices(
[in] long lTimeout,
[out] IWbemServices** ppServices
);
HRESULT GetCallStatus(
[in] long lTimeout,
[out] long* plStatus
);
};
[
object,
restricted,
uuid(9556dc99-828c-11cf-a37e-00aa003240c7),
pointer_default(unique)
]
interface IWbemServices : IUnknown
{
HRESULT OpenNamespace(
[in] const BSTR strNamespace,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out, in, unique] IWbemServices** ppWorkingNamespace,
[out, in, unique] IWbemCallResult** ppResult
);
HRESULT CancelAsyncCall(
[in] IWbemObjectSink* pSink
);
HRESULT QueryObjectSink(
[in] long lFlags,
[out] IWbemObjectSink** ppResponseHandler
);
HRESULT GetObject(
[in] const BSTR strObjectPath,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out, in, unique] IWbemClassObject** ppObject,
[out, in, unique] IWbemCallResult** ppCallResult
);
HRESULT GetObjectAsync(
[in] const BSTR strObjectPath,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT PutClass(
[in] IWbemClassObject* pObject,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out, in, unique] IWbemCallResult** ppCallResult
);
HRESULT PutClassAsync(
[in] IWbemClassObject* pObject,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT DeleteClass(
[in] const BSTR strClass,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out, in, unique] IWbemCallResult** ppCallResult
);
HRESULT DeleteClassAsync(
[in] const BSTR strClass,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT CreateClassEnum(
[in] const BSTR strSuperclass,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out] IEnumWbemClassObject** ppEnum
);
HRESULT CreateClassEnumAsync(
[in] const BSTR strSuperclass,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT PutInstance(
[in] IWbemClassObject* pInst,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out, in, unique] IWbemCallResult** ppCallResult
);
HRESULT PutInstanceAsync(
[in] IWbemClassObject* pInst,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT DeleteInstance(
[in] const BSTR strObjectPath,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out, in, unique] IWbemCallResult** ppCallResult
);
HRESULT DeleteInstanceAsync(
[in] const BSTR strObjectPath,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT CreateInstanceEnum(
[in] const BSTR strSuperClass,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out] IEnumWbemClassObject** ppEnum
);
HRESULT CreateInstanceEnumAsync(
[in] const BSTR strSuperClass,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT ExecQuery(
[in] const BSTR strQueryLanguage,
[in] const BSTR strQuery,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out] IEnumWbemClassObject** ppEnum
);
HRESULT ExecQueryAsync(
[in] const BSTR strQueryLanguage,
[in] const BSTR strQuery,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT ExecNotificationQuery(
[in] const BSTR strQueryLanguage,
[in] const BSTR strQuery,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out] IEnumWbemClassObject** ppEnum
);
HRESULT ExecNotificationQueryAsync(
[in] const BSTR strQueryLanguage,
[in] const BSTR strQuery,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemObjectSink* pResponseHandler
);
HRESULT ExecMethod(
[in] const BSTR strObjectPath,
[in] const BSTR strMethodName,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemClassObject* pInParams,
[out, in, unique] IWbemClassObject** ppOutParams,
[out, in, unique] IWbemCallResult** ppCallResult
);
HRESULT ExecMethodAsync(
[in] const BSTR strObjectPath,
[in] const BSTR strMethodName,
[in] long lFlags,
[in] IWbemContext* pCtx,
[in] IWbemClassObject* pInParams,
[in] IWbemObjectSink* pResponseHandler
);
};
[
object,
restricted,
uuid(C49E32C7-BC8B-11d2-85D4-00105A1F8304)
]
interface IWbemBackupRestore : IUnknown
{
HRESULT Backup(
[in, string] LPCWSTR strBackupToFile,
[in] long lFlags
);
HRESULT Restore(
[in, string] LPCWSTR strRestoreFromFile,
[in] long lFlags
);
};
[
object,
restricted,
uuid(A359DEC5-E813-4834-8A2A-BA7F1D777D76)
]
interface IWbemBackupRestoreEx : IWbemBackupRestore
{
HRESULT Pause();
HRESULT Resume();
};
typedef enum _WBEM_REFR_VERSION_NUMBER {
WBEM_REFRESHER_VERSION = 2
} WBEM_REFR_VERSION_NUMBER;
typedef [v1_enum] enum _WBEM_INSTANCE_BLOB_TYPE {
WBEM_BLOB_TYPE_ALL = 2,
WBEM_BLOB_TYPE_ERROR = 3,
WBEM_BLOB_TYPE_ENUM = 4
} WBEM_INSTANCE_BLOB_TYPE;
typedef struct _WBEM_REFRESHED_OBJECT {
long m_lRequestId;
WBEM_INSTANCE_BLOB_TYPE m_lBlobType;
long m_lBlobLength;
[size_is(m_lBlobLength)] byte* m_pbBlob;
} WBEM_REFRESHED_OBJECT;
[
restricted,
uuid(F1E9C5B2-F59B-11d2-B362-00105A1F8177)
]
interface IWbemRemoteRefresher : IUnknown {
HRESULT RemoteRefresh(
[in] long lFlags,
[out] long* plNumObjects,
[out, size_is(, *plNumObjects)]
WBEM_REFRESHED_OBJECT** paObjects
);
HRESULT StopRefreshing(
[in] long lNumIds,
[in, size_is(lNumIds)] long* aplIds,
[in] long lFlags
);
HRESULT Opnum5NotUsedOnWire(
[in] long lFlags,
[out] GUID* pGuid
);
};
typedef struct {
IWbemRemoteRefresher* m_pRefresher;
IWbemClassObject* m_pTemplate;
GUID m_Guid;
} _WBEM_REFRESH_INFO_REMOTE;
typedef struct {
[string] wchar_t* m_wszNamespace;
IWbemClassObject* m_pTemplate;
} _WBEM_REFRESH_INFO_NON_HIPERF;
typedef enum
{
WBEM_REFRESH_TYPE_INVALID = 0,
WBEM_REFRESH_TYPE_REMOTE = 3,
WBEM_REFRESH_TYPE_NON_HIPERF = 6
}WBEM_REFRESH_TYPE;
typedef [switch_type(long)] union {
[case (WBEM_REFRESH_TYPE_REMOTE)]
_WBEM_REFRESH_INFO_REMOTE m_Remote;
[case (WBEM_REFRESH_TYPE_NON_HIPERF)]
_WBEM_REFRESH_INFO_NON_HIPERF m_NonHiPerf;
[case (WBEM_REFRESH_TYPE_INVALID)]
HRESULT m_hres;
} WBEM_REFRESH_INFO_UNION;
typedef struct {
long m_lType;
[switch_is(m_lType)] WBEM_REFRESH_INFO_UNION m_Info;
long m_lCancelId;
} _WBEM_REFRESH_INFO;
typedef struct {
[string] LPSTR m_szMachineName;
DWORD m_dwProcessId;
GUID m_guidRefresherId;
} _WBEM_REFRESHER_ID;
typedef enum {
WBEM_RECONNECT_TYPE_OBJECT = 0,
WBEM_RECONNECT_TYPE_ENUM = 1,
WBEM_RECONNECT_TYPE_LAST = 2
}WBEM_RECONNECT_TYPE;
typedef struct {
long m_lType;
[string] LPCWSTR m_pwcsPath;
} _WBEM_RECONNECT_INFO;
typedef struct {
long m_lId;
HRESULT m_hr;
} _WBEM_RECONNECT_RESULTS;
[
restricted,
uuid(2C9273E0-1DC3-11d3-B364-00105A1F8177)
]
interface IWbemRefreshingServices : IUnknown
{
HRESULT AddObjectToRefresher(
[in] _WBEM_REFRESHER_ID* pRefresherId,
[in, string] LPCWSTR wszPath,
[in] long lFlags,
[in] IWbemContext* pContext,
[in] DWORD dwClientRefrVersion,
[out] _WBEM_REFRESH_INFO* pInfo,
[out] DWORD* pdwSvrRefrVersion
);
HRESULT AddObjectToRefresherByTemplate(
[in] _WBEM_REFRESHER_ID* pRefresherId,
[in] IWbemClassObject* pTemplate,
[in] long lFlags,
[in] IWbemContext* pContext,
[in] DWORD dwClientRefrVersion,
[out] _WBEM_REFRESH_INFO* pInfo,
[out] DWORD* pdwSvrRefrVersion
);
HRESULT AddEnumToRefresher(
[in] _WBEM_REFRESHER_ID* pRefresherId,
[in, string] LPCWSTR wszClass,
[in] long lFlags,
[in] IWbemContext* pContext,
[in] DWORD dwClientRefrVersion,
[out] _WBEM_REFRESH_INFO* pInfo,
[out] DWORD* pdwSvrRefrVersion
);
HRESULT RemoveObjectFromRefresher(
[in] _WBEM_REFRESHER_ID* pRefresherId,
[in] long lId,
[in] long lFlags,
[in] DWORD dwClientRefrVersion,
[out] DWORD* pdwSvrRefrVersion
);
HRESULT GetRemoteRefresher(
[in] _WBEM_REFRESHER_ID* pRefresherId,
[in] long lFlags,
[in] DWORD dwClientRefrVersion,
[out] IWbemRemoteRefresher** ppRemRefresher,
[out] GUID* pGuid,
[out] DWORD* pdwSvrRefrVersion
);
HRESULT ReconnectRemoteRefresher(
[in] _WBEM_REFRESHER_ID* pRefresherId,
[in] long lFlags,
[in] long lNumObjects,
[in] DWORD dwClientRefrVersion,
[in, size_is(lNumObjects)]
_WBEM_RECONNECT_INFO* apReconnectInfo,
[in, out, size_is(lNumObjects)]
_WBEM_RECONNECT_RESULTS* apReconnectResults,
[out] DWORD* pdwSvrRefrVersion
);
};
[
restricted,
object,
uuid(423EC01E-2E35-11d2-B604-00104B703EFD)
]
interface IWbemWCOSmartEnum : IUnknown
{
HRESULT Next(
[in] REFGUID proxyGUID,
[in] long lTimeout,
[in] ULONG uCount,
[out] ULONG* puReturned,
[out] ULONG* pdwBuffSize,
[out, size_is(, *pdwBuffSize)] byte** pBuffer
);
};
[
restricted,
object,
uuid(1C1C45EE-4395-11d2-B60B-00104B703EFD)
]
interface IWbemFetchSmartEnum : IUnknown
{
HRESULT GetSmartEnum(
[out] IWbemWCOSmartEnum** ppSmartEnum
);
};
[
restricted,
object,
uuid(d4781cd6-e5d3-44df-ad94-930efe48a887)
]
interface IWbemLoginClientID : IUnknown
{
HRESULT SetClientInfo(
[in, unique, string] LPWSTR wszClientMachine,
[in] long lClientProcId,
[in] long lReserved
);
};
[
object,
restricted,
uuid(F309AD18-D86A-11d0-A075-00C04FB68820),
pointer_default(unique)
]
interface IWbemLevel1Login : IUnknown
{
HRESULT EstablishPosition(
[in, unique, string] wchar_t* reserved1,
[in] DWORD reserved2,
[out] DWORD* LocaleVersion
);
HRESULT RequestChallenge(
[in, unique, string] wchar_t* reserved1,
[in, unique, string] wchar_t* reserved2,
[out, size_is(16), length_is(16)] unsigned char* reserved3
);
HRESULT WBEMLogin(
[in, unique, string] wchar_t* reserved1,
[in, size_is(16), length_is(16), unique]
unsigned char* reserved2,
[in] long reserved3,
[in] IWbemContext* reserved4,
[out] IWbemServices** reserved5
);
HRESULT NTLMLogin(
[in, unique, string] LPWSTR wszNetworkResource,
[in, unique, string] LPWSTR wszPreferredLocale,
[in] long lFlags,
[in] IWbemContext* pCtx,
[out] IWbemServices** ppNamespace
);
};
[
restricted,
object,
uuid(541679AB-2E5F-11d3-B34E-00104BCC4B4A)
]
interface IWbemLoginHelper : IUnknown
{
HRESULT SetEvent(
[in] LPCSTR sEventToSet
);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment