使用WINRM在远程主机上推送二进制文件

时间:2010-11-25 07:03:52

标签: c++ c windows winapi

我可以使用WINRM在远程主机窗口上推送二进制文件。 如果没有,是否有任何其他机制允许我在远程主机上推送二进制文件。

1 个答案:

答案 0 :(得分:0)

我想我找到了解决方案。

#include <windows.h>
#include <tchar.h>    

#define           SIZEOF_BUFFER      0x100

// Remote Parameters
LPCTSTR           lpszMachine    = NULL;
LPCTSTR           lpszPassword   = NULL;
LPCTSTR           lpszUser       = NULL;
LPCTSTR           lpszDomain     = NULL;
LPCTSTR           lpszCommandExe = NULL;
LPCTSTR           lpszLocalIP    = _T("\\\\127.0.0.1");

char        szThisMachine[SIZEOF_BUFFER] = "";
char        szPassword[SIZEOF_BUFFER]    = "";

LPCTSTR GetParamValue( LPCTSTR lpszParam )
{
    DWORD dwParamLength = _tcslen( lpszParam );

    for ( int i = 1; i < __argc; i++ )
        if ( __targv[i][0] == _T('\\') || __targv[i][0] == _T('.'))
            continue;
        else
            if ( __targv[i][0] == _T('/') || __targv[i][0] == _T('-') )
            {
                if ( _tcsnicmp( __targv[i] + 1, lpszParam, dwParamLength ) == 0 )
                      return __targv[i] + dwParamLength + 1;
          }
          else
                return NULL;    
      return NULL;
}

LPCTSTR GetNthParameter( DWORD n, DWORD& argvIndex )
{
      DWORD index = 0;    
      for( int i = 1; i < __argc; i++ )
      {
            if ( __targv[i][0] != _T('/') && __targv[i][0] != _T('-') )
                  index++;

            if ( index == n )
            {
                  argvIndex = i;
                  return __targv[i];
            }
      }    
      return NULL;
}

BOOL SetConnectionCredentials()
{
      lpszPassword = GetParamValue( _T("pwd:") );
      lpszUser     = GetParamValue( _T("user:") );
      return TRUE;
}

LPCTSTR GetRemoteMachineName()
{
      DWORD dwIndex = 0;
      LPCTSTR lpszMachine = GetNthParameter( 1, dwIndex );    
      if ( lpszMachine == NULL )
            // return NULL;
            return lpszLocalIP;    
      if ( _tcsnicmp( lpszMachine, _T(" "), 2 ) == 0 )
            return lpszLocalIP;    
      if ( _tcsnicmp( lpszMachine, _T("\\\\"), 2 ) == 0 )
            return lpszMachine;
      // If a dot is entered we take it as localhost
      if ( _tcsnicmp( lpszMachine, _T("."), 2 ) == 0 )
            return lpszLocalIP;    
      return NULL;
}    

// Establish Connection to Remote Machine
BOOL EstablishConnection( LPCTSTR lpszRemote, LPCTSTR lpszResource, BOOL bEstablish )
{
      TCHAR szRemoteResource[_MAX_PATH];
      DWORD rc;
      _stprintf( szRemoteResource, _T("%s\\%s"), lpszRemote, lpszResource );
      NETRESOURCE nr;
      nr.dwType = RESOURCETYPE_ANY;
      nr.lpLocalName = NULL;
      nr.lpRemoteName = (LPTSTR)&szRemoteResource;
      nr.lpProvider = NULL;

      //Establish connection (using username/pwd)
      rc = WNetAddConnection2( &nr, lpszPassword, lpszUser, FALSE );
      if ( rc == NO_ERROR ) 
            return TRUE; // indicate success
      return FALSE;
}
BOOL CopyBinaryToRemoteSystem()
{
      TCHAR drive[_MAX_DRIVE];
      TCHAR dir[_MAX_DIR];
      TCHAR fname[_MAX_FNAME];
      TCHAR ext[_MAX_EXT];
      TCHAR szRemoteResource[_MAX_PATH];

      // Gets the file name and extension
      _tsplitpath( lpszCommandExe, drive, dir, fname, ext );    
      _stprintf( szRemoteResource, _T("%s\\ADMIN$\\System32\\%s%s"), lpszMachine, fname, ext );    
      // Copy the Command's exe file to \\remote\ADMIN$\System32
      return CopyFile( lpszCommandExe, szRemoteResource, FALSE );
}

int _tmain( DWORD, TCHAR**, TCHAR** )
{
      int   rc = 0;
      DWORD dwIndex = 0;

      lpszMachine    = GetRemoteMachineName();
      lpszCommandExe = GetNthParameter( 2, dwIndex );
      SetConnectionCredentials();

      if ( !EstablishConnection( lpszMachine, _T("ADMIN$"), TRUE ) )
      {
            rc = -2;
      }
      if ( !CopyBinaryToRemoteSystem())
      {
      }
      return 0;
}