windows Windows下如何用C++在远程机器上启动进程
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1554591/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to start a process on a remote machine in C++ under Windows
提问by kampi
I'm using Dev-C++ under Windows. My question is how can i start a process on a remote machine? I know that PsExec can do that, but if it's possible, i want to avoid to use it. If someone can give some example code, i would appreciate it :)
我在 Windows 下使用 Dev-C++。我的问题是如何在远程机器上启动进程?我知道 PsExec 可以做到这一点,但如果可能的话,我想避免使用它。如果有人可以提供一些示例代码,我将不胜感激:)
Thanks in advance!
提前致谢!
kampi
坎皮
回答by JBRWilkinson
If this was easy, hackers would be starting up malware on all machines exposed to the internet.
如果这很容易,黑客就会在所有暴露在互联网上的机器上启动恶意软件。
PSExec uses the Services Control Manager over a LAN to start a service EXE from 'here', i.e. the machine where you run it. It requires a lot of security privileges - e.g. admin rights.
PSExec 使用 LAN 上的服务控制管理器从“此处”(即运行它的机器)启动服务 EXE。它需要很多安全权限——例如管理员权限。
If you don't want to do this, you can look into SSH (there are open source examples) or Remote Command Prompt (in Windows Resource Kit).
如果您不想这样做,您可以查看 SSH(有开源示例)或远程命令提示符(在 Windows 资源工具包中)。
回答by noctonura
You can use WMI... (C# example so you'll have to find the equivalent C++)
您可以使用 WMI...(C# 示例,因此您必须找到等效的 C++)
ConnectionOptions connectOptions = new ConnectionOptions();
connectOptions.Username = "Administrator";
connectOptions.Password = "TopSecret";
ManagementScope scope = new ManagementScope(
@"\" + machine + @"\root\cimv2",
connectOptions);
scope.Connect();
ManagementPath path = new ManagementPath(@"Win32_Process");
ManagementClass proc = new ManagementClass(scope, path, new ObjectGetOptions());
ManagementBaseObject args = proc.GetMethodParameters("Create");
args["CommandLine"] = "C:\Windows\notepad.exe";
proc.InvokeMethod("Create", args, null);
回答by Martin v. L?wis
It would be best if you already have a service running on the remote machine which you can ask to run a program. Windows itself does not provide anything useful out of the box; it does ship with a remote shell service (which is usually deactivated or not even installed).
如果您已经在远程机器上运行了一项服务,您可以要求它运行一个程序,那将是最好的。Windows 本身不提供任何有用的开箱即用的东西;它确实附带了远程外壳服务(通常已停用或什至未安装)。
IIUC, what psexec does is this:
IIUC, psexec 做的是这样的:
- copy a the binary onto the remote machine, using an administrative share
- install the binary remotely as a service, using remote registry operations
- start the service remotely, using the service control manager API.
- 使用管理共享将二进制文件复制到远程机器上
- 使用远程注册表操作将二进制文件作为服务远程安装
- 使用服务控制管理器 API 远程启动服务。
If you don't want to use psexec, you could still do the same. Notice that you need quite some privileges to do so.
如果您不想使用 psexec,您仍然可以这样做。请注意,您需要相当多的权限才能这样做。
回答by Skizz
The simple answer is that you can't. All you can do is send a message to the remote machine asking it to start the process for you. PsExec runs on the remote machine listening for specific messages and starting processes in response to them.
简单的答案是你不能。您所能做的就是向远程机器发送一条消息,要求它为您启动该过程。PsExec 在远程机器上运行,侦听特定消息并启动进程以响应它们。
You can either use an existing protocol, like PsExec, or create your own. Creating your own requires that you can install a service on the remote machine. If the remote machine is not under your control then this isn't possible. If you do design your own system you must be careful when designing the protocol as you don't want to inadvertently open a security hole in your system.
您可以使用现有协议,例如 PsExec,也可以创建自己的协议。创建自己的服务要求您可以在远程计算机上安装服务。如果远程机器不在您的控制之下,那么这是不可能的。如果您确实设计了自己的系统,则在设计协议时必须小心,因为您不想无意中在系统中打开安全漏洞。
