利用WMI及C#的支援,如果取得遠端電腦的具有權限的帳號,即可在不用登入的情況下,執行遠端電腦的程式。

//先加入System.Management的參考

Using System.Management;//引用

        /// <summary>

        /// 建立遠端連線選項

        /// </summary>

        /// <param></param>

        /// <param></param>

        /// <returns></returns>

        static ConnectionOptions GetOptions(string username, string pwd)

        {

            // 建立遠端連線選項

            ConnectionOptions options = new ConnectionOptions();

            options.Username = username;   // 使用者名稱

            options.Password = pwd;   // 使用者密碼

            options.Authentication = AuthenticationLevel.Default;    // 認證模式設定 (採用預設)

            options.Impersonation = ImpersonationLevel.Impersonate;  // 設定 COM 模擬等級

            options.EnablePrivileges = true// 是否需要使用者的權限才能啟動命令

            //options.Authority = "ntdlmdomain:DOMAIN";

            return options;

        }

 

        //啟動某個命令
       static uint ExecuteCommand(string Command, string RemoteNameIP, string username, string pwd)

        {

            uint intProcessID = 0;//等等要取得的ProcessID

            ConnectionOptions options = GetOptions(username, pwd);//建立遠端的帳密

            //啟動命令的作業範圍

            ManagementScope scope = new ManagementScope(string.Format(@"\\{0}\root\cimv2", RemoteNameIP), options);

            scope.Connect();//啟動連線,如果是本機,可以不需要options的參數

            if (scope.IsConnected)//因為WMI可以手動關閉,所以要偵測連線

            {

                //指定WMI

                ManagementPath MP = new ManagementPath("Win32_Process");//要先知道命令的大類

                //實體化

                using (ManagementClass classObj = new ManagementClass(scope, MP, null))

                {

                    //取得方法的參數                   

                    ManagementBaseObject inputArgs = classObj.GetMethodParameters("Create");//方法的名稱可事前用classObj.Methods.GetEnumerator()方法得知

                    inputArgs["CommandLine"] = Command;

                    //inputArgs["CurrentDirectory"] = string.Empty;

                    //inputArgs["ProcessStartupInformation"] = string.Empty;

                    //觸發命令

                    ManagementBaseObject outParams = classObj.InvokeMethod("Create", inputArgs, null);

                    object ProcessId = outParams.Properties["ProcessId"].Value;

                    object ReturnValue = outParams.Properties["ReturnValue"].Value;

                    intProcessID = (uint)(ProcessId);

                }

            }

            return intProcessID;

        }

        static uint TerminateProcess(uint ProcessID, string RemoteNameIP, string username, string pwd)

        {

            uint uintReturnValue = 0;

            ConnectionOptions options = GetOptions(username, pwd);

            //啟動命令的作業範圍

            ManagementScope scope = new ManagementScope(string.Format(@"\\{0}\root\cimv2", RemoteNameIP), options);

            scope.Connect();

            if (scope.IsConnected)

            {

                //指定WMI               

                ObjectQuery objectquery = new ObjectQuery(string.Format("SELECT * From Win32_Process Where ProcessID = '{0}'", ProcessID));

                ManagementObjectSearcher query = new ManagementObjectSearcher(scope, objectquery);

                ManagementObjectCollection queryCollection = query.Get();

                foreach (ManagementObject mo in query.Get())

                {

                    object ReturnValue = mo.InvokeMethod("Terminate", null);

                    if (ReturnValue != null)

                        uintReturnValue = (uint)ReturnValue;

                }

            }

            return uintReturnValue;

        }

 

參考資料:

中文


英文

 


arrow
arrow
    全站熱搜

    ikaritw 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄