• mmc20创建进程c/c++实现

    背景

    最近写了一份遍历clsid所有接口的代码(链接点这里),在查找有意思的包含exe方法的时候发现了mmc20,且接口是6efc2da2-b38c-457e-9abb-ed2d189b8c38。

    但常见的使用mmc20都是用的vbs和powershell来创建的进程,这里提供c/c++的实现。

    1. #include
    2. #include
    3. #include
    4. #include
    5.  
    6. #pragma comment(lib, "Rpcrt4.lib")
    7. using namespace std;
    8.  
    9. void MMC20ExeDemo2()
    10. {
    11. 	CLSID clsidshell;
    12. 	LPDISPATCH lpDisp;
    13. 	HRESULT hres = E_FAIL;
    14. 	hres = CoInitializeEx(0, COINIT_MULTITHREADED);
    15. 	hres = CLSIDFromString(L"{49b2791a-b1ae-4c90-9b8e-e860ba07f889}", &clsidshell);
    16. 	if (FAILED(hres))
    17. 	{
    18. 		printf("CLSIDFromProgID or CLSIDFromString failed %x \n", hres);
    19. 		CoUninitialize();
    20. 		return ;
    21. 	}
    22.  
    23. 	hres = CoCreateInstance(clsidshell, NULL, CLSCTX_LOCAL_SERVER, IID_IDispatch, (LPVOID*)& lpDisp);
    24. 	if (FAILED(hres))
    25. 	{
    26. 		printf("CoCreateInstance failed %x \n", hres);
    27. 		CoUninitialize();
    28. 		return ;
    29. 	}
    30.  
    31. 	LPOLESTR pFuncName = (LPOLESTR)L"Document";
    32. 	DISPID Run;
    33. 	hres = lpDisp->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
    34. 	if (FAILED(hres))
    35. 	{
    36. 		printf("GetIDsOfNames failed %x \n", hres);
    37. 		lpDisp->Release();
    38. 		CoUninitialize();
    39. 		return;
    40. 	}
    41.  
    42. 	DISPPARAMS disParams = { NULL, NULL, 0, 0 };
    43. 	VARIANT pVarResult;
    44. 	hres = lpDisp->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_PROPERTYGET, &disParams, &pVarResult, NULL, NULL);
    45. 	if (FAILED(hres))
    46. 		printf("Invoke failed %x \n", hres);
    47.  
    48. 	if (pVarResult.vt == VT_DISPATCH)
    49. 	{
    50. 		LPDISPATCH lpDisp2 = pVarResult.pdispVal;
    51.  
    52. 		LPOLESTR pFuncName = (LPOLESTR)L"ActiveView";
    53. 		DISPID Run;
    54. 		hres = lpDisp2->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
    55. 		if (FAILED(hres))
    56. 		{
    57. 			printf("lpDisp2->GetIDsOfNames failed %x \n", hres);
    58. 		}
    59.  
    60. 		DISPPARAMS disParams2 = { NULL, NULL, 0, 0 };
    61. 		VARIANT pVarResult2;
    62. 		hres = lpDisp2->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_PROPERTYGET, &disParams2, &pVarResult2, NULL, NULL);
    63. 		if (FAILED(hres))
    64. 			printf("lpDisp2->Invoke failed %x \n", hres);
    65. 		if (pVarResult2.vt == VT_DISPATCH)
    66. 		{
    67. 			LPDISPATCH lpDisp3 = pVarResult2.pdispVal;
    68.  
    69. 			LPOLESTR pFuncName = (LPOLESTR)L"Executeshellcommand";
    70. 			DISPID Run;
    71. 			hres = lpDisp3->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
    72. 			if (FAILED(hres))
    73. 			{
    74. 				printf("lpDisp3->GetIDsOfNames failed %x \n", hres);
    75. 			}
    76.  
    77. 			VARIANTARG V[4];
    78. 			V[0].vt = VT_BSTR;
    79. 			V[0].bstrVal = _bstr_t(L"");
    80. 			V[1].vt = VT_BSTR;
    81. 			V[1].bstrVal = _bstr_t(L"");
    82. 			V[2].vt = VT_BSTR;
    83. 			V[2].bstrVal = _bstr_t(L"");
    84. 			V[3].vt = VT_BSTR;
    85. 			V[3].bstrVal = _bstr_t(L"calc.exe");  
    86. 			DISPPARAMS disParams3 = { V, NULL, 4, 0 };
    87. 			VARIANT pVarResult3;
    88. 			hres = lpDisp3->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, &disParams3, &pVarResult3, NULL, NULL);
    89. 			if (FAILED(hres))
    90. 				printf("lpDisp3->Invoke failed %x \n", hres);
    91. 		}
    92. 	}
    93. 	
    94. 	lpDisp->Release();
    95. 	CoUninitialize();
    96. 	return ;
    97. }
    98.  
    99. int main()
    100. {
    101. 	MMC20ExeDemo2();
    102. 	system("pause");
    103. 	return TRUE;
    104. }
  • 相关阅读:
    力扣labuladong——一刷day05
    tcp/ip:记一次完整的数据包传输过程
    云原生丨5大Datadog集成,快速提高团队效率!
    哪些人群在报考浙大工程管理硕士(MEM)?
    浅谈React中的ref和useRef
    课堂练习12 继承与多态
    trace clock structure的若干方法
    快手API接口解析,实现根据ID取商品详情
    启动uniapp小程序报错:Error:app.json:在项目根目录中未找到app.json
    nextTick源码解读
  • 原文地址:https://blog.csdn.net/qq_37353105/article/details/133035372