WMI Win32_Service

Doesn't seem like you understand the nature of WMI, Windows Management Instrumentation. It is a part of COM/DCOM components. Jack Rong

Anybody has idea how to start specific service in remote machine using WMI C++ API. Jack Rong

Anybody has idea how to start specific service in remote machine using WMI C++ API.

Anybody has idea how to start specific service in remote using WMI C++ API. Jack Rong

I would like to copy file from local to remote machine using WMI in C++. Not quite sure how to do this. According to MS doc, "Win32_Directory" can be a good candidate. Anybody got idea? Thanks in advance. Jack Rong

I would like to copy file from local to remote machine using WMI in C++. Not quite sure how to do this. According to MS doc, "Win32_Directory" can be a good candidate. Anybody got idea? Thanks in advance. Jack Rong

I would like to copy file from local to remote machine using WMI in C++. Not quite sure how to do this. According to MS doc, "Win32_Directory" can be a good candidate. Anybody got idea? Thanks in advance. Jack Rong

I would like to copy file from local to remote machine using WMI in C++. Not quite sure how to do this. According to MS doc, "Win32_Directory" can be a good candidate. Anybody got idea? Thanks in advance. Jack Rong

I would like to copy file from local to remote machine using WMI in C++. Not quite sure how to do this. According to MS doc, "Win32_Directory" can be a good candidate. Anybody go idea? Thanks in advance. Jack Rong

Can anybody provide me hint as how to get parent process command line in 64 bit. I used the NtQueryInformationProcess() in conjunction with date structures: typedef struct _PROCESS_BASIC_INFORMATION { PVOID Reserved1; PPEB PebBaseAddress; PVOID Reserved2[2]; ULONG_PTR UniqueProcessId; PVOID Reserved3; } PROCESS_BASIC_INFORMATION struct _PEB2 { DWORD dwFiller[4]; DWORD dwInfoBlockAddress; } PEB2; struct _INFOBLOCK { DWORD dwFiller[16]; WORD wLength; WORD wMaxLength; DWORD dwCmdLineAddress; } Block to retrieve parent process's command line info. Worked well in 32 bit application, but failed in 64 bit application. Any helps from you guys are greatly appreciated. Jack Rong

I have used NtQueryInformationProces, struct PROCESS_BASIC_INFORMATION and struct PEB etc to access process info and then retrieve its arguments. It works great in WIN32 but stops working in WIN64 mainly because of the address space problem. Just be clear I am using 64 bit process to access other 64 bit process's info (its parent process). Can any body provide hint! Thanks! Jack Rong

Thanks for your response. Yes, I do pass the process handle, here is the example, hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, mypid ); NtQueryInformationProcess (hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), &dwSize); Where "mypid" is what I want and is not current PID. But the CommandLine I got is the Current Process's CommandLine. So strange! Yes, I realize that. But I am not sure which new function can be used in order to replace the "NtQueryInformationProcess()" though. Jack

I used NtQueryInformationProcess to get PROCESS_BASIC_INFORMATION and PEB and then RTL_USER_PROCESS_PARAMETERS. But CommandLine of RTL_USER_PROCESS_PARAMETERS is always associated with the currect process although I passed in different PID into NtQueryInformationProcess() call. By the way, I am using XP64. Can you help. Thanks Jack Rong

I have coded application to retrieve any running process's arguments and worked very well in Win32, but falied in 64 bit Windows(x64). The approache is to use NtQueryInformationProcess to get PROCESS_BASIC_INFORMATION which has the data structure like: typedef struct _PROCESS_BASIC_INFORMATION { PVOID Reserved1; PPEB PebBaseAddress; PVOID Reserved2[2]; ULONG_PTR UniqueProcessId; PVOID Reserved3; } PROCESS_BASIC_INFORMATION; and then use ReadProcessMemory() to get dwInfoBlockAddress in PEB2, like struct _PEB2 { DWORD dwFiller[4]; DWORD dwInfoBlockAddress; } PEB2; and so on Here is the partial sample code: NtQueryInformationProcess)(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), &dwSize); ReadProcessMemory(hProcess, (LPCVOID)pbi.PebBaseAddress, &PEB2, sizeof(PEB2), &dwSize); ReadProcessMemory(hProcess, (LPCVOID) PEB2.dwInfoBlockAddress, &Block, sizeof(Block), &dwSize); cmdLine = (TCHAR *) malloc (Block.wMaxLength+10); ReadProcessMemory(hProcess, (LPCVOID) Block.dwCmdLineAddress, cmdLine, Block.wMaxLength+10, &dwSize); It failed in getting dwInfoBlockAddress of PEB2. Can any of you provide some hints/helps. Maybe the memory structures/address are totally different between 32 and 64 bit data models....??? The problem is there is no useful documents I could look at. Thanks a lot. Jack Rong

It works fine in previous version until we decide to use .NET 2005. The C# project failed to add reference of COM Dll in C++ with the error message: A reference to "../whatevername.dll" could not be added. Please make sure that the file is accessible, that it is a valid assembly or COM component". Please help. Jack Rong

It works fine in previous version until we decide to use .NET 2005. The C# project failed to add reference of COM Dll in C++ with the error message: A reference to "../whatevername.dll" could not be added. Please make sure that the file is accessible, that it is a valid assembly or COM component". Please help. Jack Rong

It is been quite a while. I have a task to identify a calling Windows' batch script's name and its location. Basically, the batch script calls/spawns my C++ executable as a parent process and I failed to identify the parent. I can identify a number of different calling processes using NtQueryInformationProcess(), but failed to do so to the batch script. The main reason is that the batch process is shown as cmd.exe not a real script name. Thanks a lot for the help.

It has been quite a while. I have a task to identify a calling Windows' batch script's name and its location. Basically, the batch script calls/spawns my C++ executable as a parent process and I failed to identify the parent. I can identify a number of different calling processes using NtQueryInformationProcess(), but failed to do so to the batch script. The main reason is that the batch process is shown as cmd.exe not a real script name. Any deal? Thanks a lot for the help.

It has been quite a while. I have a task to identify a calling Windows' batch script's name and its location. Basically, the batch script calls/spawns my C++ executable as a parent process and I failed to identify the parent. I can identify a number of different calling processes using NtQueryInformationProcess(), but failed to do so to the batch script. The main reason is that the batch process is shown as cmd.exe not a real script name. Any idea? Thanks a lot for the help. Jack

It is been quite a while. I have a task to identify a calling Windows' batch script's name and its location. Basically, the batch script calls/spawns my C++ executable as a parent process and I failed to identify the parent. I can identify a number of different calling processes using NtQueryInformationProcess(), but failed to do so to the batch script. The main reason is that the batch process is shown as cmd.exe not a real script name. Thanks a lot for the help.