Remote cmd Basics

The process of remote CMD is that the server sends commands, the client executes the command, the client delivers the command to cmd for execution, the CMD delivers the returned data after the execution to the client, and the client returns the result. Pipeline is required for the interaction between CMD and the client. Here is an example. Paste it here.

// Perform test. CPP: defines the entry point for the console application. // # include "stdafx. H "# include <afx. h> # include <windows. h> # include <atlbase. h ># include <string> using namespace STD; bool createcmd (handle & hreadpipe1, handle & hwritepipe1, // handle & hreadpipe2, handle & hwritepipe2, // anonymous pipeline 2 read/write handle & hprocess) // The cmd created. EXE process handle {bool ret; security_attributes SA; SA. nlength = sizeof (SA); SA. lpsecurity Descriptor = 0; SA. binherithandle = true; ret = createpipe (& hreadpipe1, & hwritepipe1, & SA, 0); If (! RET) {return false;} ret = createpipe (& hreadpipe2, & hwritepipe2, & SA, 0); If (! RET) {return false;} startupinfo Si; zeromemory (& Si, sizeof (SI); SI. dwflags = startf_useshowwindow | startf_usestdhandles; SI. wshowwindow = sw_hide; SI. lpdesktop = "winsta0 \ default"; // creates a process and redirects standard input/output to hreadpipe2si. hstdinput = hreadpipe2; // set the standard output and error output to hwritepipe1si. hstdoutput = SI. hstderror = hwritepipe1; Char Using line [] = "cmd.exe/K"; process_information PI; ret = CreateProcess (null, using line, null, NUL L, 1, 0, null, null, & Si, & PI); If (! RET) {return false;} hprocess = pi. hprocess; closehandle (Pi. hthread); Return true ;} //************************************** **************************************// this function is used to write the bool writecmd (cstring cmdbuffer, handle hwritepipe2) {DWORD lbyteswrite; cmdbuffer + = "\ r \ n"; if (! Writefile (hwritepipe2, (lptstr) (lpctstr) cmdbuffer, cmdbuffer. getlength (), & lbyteswrite, null) {return false;} return true ;} //************************************** **************************************// this function is used to read the bool readcmd (handle hreadpipe1, cstring & cmdresult) {bool ret; DWORD lbytesread; char * buffer = new char [1024]; while (true) {memset (buffer,); ret = readfile (hreadpipe1, buffer, 1023, & lbytesread, 0); If (! RET) {Delete [] buffer; return false;} buffer [lbytesread] = '\ 0'; cmdresult + = buffer; If (buffer [lBytesRead-1] ='> ') {Delete [] buffer; return true ;}} Delete buffer; return true ;} //************************************** ***************************************/ /This function is used to close the void closecmd (handle hreadpipe1, handle hwritepipe1, // anonymous pipeline 1 read/write handle hreadpipe2, handle hwritepipe2, // anonymous pipeline 2 read/write handle hprocess) // create cmd. EXE process Handle {closehandle (hreadpipe1); closehandle (hwritepipe1); closehandle (hwritepipe2); closehandle (hreadpipe2); terminateprocess (hprocess, 0 );} //************************************** ***************************************/ /This function is used to clear the pipe data void emptypipe (handle hreadpipe1) {bool ret; DWORD bytesread; char * buffer = new char [1024]; while (true) {memset (buffer, 1024); ret = peeknamedpipe (hreadpipe1, buffer, & bytesread, 0, 0 ); If (bytesread = 0 |! RET) {Delete [] buffer; return;} readfile (hreadpipe1, buffer, bytesread, & bytesread, 0) ;}} int _ tmain (INT argc, _ tchar * argv []) {handle hread1, hwrite1; // read handle, write handle hread2, hwrite2; // read handle, write handle hcmd; cstring result; DWORD dw; If (createcmd (hread1, hwrite1, hread2, hwrite2, hcmd) <0) {printf ("createcmd failed"); DW = getlasterror (); printf ("getlasterror --> % u \ n", DW); exitprocess (DW); Return-1 ;}if (readcmd (hread1, result) <0) {printf ("readcmd failed"); DW = getlasterror (); printf ("getlasterror --> % u \ n", DW); exitprocess (DW); Return-1 ;} printf ("% s", result); result. empty (); char szbuf [max_path]; while (true) {zeromemory (szbuf, max_path); gets (szbuf); If (writecmd (szbuf, hwrite2) <0) {printf ("writecmd failed"); DW = getlasterror (); printf ("getlasterror --> % u \ n", DW); exitprocess (DW); Return-1 ;} if (readcmd (hread1, result) <0) {printf ("readcmd failed"); DW = getlasterror (); printf ("getlasterror --> % u \ n ", DW); exitprocess (DW); Return-1;} int I = result. find ("\ r \ n"); Result = result. mid (I + 2); printf ("% s", result); result. empty ();} closecmd (hread1, hwrite1, hread2, hwrite2, hcmd); System ("pause"); Return 0 ;}