1

我通过 WMI 在远程机器上运行进程。

如果是远程创建的,我可以签入进程代码(在远程机器上)吗?

我试过Process.GetCurrentProcess()Process.GetCurrentProcess().StartInfo属性,但我没有找到任何信息。环境类也不包含任何信息。

我的代码用于创建远程进程(我在某个论坛上找到了它):

                var connOptions = new ConnectionOptions()
                {
                    Username = "user",
                    Password = "password"
                };

            connOptions.Impersonation = ImpersonationLevel.Impersonate;
            connOptions.EnablePrivileges = true;

            var manScope = new ManagementScope(string.Format(@"\\{0}\root\cimv2", "MachineName"), connOptions);

            manScope.Connect();

            var objectGetOptions = new ObjectGetOptions();
            var managementPath = new ManagementPath("Win32_Process");
            using (var processClass = new ManagementClass(manScope, managementPath, objectGetOptions))
            {
                using (ManagementBaseObject inParams = processClass.GetMethodParameters("Create"))
                {
                    inParams["CommandLine"] = remoteFilePath;

                    using (ManagementBaseObject outParams = processClass.InvokeMethod("Create", inParams, null))
                    {
                        if ((uint)outParams["returnValue"] == 0)
                        {
                            var pid = (uint)outParams["processId"];

                            return pid;
                        }
                    }
                }
            }
4

1 回答 1

0

我不知道您是否可以检测到它,但是您可以做的一种解决方法是在您通过 WMI 启动时传递一个命令行参数,例如“remotelyStarted”,然后在您的代码中执行

const string REMOTELY_STARTED_FLAG = "remotelyStarted";

if(Environment.GetComandLineArgs().Contains(REMOTELY_STARTED_FLAG, StringComparison.OrdinalIgnoreCase))
{
    //Do code here if it was running remotely.
}
于 2013-08-26T14:45:26.177 回答