Remote Shutdown without (!) RPC Service - wmi

There are different ways of shutting down a computer remotely.
Here are three I know of:
Invoking the Shutdown method of the Win32_OperatingSystem class through a remote WMI connection
Using the Microsoft Windows shutdown.exe
Letting your (whatever).exe copy itself to the systemfolder on the target machine, register itself as a service and start it remotely with parameters so that it initiates a local shutdown.
Number 3 is why sysinternals does, e.g. However, it requires that you have file & printer sharing active so that it is able to copy itself to the target and invoke the service.
Number 2 works almost everywhere... but also needs to have file & printer sharing being enabled. Because: This activates the RPC service which is needed for remotely invoking the shutdown.
As far as I can tell, even Number 1, the WMI solution, not only needs WMI installed on the target, but also the RPC service enabled.
My problem is:
I need a solution that allows me to shutdown a remote computer without RPC being enabled on it.
Is there a way?
Note: A way within a context of a business solution ;-)

I believe that you can use IPMI for such tasks. It requires hardware support though. We used it for lights-out management over a serial port in a solution a few years ago. We had some issues with the hardware support for soft shutdown since it requires some integration with the OS. From what I remember, you can mimic the hardware reaction to pressing the power button using a network packet sent by an IPMI utility. HTH.

Related

How to push data to a running Windows Service

My question is, is there a good way to push an integer value to a running windows service without restarting it and without writing to disk or having it poll some database?
Here's my scenario and a few thoughts:
I need to pass data to a windows service in real time I DO NOT want there to be a delay. All I need to give it is in integer and it can do the rest. My predecessor had it set up to poll a database every 10 min but that is no longer an option. I need the response time to be less than a second. I suppose technically I could just reduce the poll time to 0.5 sec but I'm thinking that would be bad for the database server. I know you can pass data to a windows service when it starts but restarting this service isn't an option because of what it's doing.
I would love to use a web service and just call a web method to pass in the data but the tasks require elevated (admin) permissions and almost everything involves file system access so my understanding is that a web service isn't really the best option either.
I've thought of using a hybrid scenario where I run a web service and a windows service on the same machine but then I still have the problem of how to pass the integer from the web service to the windows service... I could technically use a file system watcher but I really don't want to create a file just to pass an integer. I thought maybe I could use localDb and have the web service just write the value there and have the windows service poll localDb every 0.5 sec, But I'm not sure how much that polling would affect overall performance of other things. I really want a way to push data to the windows service rather than having the service poll somewhere else.
The project I work on has a front-end UI that communicates with a Windows Service running on the same system. In the past, I used the Windows Communication Foundation (WCF), but found this to be heavy-weight for what I really needed. I am now using a TCP socket over the localhost address (127.0.0.1) to exchange data between the UI and the service.
Based on your description, the web service approach seems heavy-weight, kinda like the WCF approach we used to use. And, as you've noted, it has permissions issues. A simple application that pushes the integer to your service over a socket would be straightforward in my mind.
If WCF is of interest, here's a couple links that might help:
Creating a user interface for monitoring and interacting with a running windows service
GUI and windows service communication

C++: Remotely hibernate a PC

How can I hibernate a Windows machine that runs Windows 7 or 8 over my LAN from another PC?
Is there a WinAPI function for that? Or do I have to send special magic packets or something like this?
All I know is that PsShutdown.exe is able to do it (allegedly. I haven't tried it).
I don't want to use third party libraries and I also don't want to run a service on the computer that is supposed to get hibernated. I want to use the existing mechanism.
I'd also like to know if I need to change specific settings on the target computer.
I'm not sure if that's important, but shutdown /s /m \\ComputerName did not work on my target PC.
The TechNet document Restart or Shut Down a Remote Computer and Document the Reason describes the requirements to use the shutdown.exe command against a remote computer.
In order to use this feature, the Remote Registry service must be enabled on the remote computer.
Access to the Remote Registry or membership in the Administrators group on the remote computer is the minimum required to complete this procedure
To the best of my knowledge, the only way to remotely hibernate a machine is to use the same method that psshutdown does: copy an executable to the remote machine and install it as a system service.
The OpenSCManager API allows you to specify a target computer, and you can use the handle it returns to call CreateService and then StartService. The service can delete itself once it has done its work.

communicating with windows service using SERVICE_USER_DEFINED_CONTROL

I am looking forward for an example for using a user defined control code in services. I want to send a user defined command to my windows service. At this command windows service will create a named-pipe for client process, and client will establish a connection with this named-pipe by CreateFile function. My custom control sometimes works well but later it shows error for invalidation.
So how can I establish information exchange between a service and various clients?
SERVICE_USER_DEFINED_CONTROL is rarely used. When it is used, it is generally to prompt the service to re-read its configuration file. (On unix SIGHUP is generally used for the same purpose).
In your case the correct answer is to simply create the named pipe on startup and keep listening, and wait for someone to connect if they ever do.

C++ redirect outgoing connections

Is there any way in C++ on windows to monitor a program and redirect any outgoing requests it makes on a specific port? I have a simple C++ http proxy and want it to be able to automatically redirect all browser requests on port 80 through itself.
The simple way to do it is to create a Windows kernel hook to trap socket requests and reroute them to your proxy.
Some useful documentation on this is:
http://www.internals.com/articles/apispy/apispy.htm
If you're using Windows Vista or better, consider Windows Filtering Platform (WFP):
http://www.microsoft.com/whdc/device/network/wfp.mspx
Also consider looking at Detours (commercial) and EasyHook (free). They significantly simplify the process of writing hooks and redirecting API calls (both Win32 and Application).
The program would have to be run with administrative privileges in kernel mode of the host OS.
While I don't have extensive experience with windows kernel hooks, in BSD and linux its trivial to install a kernel module that over-writes the system calls for creating sockets and could easily redirect all sockets to a proxy socket of choice.
If you mean [any destination port] to [one port] then you will have to rely on special drivers. The problem with windows is the inability to natively block [drop] packets. For example a common solution is winpcap. However, while you can monitor traffic, you cannot stop the traffic or modify it in a useful way.
On windows the only solution I've seen would be to use some open TUN/TAP adapter. With that, you would be able to modify every packet that leaves your system.
If you know beforehand the destination port you will be using then it gets rather simple. Simply write a passthrough c++ socket program that will only change the destination port.
If you want to redirect browser requests then you can simply edit the settings in your browser.

Blocking all Windows Internet access from a Win32 app

What would be the simplest way for an application I'm writing to block all Internet access on a Windows machine?
More details:
Windows: XP or higher
Application: A basic Win32 app written in C/C++.
Blocking: It needs to be able to block and unblock at will, ideally in a way that the user can't easily reverse. (By, say, right clicking on a network connection icon in the system tray.) Also, ideally, I'd like the method it uses to allow access to be restored should the user restart Windows or reset the machine, though I'd also be willing to have the app auto launch with Windows and unblock access upon startup if the machine was reset while in a blocked state.
Internet access: Primarily, I'd like to block conventional browsers from hitting conventional http/https sites. Secondarily, it would be nice to block IM clients and client-side social networking apps. It would also be nice, but not required, to still allow local networking for file sharing, etc. (Note that only the first requirement is absolute.)
Final notes: This is not meant to be a security utility, nor will its relationship to the user be adversarial (as, for example, with a parental control utility) so it's not important for it to use a scheme that can't be worked around by a determined user. (Consider that I intend for a reboot or reset to clear the blocking. This means that any workaround a user might discover that would take more effort than this is okay.)
Thanks!
p.s. I suspect that the Windows Firewall API won't work for me because this needs to work for users that haven't enabled the firewall or don't have admin privileges, but I'll be thrilled if I'm corrected on this.
It sounds like you're intending to run applications that you don't want to access the internet. Perhaps you could run them inside a virtual machine such as VirtualBox with networking disabled.
You could do it with a Winsock SPI. The Windows SDK has a sample (under Samples\netds\winsock\lsp) which implements what is called a layered service provider which allows you to hook all the user mode functions provided by Winsock and reject/modify the calls to block network access or redirect traffic to different locations. All installed winsock applications will be affected, so in your code you could have policys for what applications can go out and the like and disabled/enable on the fly. Now a determined person could find ways around this but it would be a pain.
That said this isn't trivial to do but the sample should get you most of the way there.
You cannot effectively or practically write your tool with only a user mode application.
What you need to write is a network I/O stack filter driver. This done by writing a Windows Driver. This is different from a Windows Win32 application. Drivers run in kernel mode and applications run in user mode.
On Windows Vista and later, the kernel mode Network Programming Interface (NPI) is designed for this. This is the same API that Windows Firewalls use. These are sometimes called the Winsock kernel (WSK) APIs.
In effect, you are writing a network firewall (more or less)
here are some links
Introduction to Winsock Kernel (WSK)
Windows Core Networking Blog
The Network Programming Interface Docs on MSDN
Note, your will likely need at least two components
Your driver
A Graphical application that a person can use to control your tool
If you want to do any monitoring, you will likely need a user mode service that collects data from your driver. This works better than trying to do this in the driver. In general, you should do the minimal amount of work in the driver.
A few notes:
You need to be very conscious of security when writing this kind of software. This is very much non trivial. Software that is network facing has the highest security requirements.
Be cognizant of performance.
Your driver and/or service must be aware of the context of a calling application. This is also a security boundary. For example, an application not running as administrator should not be able to control your driver.
take a look at firewall sourcecodes