I am currently trying to do something similar to PSExec but entirely in Java. I think my problem isnt directly relate to actually what I am doing, but how. Currently I am trying to implement the creating and starting of a service remotely.
For this I got my hands on the midlc tool (version 0.6.1) and extended the svcctl.idl with the CreateService and DeleteService calls. After that I used midlc to generate code for usage with jcifs ( -t jcifs ). I then created a test-program to use that class and jcifs to communicate with a remote windows machine.
Here comes the code for that:
rpc.policy_handle scHandle = new rpc.policy_handle();
SvcCtl.OpenSCManager openSCManagerRpc = new SvcCtl.OpenSCManager(host, null, 0x0001 | 0x0002, scHandle);
// Connection-oriented DCE/RPC over SMB named pipes.
DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + host + "[\\PIPE\\svcctl]",
ConcurrentNtlmAuthenticator.getInstance().getNtlmPasswordAuthentication());
try {
handle.sendrecv(openSCManagerRpc);
if (openSCManagerRpc.retval != 0) {
throw new SmbException(openSCManagerRpc.retval, true);
}
} catch(Exception e) {
e.printStackTrace();
} finally {
try {
handle.close();
} catch(IOException ioe) {
ioe.printStackTrace();
}
}
Unfortunately I am getting a DCERPC_FAULT_PROTO_ERROR alias nca_proto_error alias 0x1c01000b
So my simple question is ... what am I doing wrong?
Chris
Ok,
I sorted this out. The problem was, that the request type was not initialized and hereby set to -1 which is not a valid value. By manually setting this, I was able to actually perform the tasks I was trying to do:
https://dev.c-ware.de/confluence/pages/viewpage.action?pageId=15007754
Chris