用代码操控另一台电脑

用代码操控另一台电脑

2015-03-11

设计

实现

结果

做测试时，往往要配置测试机器，如果能用代码自动化实现，那是最好不过的。

据我所知，有三种方法^[1]：

1. socket通讯即可完成
2. 用psexec,(psexec是pstools中的一个程序)
3. 用ManagementClass类

第1.2.中方法，都需要在被操控的机器上安装接受信息的程序。所以我采用第3.种方法，只需在一台机器上操控即可。

设计

---

返回

使用ManagementClass类，只需知道被操控机器的用户名、密码即可，可对不在同一域中的机器进行操控

源代码：ControlRemoteMachine.zip

设计思路：

• step 1: create sub direcotry on remtoeMachine
• step 2: create a share folder on remoteMachine
• step 3: get full control of share folder
• step 4: copy tool to share folder
• step 5: start tool with argument to do special operation on remote machine

实现 

---

返回

Class Library 'MachineControl.dll'

'MachineControl.dll'：（引用到了System.Management.dll）是负责对被操控的机器进行控制的类，主要就两个类'WindowsShare'， 'ExecuteCommand'：

Class 'WindowsShare'：该类负责在被操控的机器上创建share folder，设置权限

using System.Management;
using System.Security.Principal;
using System.Collections.Generic;
using System;

namespace MachineControl
{
    public class WindowsShare
    {
        public enum MethodStatus : uint
        {
            Success = 0,     //Success            
            AccessDenied = 2,     //Access denied          
            UnknownFailure = 8,     //Unknown failure            
            InvalidName = 9,     //Invalid name           
            InvalidLevel = 10,     //Invalid level            
            InvalidParameter = 21,     //Invalid parameter       
            DuplicateShare = 22,     //Duplicate share           
            RedirectedPath = 23,     //Redirected path           
            UnknownDevice = 24,     //Unknown device or directory           
            NetNameNotFound = 25     //Net name not found     
        }
        public enum ShareType : uint
        {
            DiskDrive = 0x0,     //Disk Drive           
            PrintQueue = 0x1,     //Print Queue        
            Device = 0x2,     //Device      
            IPC = 0x3,     //IPC           
            DiskDriveAdmin = 0x80000000,     //Disk Drive Admin     
            PrintQueueAdmin = 0x80000001,     //Print Queue Admin         
            DeviceAdmin = 0x80000002,     //Device Admin        
            IpcAdmin = 0x80000003     //IPC Admin       
        }
        public enum AccessMaskTypes
        {
            FullControl = 2032127, Change = 1245631,
            ReadOnly = 1179817
        }
        #region field and property
        private ManagementObject _winShareObject;
        private WindowsShare(ManagementObject obj) { _winShareObject = obj; }
        public ManagementObject ManagementObject { get { return _winShareObject; } }
        public uint AccessMask { get { return Convert.ToUInt32(_winShareObject["AccessMask"]); } }        
        public bool AllowMaximum { get { return Convert.ToBoolean(_winShareObject["AllowMaximum"]); } }
        public string Caption{ get { return Convert.ToString(_winShareObject["Caption"]); } }        
        public string Description { get { return Convert.ToString(_winShareObject["Description"]); } }
        public DateTime InstallDate { get { return Convert.ToDateTime(_winShareObject["InstallDate"]); } }
        public uint MaximumAllowed
        {
            get { return Convert.ToUInt32(_winShareObject["MaximumAllowed"]); }
        }        public string Name { get { return Convert.ToString(_winShareObject["Name"]); } }        public string Path { get { return Convert.ToString(_winShareObject["Path"]); } }        public string Status { get { return Convert.ToString(_winShareObject["Status"]); } }        public ShareType Type { get { return (ShareType)Convert.ToUInt32(_winShareObject["Type"]); } }        public MethodStatus Delete() { object result = _winShareObject.InvokeMethod("Delete", new object[] { }); uint r = Convert.ToUInt32(result); return (MethodStatus)r; }
        #endregion
        #region static method
        public static MethodStatus Create(string path, string name, ShareType type, uint? maximumAllowed, string description, string password)
        {
            ManagementClass mc = new ManagementClass("Win32_Share");
            ManagementBaseObject shareParams = mc.GetMethodParameters("Create");
            shareParams["Path"] = path; 
            shareParams["Name"] = name;
            shareParams["Type"] = (uint)type;
            shareParams["Description"] = description;
            if (maximumAllowed != null)
                shareParams["MaximumAllowed"] = maximumAllowed;
            if (!String.IsNullOrEmpty(password))
                shareParams["Password"] = password;
            ManagementBaseObject result = mc.InvokeMethod("Create", shareParams, null);
            return (MethodStatus)(result.Properties["ReturnValue"].Value);
        }

        public static MethodStatus CreateShareFolder(string FolderPath, string ShareName, ShareType type, string Description, string remoteMachine, string userName, string passWord)
        {

            ManagementClass mc = new ManagementClass(string.Format(@"\{0}
ootcimv2:Win32_Share", remoteMachine));
            mc.Scope.Options.Username = userName;
            mc.Scope.Options.Password = passWord;

            // Get the parameter for the Create Method for the folder
            ManagementBaseObject shareParams = mc.GetMethodParameters("Create");
            // Assigning the values to the parameters
            shareParams["Description"] = Description;
            shareParams["Name"] = ShareName;
            shareParams["Path"] = FolderPath;
            shareParams["Type"] = (int)type;
            // Finally Invoke the Create Method to do the process
            ManagementBaseObject result = mc.InvokeMethod("Create", shareParams, null);
            return (MethodStatus)(result.Properties["ReturnValue"].Value);

        }

        public static IList<WindowsShare> GetAllShareFolders(string remoteMachine, string userName, string passWord)
        {
            IList<WindowsShare> result = new List<WindowsShare>();
            ManagementClass mc = new ManagementClass(string.Format(@"\{0}
ootcimv2:Win32_Share", remoteMachine));
            mc.Scope.Options.Username = userName;
            mc.Scope.Options.Password = passWord;

            ManagementObjectCollection moc = mc.GetInstances();

            foreach (ManagementObject mo in moc)
            {
                WindowsShare share = new WindowsShare(mo);
                result.Add(share);
            }
            return result;
        }

        public static IList<WindowsShare> GetAllShares()
        {
            IList<WindowsShare> result = new List<WindowsShare>();
            ManagementClass mc = new ManagementClass("Win32_Share"); 
            ManagementObjectCollection moc = mc.GetInstances(); 
            foreach (ManagementObject mo in moc)
            {
                WindowsShare share = new WindowsShare(mo);
                result.Add(share);
            } 
            return result;
        }
        public static WindowsShare GetShareByName(string name)
        {
            name = name.ToUpper();
            IList<WindowsShare> shares = GetAllShares();
            foreach (WindowsShare s in shares)
                if (s.Name.ToUpper() == name)
                    return s; return null;
        }
        public static WindowsShare GetShareByName(string remoteMachine, string userName, string passWord,string name)
        {
            name = name.ToUpper();
            IList<WindowsShare> shares = GetAllShareFolders(remoteMachine, userName, passWord);
            foreach (WindowsShare s in shares)
                if (s.Name.ToUpper() == name)
                    return s; return null;
        }
        public static WindowsShare GetShareByPath(string path)
        {
            path = path.ToUpper();
            IList<WindowsShare> shares = GetAllShares();
            foreach (WindowsShare s in shares)
                if (s.Path.ToUpper() == path)
                    return s; return null;
        }
        #endregion
        #region method
        public MethodStatus SetPermission(string domain, string userName, AccessMaskTypes amtype)
        {
            NTAccount account = new NTAccount(domain, userName); 
            SecurityIdentifier sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
            byte[] sidArray = new byte[sid.BinaryLength]; sid.GetBinaryForm(sidArray, 0);
            ManagementObject trustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
            trustee["Domain"] = domain; 
            trustee["Name"] = userName; 
            trustee["SID"] = sidArray; 
            ManagementObject adminACE = new ManagementClass(new ManagementPath("Win32_Ace"), null); 
            adminACE["AccessMask"] = (int)amtype; adminACE["AceFlags"] = 3;
            adminACE["AceType"] = 0; 
            adminACE["Trustee"] = trustee; 
            ManagementObject secDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
            secDescriptor["ControlFlags"] = 4; //SE_DACL_PRESENT          
            secDescriptor["DACL"] = new object[] { adminACE };
            object result = _winShareObject.InvokeMethod("SetShareInfo", new object[] 
            { Int32.MaxValue, this.Description, secDescriptor }); 
            uint r = Convert.ToUInt32(result); return (MethodStatus)r;
        }
        #endregion
    }
}

Class 'ExecuteCommand' ：该类负责在被操控的机器上执行cmd命令

using System.Management;
using System.Security.Principal;
using System.Collections.Generic;
using System;

namespace MachineControl
{
    public class ExecuteCommand
    {
        public static void Execute(string remoteMachine, string username, string password, string cmd)
        {
            ConnectionOptions connOptions = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                EnablePrivileges = true,
                Username = username,
                Password = password
            };

            ManagementScope scope = new ManagementScope(@"\" + remoteMachine + @"
ootcimv2", connOptions);
            scope.Connect();

            ObjectGetOptions options = new ObjectGetOptions();

            // Getting the process class and the process startup class
            ManagementPath processClassPath = new ManagementPath("Win32_Process");

            ManagementClass processClass = new ManagementClass(scope, processClassPath, options);

            // Settings the parameters for the Create method in the process class
            ManagementBaseObject inArgs = processClass.GetMethodParameters("Create");
            inArgs["CommandLine"] = cmd;

            // Invoking the method
            ManagementBaseObject returnValue = processClass.InvokeMethod("Create", inArgs, null);
            if ((uint)(returnValue.Properties["ReturnValue"].Value) != 0)
                throw new Exception("Folder might be already in share or unable to share the directory");
        }
    }
}

Tool 'Tool.exe'

'Tool.exe'：是要拷贝到被操控的机器上的工具，它带有参数，可根据不同参数的命令行进行操控

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace Tool
{
    class Program
    {
        static void Main(string[] args)
        {
            if (args.Length == 1)
            {
                if (args[0] == @"/?")
                    Console.WriteLine("if arg = 'Creat', Create a txt file; if arg ='Delete', Delete the txt file.");
                else if (args[0].ToUpper() == "CREATE")
                    System.IO.File.Create(@"c:qmCreateWithTool.txt");
                else if (args[0].ToUpper() == "DELETE")
                    System.IO.File.Delete(@"c:qmCreateWithTool.txt");
            }
        }
    }
}

Client 'Client.exe'

'Client.exe'：是操控端代码

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Threading;
using System.Management;

using MachineControl;

namespace Client
{
    class Program
    {
        static bool isConnected = false;
        static void Main(string[] args)
        {
            string shareFolderDirectory = @"c:qm";
            string shareFolderName = "qm";
            string remoteMachine = "machineName";
            string remoteMachineUserName = @"yonghuming(inclue domain)";
            string remoteMachinePassWord = "password";

            string myMachineDomain = "yuming";
            string myMachineUserName = "yonghuming";
            string toolName = "Tool.exe";
            string cmdCreateFolder = string.Format(@"cmd /c md {0}", shareFolderDirectory);
            string cmdExecuteTool = string.Format(@"{0}{1} {2}", shareFolderDirectory, toolName, "create");

            //step 1: create sub direcotry on remtoeMachine           
            ExecuteCommand.Execute(remoteMachine, remoteMachineUserName, remoteMachinePassWord, cmdCreateFolder);

            //step 2: create a share folder on remoteMachine
            WindowsShare.MethodStatus status = WindowsShare.CreateShareFolder(shareFolderDirectory, shareFolderName, WindowsShare.ShareType.DiskDrive, "ShareFolder", remoteMachine, remoteMachineUserName, remoteMachinePassWord);
            if (WindowsShare.MethodStatus.Success != status)
            {
                Console.WriteLine(string.Format("Can't create shareFolder, the status is'{0}'.", status.ToString()));
            }

            WindowsShare ws = WindowsShare.GetShareByName(remoteMachine, remoteMachineUserName, remoteMachinePassWord, shareFolderName);
            //step 3: get full control of share folder
            ws.SetPermission(myMachineDomain, myMachineUserName, WindowsShare.AccessMaskTypes.FullControl);

            //step 4: copy tool to share folder
            System.IO.File.Copy(Environment.CurrentDirectory + @"" + toolName, @"\" + remoteMachine + @"" + shareFolderName + @"" + toolName);

            //step 5: start tool with argument to do special operation on remote machine
            ExecuteCommand.Execute(remoteMachine, remoteMachineUserName, remoteMachinePassWord, cmdExecuteTool);
        }

    }
}

结果

---

返回

执行到step 3: get full control of share folder时，

 

执行到step 5: start tool with argument to do special operation on remote machine时，'Tool.exe'会根据命令"c:qmTool.exe create"，创建‘CreateWithTool.txt’

 

参考：

[1] 局域网内一台机器控制另一台机器上的.EXE程序运行