While sniffing around I found
[StructLayout (LayoutKind.Sequential)]
public struct NETRESOURCE
{
public int dwScope;
public int dwType;
public int dwDisplayType;
public int dwUsage;
[MarshalAs (UnmanagedType.LPStr)]
public string lpLocalName;
[MarshalAs (UnmanagedType.LPStr)]
public string lpRemoteName;
[MarshalAs (UnmanagedType.LPStr)]
public string lpComment;
[MarshalAs (UnmanagedType.LPStr)]
public string lpProvider;
}
[DllImport("mpr.dll", CharSet=System.Runtime.InteropServices.CharSet.Auto)]
private static extern int WNetAddConnection2A (
[MarshalAs (UnmanagedType.LPArray)]
NETRESOURCE [] lpNetResource,
[MarshalAs (UnmanagedType.LPStr)]
string lpPassword,
[MarshalAs (UnmanagedType.LPStr)]
string lpUserName,
int dwFlags
);
What you can do with this is,
ConnectAs (string pShare, string pDomain, string pUser, string pPwd)
{
int err = 0;
string sUser = pDomain + @"\" + pUser;
int dwFlags = 0;
NETRESOURCE [] nr = new NETRESOURCE [1];
nr[0].lpRemoteName = pShare;
nr[0].lpLocalName = "";
nr[0].dwType = 1;
nr[0].dwDisplayType = 0;
nr[0].dwScope = 0;
nr[0].dwUsage = 0;
nr[0].lpComment = "";
nr[0].lpProvider = "";
err = WNetAddConnection2A (nr, pPwd, sUser, dwFlags);
if (err != 0)
throw new Exception ("Unable to connect to " + pShare
+ ". Error=" + err.ToString());
MSDN
Win32_Process Class[
^]
The trick is/was there is always a share per logical drive or each machine like "\\machine\\c$" which you can exploit as administrator. Rest is copy an application run it there to capture info and retrieve it back.
Edit:
Use this to release network resource.
[DllImport("mpr.dll", CharSet=System.Runtime.InteropServices.CharSet.Auto)]
private static extern int WNetCancelConnection2A (
[MarshalAs (UnmanagedType.LPStr)]
string lpName
, int dwFlags
, int fForce
);