Click here to Skip to main content
15,860,972 members
Articles / Desktop Programming / MFC

Remote Processes and Machine control of Windows NT based systems (2000/XP)

Rate me:
Please Sign up or sign in to vote.
4.80/5 (35 votes)
1 Apr 2012CPOL5 min read 156K   8.9K   103   24
Control certain aspects of machines sitting remotely, without having to install and trigger an application on the remote machine.

Image 1

Fig.1 Client application running. Various context menu(s) shown.

Introduction

There are times as a Windows network administrator you would like to control certain aspects of machines sitting remotely, without having to install and trigger an application on the remote machine, which will communicate with the administrator's machine.

How to use the client application for control

  • Ctrl + A (or File -> Add machine):

    Add a machine whose control is required and processes to be monitored (refer fig. 2).

    Image 2

    Fig. 2 Adding a machine

    In case of an error, an information balloon will be shown in the system tray as shown in fig. 3.

    Image 3

    Fig. 3 Information balloon

  • Context menu(s) on for a connected machine : Refer fig. 1
    • Refresh the process list.
    • Execute a process on the connected machine.
    • Delete the machine from being monitored.
    • Shutdown : Halt/reboot the machine or cancel the halt/reboot request.
  • Context menu on any process on a machine: Refer fig. 1
    • End process
  • Timer Settings (or Settings->Timers): Refer fig. 4
    • Process refresh: Wait for “x” seconds before querying all connected machines for their processes list. This is apart from what time will be taken to query the processes on remote machines.
    • Shut down delay: Wait for “x” seconds before executing a shutdown or reboot command on the remote machine.

    Image 4

    Fig. 4 Timer refresh rate

  • File -> Save /Save As

    Save the connected machine(s) information to the requested directory. All machine monitoring can again be loaded while using the File -> Open command, without adding all machines individually.

    SECURITY NOTE:- Currently the administrator passwords are just serialized to a file without encryption. Hence, one can see the passwords by just opening the file in a normal text editor.

The how of controlling machines remotely

There is one client application that displays all the processes of the requested remote machines with a pre-determined refresh rate.

There is one server application (one per remote machine), which has to be triggered on the remote machine automatically (without any user intervention), when a request for monitoring and control, is made to it. This server application will send periodic processes updates to the client. For example, if there are 5 remote machines being monitored then there are 5 remote server applications, which keep sending periodic process updates and one client application from where all remote machines are being monitored.

The client can also request certain other tasks to the server application like triggering a new process, kill an existing process on the remote machine. If required, requests to reboot or shut down the remote machine can also be made.

Basic implementation scheme

Image 5

Fig. 5 Client application with the server executable embedded in it's resources

The client application holds the server application (executable) in it’s resource section, like any other resource, viz., bitmaps, icons, menus etc. (Refer fig. 5).

When the client asks to connect and monitor any remote machine, it has to supply it’s IP address and Administrator logon’s password.

The client application makes an attempt to connect to the ADMIN and IPC resources using the Windows API WNetAddConnection2(). (CRemoteAdministrator::EstablishAllConnections() in the accompanying project).

After connecting to the remote machine through the ADMIN and IPC connections, the client application loads the server executable from the its resource section. The client application copies the server executable to the remote machine’s System32 directory. (CRemoteAdministrator:: CopyServiceExeToRemoteMachine() in the accompanying project)

Refer fig. 6 for the remote copying scheme

Image 6

Fig. 6 Server executable copying scheme

The client application gets the HANDLE to the Service Manager of the remote machine, as an IPC connection has been established above. The client application then starts the server executable copied in the remote machine’s System32 directory, as a service. All this is independent, done automatically and is unknown to user of the remote machine.

Once the server application gets triggered as a service, it starts sending the list of processes to the client application through Named Pipes.

Each server application has a minimum of four threads that service a single client.

  1. Sending the list of processes to the client application (Thread function RemoteAdminProcessInfoThread())
  2. To process a request from the client to start a process on the remote machine (Thread function RemoteAdminExecuteProcessThread())
  3. To process a request from the client to end a process on the remote machine (Thread function RemoteAdminKillProcessThread())
  4. To process a request from the client to reboot or shutdown the remote machine (Thread function RemoteAdminSysShutdownThread())

Implementation details of the client application

The client is a standard SDI application based on MFC’s document/view architecture. The important classes in the client application are:

  • CMachineInfo: This class holds the HANDLES to four named pipes with which a remote machine connection has been established for requesting different tasks (remote process read, start, kill and machine shutdown/reboot). This class also holds a list of current processes on the remote machine. It also contains strings for password, IP and logon type (which has to be Administrator only). CMachineInfo is derived from MFC’s CObject so that it can be serialized.
  • CRemoteAdministrator: This class handles all the network communication based on named pipes with different remote machines. This class holds a list of CMachineInfo objects. This CMachineInfo list can be serialized to a file and loaded later.
  • CRemoteAdminDoc: This is the MFC’s CDocument derived class which holds all data regarding the application. This class holds the only object of CRemoteAdministrator.

Implementation details of the server application

Once the server application has been started as a service on the remote machine, the client application makes a connection to the server through four named pipes. These four HANDLES of named pipes service the client requests through 4 threads (RemoteAdminProcessInfoThread(), RemoteAdminExecuteProcessThread(), RemoteAdminKillProcessThread(), RemoteAdminSysShutdownThread()).

There is another thread that is constantly updating the processes list (UpdateProcessInfoList()).

When there is a new named pipe connection, the counter lServicePipeInstanceCount is incremented. Similarly, when a named pipe is disconnected, it is decremented. When there are no named pipes (lServicePipeInstanceCount == 0), the server application is stopped and deleted from the remote machine.

History

  • Date posted: 27 August, 2003

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Web Developer
India India
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
GeneralCOC Pin
Simon Alex6-Feb-15 7:01
Simon Alex6-Feb-15 7:01 
GeneralMy vote of 5 Pin
gndnet25-Oct-12 18:43
gndnet25-Oct-12 18:43 
GeneralMy vote of 5 Pin
gndnet9-Aug-12 2:48
gndnet9-Aug-12 2:48 
GeneralMy vote of 5 Pin
Kushagra Tiwari11-Sep-09 2:11
Kushagra Tiwari11-Sep-09 2:11 
GeneralCannot be able to connect Pin
ammasramesha15-Mar-06 22:06
ammasramesha15-Mar-06 22:06 
GeneralAccessing XP machines Pin
fahdinam15-Sep-05 4:59
fahdinam15-Sep-05 4:59 
GeneralRe: Accessing XP machines Pin
Prateek Kaul15-Sep-05 19:43
Prateek Kaul15-Sep-05 19:43 
GeneralRe: Accessing XP machines Pin
fahdinam16-Sep-05 4:14
fahdinam16-Sep-05 4:14 
Generalerror LNK2019: help Pin
tanyuheng@etang.com8-Aug-05 17:59
tanyuheng@etang.com8-Aug-05 17:59 
GeneralProblem SetUserObjectSecurity Pin
safmatic25-Mar-05 4:03
safmatic25-Mar-05 4:03 
GeneralPoor Security Pin
Member 4585852-Sep-04 2:28
Member 4585852-Sep-04 2:28 
GeneralRe: Poor Security Pin
isglass17-Dec-04 4:33
isglass17-Dec-04 4:33 
QuestionHow easy to port it to UNIX? Pin
jingz032312-Jun-04 17:26
jingz032312-Jun-04 17:26 
GeneralExcellent Pin
Shail_Srivastav30-Apr-04 7:06
Shail_Srivastav30-Apr-04 7:06 
Generalproblem Pin
Anonymous12-Mar-04 6:53
Anonymous12-Mar-04 6:53 
Generaladdning option to save data Pin
tomerguri25-Feb-04 20:09
tomerguri25-Feb-04 20:09 
GeneralProblem with Demo-Exe and Source Pin
Klaus Kurt16-Feb-04 22:28
Klaus Kurt16-Feb-04 22:28 
Questionplese mentiomn the name of the essential sdk which i have to down load from microsoft? Pin
Member 79516614-Feb-04 3:59
Member 79516614-Feb-04 3:59 
AnswerRe: plese mentiomn the name of the essential sdk which i have to down load from microsoft? Pin
JA Viet Anh12-Mar-04 20:09
JA Viet Anh12-Mar-04 20:09 
GeneralError executing cl.exe Pin
softom1-Dec-03 17:26
softom1-Dec-03 17:26 
GeneralRe: Error executing cl.exe Pin
JA Viet Anh12-Mar-04 20:07
JA Viet Anh12-Mar-04 20:07 
Generali can't find the psapi.h file in source Pin
karthik nivi4-Nov-03 2:28
karthik nivi4-Nov-03 2:28 
GeneralRe: i can't find the psapi.h file in source Pin
Prateek Kaul4-Nov-03 17:42
Prateek Kaul4-Nov-03 17:42 
Generalwhat's possible without Admin privileges Pin
Anonymous6-Oct-03 11:53
Anonymous6-Oct-03 11:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.