public void Dispose() { if (mostRecentMscFilename is not null) { File.Delete(mostRecentMscFilename); mostRecentMscFilename = null; } cimSession.Close(); cimSession.Dispose(); }
public PowerManagement() { try { if (_cimSession != null) { _cimSession.Close(); } var sessionOptions = new DComSessionOptions(); sessionOptions.Timeout = new TimeSpan(0, 2, 0); _cimSession = CimSession.Create(@".", sessionOptions); } catch (CimException e) { Console.WriteLine(e); throw; } UpdateCimInstance(); }
public static void Main() { bool hasComputerNameChanged = true; CimSession cimSession = null; string className = null; string computerName = GetName("ComputerName"); if (String.IsNullOrEmpty(computerName)) { computerName = null; } string namespaceName = GetName("Namespace"); CurrentOperation currentOperation = GetCurrentOption(true); while (true) { if (currentOperation == CurrentOperation.OperationQuit) { if (cimSession != null) { cimSession.Close(); cimSession = null; } return; } if (ClassNeeded(currentOperation)) { className = GetName("ClassName"); } try { // Create local CIM session if (hasComputerNameChanged) { if (cimSession != null) { cimSession.Close(); } WMIDCOMCimSessionOptions sessionOptions = new WMIDCOMCimSessionOptions(); cimSession = CimSession.Create(computerName, sessionOptions); hasComputerNameChanged = false; } switch (currentOperation) { case CurrentOperation.EnumerateAsync: SampleCimOperation.EnumerateASync(cimSession, namespaceName, className); break; case CurrentOperation.EnumerateSync: SampleCimOperation.EnumerateSync(cimSession, namespaceName, className); break; case CurrentOperation.GetInstanceSync: SampleCimOperation.GetInstanceSync(cimSession, namespaceName, className); break; case CurrentOperation.GetInstanceAsync: SampleCimOperation.GetInstanceASync(cimSession, namespaceName, className); break; case CurrentOperation.CreateInstanceAsync: SampleCimOperation.CreateInstanceASync(cimSession, namespaceName, className); break; case CurrentOperation.CreateInstanceSync: SampleCimOperation.CreateInstanceSync(cimSession, namespaceName, className); break; case CurrentOperation.DeleteInstanceAsync: SampleCimOperation.DeleteInstanceASync(cimSession, namespaceName, className); break; case CurrentOperation.DeleteInstanceSync: SampleCimOperation.DeleteInstanceSync(cimSession, namespaceName, className); break; case CurrentOperation.ModifyInstanceAsync: SampleCimOperation.ModifyInstanceASync(cimSession, namespaceName, className); break; case CurrentOperation.ModifyInstanceSync: SampleCimOperation.ModifyInstanceSync(cimSession, namespaceName, className); break; case CurrentOperation.QueryInstanceAsync: SampleCimOperation.QueryInstanceASync(cimSession, namespaceName); break; case CurrentOperation.QueryInstanceSync: SampleCimOperation.QueryInstanceSync(cimSession, namespaceName); break; case CurrentOperation.QueryAssociationSync: SampleCimOperation.EnumerateAssociatedInstanceSync(cimSession, namespaceName, className); break; case CurrentOperation.QueryAssociationAsync: SampleCimOperation.EnumerateAssociatedInstanceASync(cimSession, namespaceName, className); break; case CurrentOperation.InvokeMethodSync: SampleCimOperation.InvokeMethodSync(cimSession, namespaceName, className); break; case CurrentOperation.InvokeMethodAsync: SampleCimOperation.InvokeMethodASync(cimSession, namespaceName, className); break; case CurrentOperation.SubscribeSync: SampleCimOperation.SubscribeSync(cimSession, namespaceName); break; case CurrentOperation.SubscribeAsync: SampleCimOperation.SubscribeASync(cimSession, namespaceName); break; case CurrentOperation.OperationComputerName: computerName = GetName("ComputerName"); if (String.IsNullOrEmpty(computerName)) { computerName = null; } hasComputerNameChanged = true; break; case CurrentOperation.OperationNamespaceName: namespaceName = GetName("Namespace"); break; default: break; } } catch (CimException ex) { Console.WriteLine(ex.Message); } currentOperation = GetCurrentOption(false); } }
static void wmiConnect(string target, DComSessionOptions SessionOptions, string mode) { CimSession Session = CimSession.Create(target, SessionOptions); try { if (mode.ToLower() == "all" || mode.ToLower() == "services") { var allServices = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT * FROM Win32_Service where NOT startname like '%LocalSystem%' AND NOT startname like '%NT AUTHORITY%'"); foreach (CimInstance service in allServices) { if (service.CimInstanceProperties["StartName"].ToString() != "StartName") { Console.WriteLine($"[+]Non-default service account found on {target}: {service.CimInstanceProperties["StartName"].Value.ToString()}"); } } } if (mode.ToLower() == "all" || mode.ToLower() == "sessions") { var allSessions = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT * FROM Win32_LoggedOnUser"); var allProcesses = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT * FROM Win32_SessionProcess"); //gets us the sessionID associated with each running process on the system, done in order to avoid showing false positives tied to stale sessions List <int> processSessions = new List <int>(); foreach (CimInstance proc in allProcesses) { processSessions.Add(Int32.Parse(proc.CimInstanceProperties["antecedent"].Value.ToString().Split('"')[1])); } IEnumerable <int> uniqueProcessSessions = processSessions.Distinct(); //gets us a list of all sessions on the remote system. This will include a variety of false positives / unwanted system sessions that we have to filter out. Results are added to a keyed dictionary for lookups against running processes. List <String> sessions = new List <String>(); var ses2 = new Dictionary <int, string>(); foreach (CimInstance session in allSessions) { String antecedent = session.CimInstanceProperties["antecedent"].Value.ToString(); String dependent = session.CimInstanceProperties["dependent"].Value.ToString(); String[] userDomain = antecedent.Split('"'); int dependentKey = Int32.Parse(dependent.Split('"')[1]); if ((!userDomain[1].ToLower().Contains("dwm-")) && (!userDomain[1].ToLower().Contains("umfd-")) && (!userDomain[1].ToLower().Contains("anonymous logon")) && (!userDomain[1].ToLower().Contains("local service")) && (!userDomain[1].ToLower().Contains("network service")) && (!userDomain[1].ToLower().Equals("system"))) { sessions.Add($"{userDomain[3]}\\{userDomain[1]}"); ses2.Add(dependentKey, $"{userDomain[3]}\\{userDomain[1]}"); } } //Now that we have a list of sessions and a list of all logonSessionIDs with currently active processes we can compare the two in order to get an accurate list of active sessions foreach (int procSession in uniqueProcessSessions) { if (ses2.ContainsKey(procSession)) { Console.WriteLine($"[+]Session found on {target}: {ses2[procSession]}"); } } } } catch (CimException e) { if (e.MessageId.Contains("40004")) { Console.WriteLine($"[-]The following host was unreachable: {target}"); return; } else if (e.MessageId.Contains("70005")) { Console.WriteLine($"[-]Insufficient privileges / invalid credentials on the following host: {target}"); return; } else if (e.MessageId.Contains("800706")) { Console.WriteLine($"[-]No route to the following host: {target}"); return; } else { Console.WriteLine($"[-]Error - undefined error on the following host: {target} errorID: {e.MessageId}"); return; } } Session.Close(); }
/// <summary> /// Close the connection /// </summary> public void Close() { _connection?.Close(); }