net rpc shutdown - how to poweroff
Willi Mann
newsletters at wm1.at
Mon Dec 30 23:37:01 GMT 2002
Hi Simo!
I've put the sniff and the script which produced the shutdown on my
homepage:
http://www.wm1.at/samba/wmisniff.bin
http://www.wm1.at/samba/RemoteShutdown.vbs
w2k Professional german (192.168.0.1, P4) has the sniffer and asks a w2k
server german (192.168.0.254, WILLI) to do the shutdown. It only works
if you have the same passwords on both of the two machines. Don't ask me
about the sense of the for--next loop.
Willi
Simo Sorce wrote:
>On Mon, 2002-12-30 at 01:06, Willi Mann wrote:
>
>
>>Hi Andrew!
>>
>>The existing net rpc shutdown function doesn't seem to be able to do a
>>power off. It seems to be an implementation of the
>>initiateSystemShutdown API-call, which is used in many freeware
>>closed-source shutdown applications. I've played around with the flags
>>in the current Samba-implementation with the following result:
>>If one of the first 8 bits is set to 1 the machine reboots.
>>The second 8 bits mark the forced shutdown but I haven't verified that
>>it makes a difference to non-forced shutdowns.
>>
>>
>
>the 16bit flags we show in the source are really 2 booleans in the form
>of two bytes imho, I'm modifying the code in samba to behave this way.
>
>I made some test and I think you are right the rpc shutdown function is
>equivalent to InitiateSystemShutdownEx call on windows, so no power off
>possible, only the 2 booleans: force shutdown and reboot on shutdown.
>
>
>
>>There is a way for a working remote power off. The WMI-framework
>>provides a function called win32shutdown. This function is also used by
>>the Management Console-Shutdown. It offers nearly all flags which are
>>available in the ExitWindowsEx-function. It is completely different to
>>the net rpc shutdown. I've modified a VBscript-example provided in the
>>WMI-SDK to get the shortest possible shutdown-session and sniffed it.
>>There are about 100 packets on the wire (incl. authentication, SYNs,
>>RSTs, etc.) I'll try to work out more about that in the next few days.
>>
>>
>
>If you can send me the trace (ina aformate readable by ethereal) I'm
>interested at looking into it and see how it is done.
>
>Simo.
>
>
>
More information about the samba-technical
mailing list