Accessing Windows registry from samba wmic utility

Thu Jul 26 04:50:19 MDT 2012

Well, finally it worked. It's very funny but it has been already there when
I wrote the message yesterday.
The main point is precise match of parameter types that should be delivered
to WMI service.
Originally it was string for hDefKey (e.g. HKLM) but it should uint32.

Below if code that works:

static WERROR WBEM_RemoteRegistryGetVal(struct IWbemServices *pWS, uint32_t
*ret_code)
{
    struct IWbemClassObject *wco = NULL;
    struct IWbemClassObject *inc, *outc, *in;
    struct IWbemClassObject *out = NULL;
    WERROR result;
    union CIMVAR v, vkey, vsubkey, vvalue;
    TALLOC_CTX *ctx;

    ctx = talloc_new(0);

    printf("Getting StdRegProv object\n");

    result = IWbemServices_GetObject(pWS, ctx, "StdRegProv",
WBEM_FLAG_RETURN_WBEM_COMPLETE, NULL, &wco, NULL);

    if (wco == NULL){
        printf("Error no object\n");
    }
    else {
        printf("Object is ok\n");

    }

    printf("Result = [%s]\n", result);
    WERR_CHECK("GetObject.");

    printf("Getting method EnumKey from StdRegProv object\n");

    result = IWbemClassObject_GetMethod(wco, ctx, "GetStringValue", 0,
&inc, &outc);
    WERR_CHECK("IWbemClassObject_GetMethod.");

    result = IWbemClassObject_SpawnInstance(inc, ctx, 0, &in);
    WERR_CHECK("IWbemClassObject_SpawnInstance.");

    vkey.v_uint32 = 0x80000002;
    vsubkey.v_string = "Software\\JreMetrics";
    vvalue.v_string = "JreVersion";
    printf("Putting method parameters: Key -> HKLM, Sub key -> %s, Value ->
%s\n", vsubkey.v_string, vvalue.v_string);

    result = IWbemClassObject_Put(in, ctx, "hDefKey", 0, &vkey, 0);
    result = IWbemClassObject_Put(in, ctx, "sSubKeyName", 0, &vsubkey, 0);
    result = IWbemClassObject_Put(in, ctx, "sValueName", 0, &vvalue, 0);

    WERR_CHECK("IWbemClassObject_Put(CommandLine).");

    printf("Executing registry request\n");

    result = IWbemServices_ExecMethod(pWS, ctx, "StdRegProv",
"GetStringValue", 0, NULL, in, &out, NULL);
    WERR_CHECK("IWbemServices_ExecMethod.");

    result = WbemClassObject_Get(out->object_data, ctx, "ReturnValue", 0,
&v, 0, 0);
    WERR_CHECK("IWbemClassObject_Get(ReturnValue).");

    *ret_code = v.v_uint32;
    printf("Return code: %d\n", *ret_code);

    if(*ret_code == 0) { // success
        result = WbemClassObject_Get(out->object_data, ctx, "sValue", 0,
&v, 0, 0);
        WERR_CHECK("IWbemClassObject_Get(sValue).");
        printf("Registry value: %s\n", v.v_string);
    }

error:
    talloc_free(ctx);
    return result;
}

Andrey

On Wed, Jul 25, 2012 at 11:12 PM, Jelmer Vernooij <jelmer at samba.org> wrote:

> Hi,
>
> On Wed, Jul 25, 2012 at 09:00:17PM +0300, Andrey Kondakov wrote:
> > I am trying to add Windows registry support to wmic utility.
> > My code intends to access remote host and get some registry values or
> > enumerate keys.
> > Everything goes well until I try to fetch ReturnValue and actual query
> data
> > from *out* object.
> > Namely, ReturnValue should be 0 if the data returns but I get 6 instead
> > that supposedly addresses some HANDLE problem.
>
> > My flow is similar to Create process query which works perfect. The code
> > goes below.
>
> > I wonder if somebody can give me a hint how to get it working. Even some
> > relevant suggestion may help.
> Is there a particular reason you're using the WMIC interface rather
> than just the plain winreg DCE/RPC interface, which is known to work
> and included in Samba?
>
> Cheers,
>
> Jelmer
>