Solved

Need Help Converting VB Script/WMI code into VB.NET Code (Remote Process Kill)

Posted on 2004-09-16
6
1,841 Views
Last Modified: 2012-08-14
As the subject implies, I need help converting VB Script / WMI code into VB.NET.

I need this utility to kill processes on remote machines:


Here is the current VB Script/WMI code that works:
*****************************************************
Option Explicit
Dim objShell
Dim objNet
Dim strTitle
Dim mach
Dim Computer
Dim CompHost
Dim Process
Dim Processes
Dim StpScript
Dim StpService
Dim objWMIService
Dim colServices
Dim objService
Dim errReturnCode
Dim colProcessList
Dim objProcess

Set objShell = CreateObject("wscript.shell")
Set objNet = CreateObject("wscript.network")

mach = "test_machine_name"

Processes = Array("'radexecd'","'radsched'","'radstgms'","'radpinit'","'radskman'","'radrexxw'","'radiamsi'","'radconct'","'radpnlwr'","'nvdutils'","'wscript'")            

 
  For Each Process In Processes
 Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & mach & "\root\cimv2")
 Set colServices = objWMIService.ExecQuery _
    ("SELECT * FROM Win32_Service WHERE Name = "&Process&"")
  For Each objService in colServices
    errReturnCode = objService.StopService()
  Next
    Next



*******************************************************************
Now, Here is what I have in my Visual Studio VB.net form
*******************************************************************

Dim objShell
        Dim objNet
        Dim strTitle
        Dim mach
        Dim Computer
        Dim CompHost
        Dim Process
        Dim Processes As New ArrayList
        Dim StpScript
        Dim StpService
        Dim objWMIService
        Dim colServices
        Dim objService
        Dim errReturnCode
        Dim colProcessList
        Dim objProcess

        'On Error Resume Next

        mach = ComboBox2.Text

        Processes.Add("radskman")
        Processes.Add("radpinit")
        Processes.Add("radconct")
        Processes.Add("radrexxw")

        Dim strWinMgt
        Dim strQuery, strComputerName
        Dim Process_Collection


        For Each Process In Processes
            strWinMgt = "winmgmts://" & strComputerName & ""
            strQuery = "select * from Win32_Process where Name = " & Process & ""
            Process_Collection = GetObject(strWinMgt).ExecQuery(strQuery)

            For Each objService In Process_Collection
                errReturnCode = objService.StopService()
            Next
        Next



**************

The only real difference I am seeing here is around this line in the WMI script:

 Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & mach & "\root\cimv2")

**************


Im not sure how to set the impersonationLevel in VB.net like it should be.....

Results are if I use the .NET form, it does not stop the processes, but the VB script does.... can anyone help?
0
Comment
Question by:phesser
  • 4
  • 2
6 Comments
 
LVL 7

Expert Comment

by:sj_hicks
ID: 12081441
Note that you should be using the Terminate.  The StopService method does not exist in Win32_Process.

Below is code I've use to call the WMI shutdown WMI method in VB.NET (*tested*).  This shows how one way of executing WMI methods ion VB.NET:

        Dim strComputer As String = "."
        Dim options As New ConnectionOptions
        options.Impersonation = ImpersonationLevel.Impersonate
        options.EnablePrivileges = True
        ' Select all from WMI class Win32_OperatingSystem
        Dim ms As New ManagementScope("\\" & strComputer & "\root\CIMV2", options)
        Dim q As New SelectQuery("SELECT * FROM Win32_OperatingSystem")
        Dim search As New ManagementObjectSearcher(ms, q)

        ' methodArgs defines the options to shutdown with
        Dim methodArgs() As Object = {shutdownFlags, 0}
        ' enum each entry for Win32_OperatingSystem and call WMI Win32Shutdown method
        Dim os As ManagementObject
        For Each os In search.Get()
            os.InvokeMethod("Win32Shutdown", methodArgs)
        Next


So you'd probably need to do something like the following (*untested*) to terminate processes:

        Dim strComputer As String = "."
        Dim options As New ConnectionOptions
        options.Impersonation = ImpersonationLevel.Impersonate
        options.EnablePrivileges = True

        Dim ms As New ManagementScope("\\" & strComputer & "\root\CIMV2", options)
        Dim q As New SelectQuery(""select * from Win32_Process where Name=" & strProcessName)
        Dim search As New ManagementObjectSearcher(ms, q)

        Dim os As ManagementObject
        For Each os In search.Get()
            os.InvokeMethod("Terminate")
        Next


Hope this helps.
0
 

Author Comment

by:phesser
ID: 12084206
sj_hicks,

I tried your process and had 2 problems, here is my code snippet::

**************************************************************
        Processes.Add("radskman")
        Processes.Add("radpinit")
        Processes.Add("radconct")
        Processes.Add("radrexxw")

        Dim strWinMgt
        Dim strQuery, strComputerName
        Dim Process_Collection

        Dim strComputer As String = "."
        Dim options As New ConnectionOptions
        options.Impersonation = ImpersonationLevel.Impersonate
        options.EnablePrivileges = True

        For Each Process In Processes
            Dim ms As New ManagementScope("\\" & strComputer & "\root\CIMV2", options)
            Dim q As New SelectQuery("select * from Win32_Process where Name=" & Process & "")
            Dim search As New ManagementObjectSearcher(ms, q)

            Dim os As ManagementObject
            For Each os In search.Get()
                os.InvokeMethod("Terminate")
            Next
        Next


****************************************************

I had to format the line below differently:
Dim q As New SelectQuery("select * from Win32_Process where Name=" & Process & "")

And this line was getting an error " Overload resolution failed becase no "InvokeMethod" accepts this number of arguments"
os.InvokeMethod("Terminate")

Have any clues on how to fix it?
0
 

Author Comment

by:phesser
ID: 12087093
Raising the points, really need an answer on this one...

IMPORTANT NOTE:  These are processes that are 'spawned' from services..these are not services directly, if that makes a difference.

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:phesser
ID: 12089599
Also note, applications like PSKill work to kill these processes...thats what I am trying to mimic but with inherent vb.net code.

Increasing points to 350.
0
 
LVL 7

Accepted Solution

by:
sj_hicks earned 400 total points
ID: 12098131
Hey phesser,

The modified code below is tested and successfully kills the process named myapp.exe.  I've only tested on current computer, but WMI shouldn't have any problems killing the processes on remote machines if you have the appropriate access.  This code requires a reference to System.Management.

        Dim strProcess As String
        Dim methodArgs() As Object = {}
        Dim strComputer As String = "."
        Dim options As New ConnectionOptions

        strProcess = "myapp.exe"

        options.Impersonation = ImpersonationLevel.Impersonate
        options.EnablePrivileges = True

        Dim ms As New ManagementScope("\\" & strComputer & "\root\CIMV2", options)
        Dim q As New SelectQuery("select * from Win32_Process where Name='" & strProcess & "'")
        Dim search As New ManagementObjectSearcher(ms, q)

        Dim wmiprocess As ManagementObject
        For Each wmiprocess In search.Get()
            wmiprocess.InvokeMethod("Terminate", methodArgs)
        Next
0
 

Author Comment

by:phesser
ID: 12103358
sj_hicks, you are the man, appreciate the help...that works quite well :)

Increasing the points to 400 for exceptional work.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I think the Typed DataTable and Typed DataSet are very good options when working with data, but I don't like auto-generated code. First, I create an Abstract Class for my DataTables Common Code.  This class Inherits from DataTable. Also, it can …
Microsoft Reports are based on a report definition, which is an XML file that describes data and layout for the report, with a different extension. You can create a client-side report definition language (*.rdlc) file with Visual Studio, and build g…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now