通过C++调用Com接口

头文件

#include <iostream>
#include <Windows.h>
#include <comdef.h>
#include <rpcdce.h>
using namespace std;
#pragma comment(lib, "Rpcrt4.lib")

72C24DD5-D70A-438B-8A42-98424B88AFB8

通过Wscript.Shell来创建进程:

void WscriptShell() {CLSID clsidshell;LPDISPATCH lpDisp;HRESULT hres = E_FAIL;hres = CoInitializeEx(0, COINIT_MULTITHREADED);hres = CLSIDFromString(L"{72C24DD5-D70A-438B-8A42-98424B88AFB8}", &clsidshell);if (FAILED(hres)){printf("CLSIDFromProgID or CLSIDFromString failed %x \n", hres);CoUninitialize();return;}hres = CoCreateInstance(clsidshell, NULL, CLSCTX_INPROC_SERVER, IID_IDispatch, (LPVOID *)&lpDisp);if (FAILED(hres)) {printf("CoCreateInstance failed %x \n", hres);CoUninitialize();return;}LPOLESTR pFuncName = (LPOLESTR)L"Run";DISPID Run;hres = lpDisp->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);if (FAILED(hres)) {printf("lpDisp->GetIDsOfNames (%s) failed %x \n", pFuncName, hres);}VARIANTARG V[1];V[0].vt = VT_BSTR;V[0].bstrVal = _bstr_t(L"calc.exe");DISPPARAMS disParams3 = { V, NULL, 1, 0 };VARIANT pVarResult3;hres = lpDisp->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, &disParams3, &pVarResult3, NULL, NULL);if (FAILED(hres))printf("lpDisp->Invoke failed %x \n", hres);
}

利用helppane.exe接口来执行com调用

IHxInteractiveUserExecute

CLSID: 8CEC58E7-07A1-11D9-B15E-000D56BFE6EE
IID: 8CEC595B-07A1-11D9-B15E-000D56BFE6EE

MIDL_INTERFACE("8CEC595B-07A1-11D9-B15E-000D56BFE6EE")
IHxInteractiveUser : public IUnknown{
public:virtual 	HRESULT STDMETHODCALLTYPE Execute(__RPC__in LPWSTR pcUrl);
};void IHxInteractiveUserExecute() {CLSID clsidshell;IID iid;IHxInteractiveUser* lpDisp;HRESULT hres = E_FAIL;hres = CoInitializeEx(0, COINIT_MULTITHREADED);IIDFromString(L"{8CEC58E7-07A1-11D9-B15E-000D56BFE6EE}", &clsidshell);IIDFromString(L"{8CEC595B-07A1-11D9-B15E-000D56BFE6EE}", &iid);hres = CoCreateInstance(clsidshell, 0i64, 0x17u, iid, (LPVOID *)&lpDisp);if (FAILED(hres)){printf("CoCreateInstance failed %x \n", hres);CoUninitialize();return;}printf("lpDisp %p \n", lpDisp);system("pause");lpDisp->Execute((LPWSTR)TEXT("file:///C:/Windows/system32/notepad.exe"));CoUninitialize();
}

IHxHelpPaneServerExecute

CLSID: 8CEC58AE-07A1-11D9-B15E-000D56BFE6EE
IID: 8CEC592C-07A1-11D9-B15E-000D56BFE6EE

MIDL_INTERFACE("8CEC592C-07A1-11D9-B15E-000D56BFE6EE")
IHxHelpPaneServer : public IUnknown{
public:virtual		HRESULT STDMETHODCALLTYPE DisplayTask(__RPC__in BSTR bstrUrl);virtual 	HRESULT STDMETHODCALLTYPE DisplayContents(__RPC__in BSTR bstrUrl);virtual 	HRESULT STDMETHODCALLTYPE DisplaySearchResults(__RPC__in BSTR bstrSearchQuery);virtual 	HRESULT STDMETHODCALLTYPE Execute(__RPC__in LPWSTR pcUrl);
};void IHxHelpPaneServerExecute() {CLSID clsidshell;IID iid;IHxHelpPaneServer* lpDisp;HRESULT hres = E_FAIL;hres = CoInitializeEx(0, COINIT_MULTITHREADED);IIDFromString(L"{8CEC58AE-07A1-11D9-B15E-000D56BFE6EE}", &clsidshell);IIDFromString(L"{8CEC592C-07A1-11D9-B15E-000D56BFE6EE}", &iid);hres = CoCreateInstance(clsidshell, 0i64, 0x17u, iid, (LPVOID *)&lpDisp);lpDisp->Execute((LPWSTR)TEXT("file:///C:/Windows/system32/notepad.exe"));if (FAILED(hres)){printf("CoCreateInstance failed %x \n", hres);CoUninitialize();return;}CoUninitialize();
}

利用mmc.exe接口来执行com调用

CLSID: 49b2791a-b1ae-4c90-9b8e-e860ba07f889

$com = [activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application"))
$com.Document.ActiveView.ExecuteShellCommand('cmd.exe',"C:\\","/c calc.exe","Minimized")

void MMC20Executeshellcommand()
{CLSID clsidshell;LPDISPATCH lpDisp;HRESULT hres = E_FAIL;hres = CoInitializeEx(0, COINIT_MULTITHREADED);hres = CLSIDFromString(L"{49b2791a-b1ae-4c90-9b8e-e860ba07f889}", &clsidshell);if (FAILED(hres)){printf("CLSIDFromProgID or CLSIDFromString failed %x \n", hres);CoUninitialize();return;}hres = CoCreateInstance(clsidshell, NULL, CLSCTX_LOCAL_SERVER, IID_IDispatch, (LPVOID *)&lpDisp);if (FAILED(hres)){printf("CoCreateInstance failed %x \n", hres);CoUninitialize();return;}LPOLESTR pFuncName = (LPOLESTR)L"Document";DISPID Run;hres = lpDisp->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);if (FAILED(hres)){printf("GetIDsOfNames failed %x \n", hres);lpDisp->Release();CoUninitialize();return;}DISPPARAMS disParams = { NULL, NULL, 0, 0 };VARIANT pVarResult;hres = lpDisp->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_PROPERTYGET, &disParams, &pVarResult, NULL, NULL);if (FAILED(hres))printf("Invoke failed %x \n", hres);if (pVarResult.vt == VT_DISPATCH){LPDISPATCH lpDisp2 = pVarResult.pdispVal;LPOLESTR pFuncName = (LPOLESTR)L"ActiveView";DISPID Run;hres = lpDisp2->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);if (FAILED(hres)){printf("lpDisp2->GetIDsOfNames failed %x \n", hres);}DISPPARAMS disParams2 = { NULL, NULL, 0, 0 };VARIANT pVarResult2;hres = lpDisp2->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_PROPERTYGET, &disParams2, &pVarResult2, NULL, NULL);if (FAILED(hres))printf("lpDisp2->Invoke failed %x \n", hres);if (pVarResult2.vt == VT_DISPATCH){LPDISPATCH lpDisp3 = pVarResult2.pdispVal;LPOLESTR pFuncName = (LPOLESTR)L"Executeshellcommand";DISPID Run;hres = lpDisp3->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);if (FAILED(hres)){printf("lpDisp3->GetIDsOfNames failed %x \n", hres);}VARIANTARG V[4];V[0].vt = VT_BSTR;V[0].bstrVal = _bstr_t(L"");V[1].vt = VT_BSTR;V[1].bstrVal = _bstr_t(L"");V[2].vt = VT_BSTR;V[2].bstrVal = _bstr_t(L"");V[3].vt = VT_BSTR;V[3].bstrVal = _bstr_t(L"calc.exe");DISPPARAMS disParams3 = { V, NULL, 4, 0 };VARIANT pVarResult3;hres = lpDisp3->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, &disParams3, &pVarResult3, NULL, NULL);if (FAILED(hres))printf("lpDisp3->Invoke failed %x \n", hres);}}lpDisp->Release();CoUninitialize();return;
}