通过C++调用Com接口

头文件

#include 
#include 
#include 
#include 
using namespace std;
#pragma comment(lib, "Rpcrt4.lib")

72C24DD5-D70A-438B-8A42-98424B88AFB8

通过Wscript.Shell来创建进程:

void WscriptShell() {
	CLSID clsidshell;
	LPDISPATCH lpDisp;
	HRESULT hres = E_FAIL;
	hres = CoInitializeEx(0, COINIT_MULTITHREADED);
	hres = CLSIDFromString(L"{72C24DD5-D70A-438B-8A42-98424B88AFB8}", &clsidshell);
	if (FAILED(hres)){
		printf("CLSIDFromProgID or CLSIDFromString failed %x \n", hres);
		CoUninitialize();
		return;
	}
	hres = CoCreateInstance(clsidshell, NULL, CLSCTX_INPROC_SERVER, IID_IDispatch, (LPVOID *)&lpDisp);
	if (FAILED(hres)) {
		printf("CoCreateInstance failed %x \n", hres);
		CoUninitialize();
		return;
	}
	LPOLESTR pFuncName = (LPOLESTR)L"Run";
	DISPID Run;
	hres = lpDisp->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
	if (FAILED(hres)) {
		printf("lpDisp->GetIDsOfNames (%s) failed %x \n", pFuncName, hres);
	}
	VARIANTARG V[1];
	V[0].vt = VT_BSTR;
	V[0].bstrVal = _bstr_t(L"calc.exe");
	DISPPARAMS disParams3 = { V, NULL, 1, 0 };
	VARIANT pVarResult3;
	hres = lpDisp->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, &disParams3, &pVarResult3, NULL, NULL);
	if (FAILED(hres))
		printf("lpDisp->Invoke failed %x \n", hres);
}

利用helppane.exe接口来执行com调用

IHxInteractiveUserExecute

CLSID: 8CEC58E7-07A1-11D9-B15E-000D56BFE6EE
IID: 8CEC595B-07A1-11D9-B15E-000D56BFE6EE

MIDL_INTERFACE("8CEC595B-07A1-11D9-B15E-000D56BFE6EE")
IHxInteractiveUser : public IUnknown{
public:
	virtual 	HRESULT STDMETHODCALLTYPE Execute(__RPC__in LPWSTR pcUrl);
};

void IHxInteractiveUserExecute() {
	CLSID clsidshell;
	IID iid;
	IHxInteractiveUser* lpDisp;
	HRESULT hres = E_FAIL;
	hres = CoInitializeEx(0, COINIT_MULTITHREADED);
	IIDFromString(L"{8CEC58E7-07A1-11D9-B15E-000D56BFE6EE}", &clsidshell);
	IIDFromString(L"{8CEC595B-07A1-11D9-B15E-000D56BFE6EE}", &iid);
	hres = CoCreateInstance(clsidshell, 0i64, 0x17u, iid, (LPVOID *)&lpDisp);
	if (FAILED(hres))
	{
		printf("CoCreateInstance failed %x \n", hres);
		CoUninitialize();
		return;
	}
	lpDisp->Execute((LPWSTR)TEXT("file:///C:/Windows/system32/notepad.exe"));
	if (FAILED(hres))
		printf("lpDisp->Execute failed %x \n", hres);
	CoUninitialize();
}

IHxHelpPaneServerExecute

CLSID: 8CEC58AE-07A1-11D9-B15E-000D56BFE6EE
IID: 8CEC592C-07A1-11D9-B15E-000D56BFE6EE

MIDL_INTERFACE("8CEC592C-07A1-11D9-B15E-000D56BFE6EE")
IHxHelpPaneServer : public IUnknown{
public:
	virtual		HRESULT STDMETHODCALLTYPE DisplayTask(__RPC__in BSTR bstrUrl);
	virtual 	HRESULT STDMETHODCALLTYPE DisplayContents(__RPC__in BSTR bstrUrl);
	virtual 	HRESULT STDMETHODCALLTYPE DisplaySearchResults(__RPC__in BSTR bstrSearchQuery);
	virtual 	HRESULT STDMETHODCALLTYPE Execute(__RPC__in LPWSTR pcUrl);
};

void IHxHelpPaneServerExecute() {
	CLSID clsidshell;
	IID iid;
	IHxHelpPaneServer* lpDisp;
	HRESULT hres = E_FAIL;
	hres = CoInitializeEx(0, COINIT_MULTITHREADED);
	IIDFromString(L"{8CEC58AE-07A1-11D9-B15E-000D56BFE6EE}", &clsidshell);
	IIDFromString(L"{8CEC592C-07A1-11D9-B15E-000D56BFE6EE}", &iid);
	hres = CoCreateInstance(clsidshell, 0i64, 0x17u, iid, (LPVOID *)&lpDisp);
	lpDisp->Execute((LPWSTR)TEXT("file:///C:/Windows/system32/notepad.exe"));
	if (FAILED(hres))
		printf("lpDisp->Execute failed %x \n", hres);
	CoUninitialize();
}

利用mmc.exe接口来执行com调用

CLSID: 49b2791a-b1ae-4c90-9b8e-e860ba07f889

$com = [activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application"))
$com.Document.ActiveView.ExecuteShellCommand('cmd.exe',"C:\\","/c calc.exe","Minimized")

void MMC20Executeshellcommand()
{
	CLSID clsidshell;
	LPDISPATCH lpDisp;
	HRESULT hres = E_FAIL;
	hres = CoInitializeEx(0, COINIT_MULTITHREADED);
	hres = CLSIDFromString(L"{49b2791a-b1ae-4c90-9b8e-e860ba07f889}", &clsidshell);

	if (FAILED(hres)){
		printf("CLSIDFromProgID or CLSIDFromString failed %x \n", hres);
		CoUninitialize();
		return;
	}

	hres = CoCreateInstance(clsidshell, NULL, CLSCTX_LOCAL_SERVER, IID_IDispatch, (LPVOID *)&lpDisp);
	if (FAILED(hres)){
		printf("CoCreateInstance failed %x \n", hres);
		CoUninitialize();
		return;
	}

	LPOLESTR pFuncName = (LPOLESTR)L"Document";
	DISPID Run;
	hres = lpDisp->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
	if (FAILED(hres))
	{
		printf("GetIDsOfNames failed %x \n", hres);
		lpDisp->Release();
		CoUninitialize();
		return;
	}

	DISPPARAMS disParams = { NULL, NULL, 0, 0 };
	VARIANT pVarResult;
	hres = lpDisp->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_PROPERTYGET, &disParams, &pVarResult, NULL, NULL);
	if (FAILED(hres))
		printf("Invoke failed %x \n", hres);

	if (pVarResult.vt == VT_DISPATCH)
	{
		LPDISPATCH lpDisp2 = pVarResult.pdispVal;

		LPOLESTR pFuncName = (LPOLESTR)L"ActiveView";
		DISPID Run;
		hres = lpDisp2->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
		if (FAILED(hres))
		{
			printf("lpDisp2->GetIDsOfNames failed %x \n", hres);
		}

		DISPPARAMS disParams2 = { NULL, NULL, 0, 0 };
		VARIANT pVarResult2;
		hres = lpDisp2->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_PROPERTYGET, &disParams2, &pVarResult2, NULL, NULL);
		if (FAILED(hres))
			printf("lpDisp2->Invoke failed %x \n", hres);
		if (pVarResult2.vt == VT_DISPATCH)
		{
			LPDISPATCH lpDisp3 = pVarResult2.pdispVal;

			LPOLESTR pFuncName = (LPOLESTR)L"Executeshellcommand";
			DISPID Run;
			hres = lpDisp3->GetIDsOfNames(IID_NULL, &pFuncName, 1, LOCALE_SYSTEM_DEFAULT, &Run);
			if (FAILED(hres)){
				printf("lpDisp3->GetIDsOfNames failed %x \n", hres);
			}

			VARIANTARG V[4];
			V[0].vt = VT_BSTR;
			V[0].bstrVal = _bstr_t(L"");
			V[1].vt = VT_BSTR;
			V[1].bstrVal = _bstr_t(L"");
			V[2].vt = VT_BSTR;
			V[2].bstrVal = _bstr_t(L"");
			V[3].vt = VT_BSTR;
			V[3].bstrVal = _bstr_t(L"calc.exe");
			DISPPARAMS disParams3 = { V, NULL, 4, 0 };
			VARIANT pVarResult3;
			hres = lpDisp3->Invoke(Run, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, &disParams3, &pVarResult3, NULL, NULL);
			if (FAILED(hres))
				printf("lpDisp3->Invoke failed %x \n", hres);
		}
	}
	lpDisp->Release();
	CoUninitialize();
	return;
}