HPCmd Utility Workflow

All HPCmd’s operations are based on public Microsoft Win32 APIs. The utility works in the following way:

  1. HPCmd connects to remote share drives using the Windows Win32 networking API (WNetAddConnection2). The share drives are “admin$” and ”IPC$”. After establishing connections, the utility copies the required files to the admin$\System32 directory (CopyFile API).

    Note The utility must have administrative privileges on the remote machine.

  2. HPCmd copies HPCmdSvc.exe to the remote machine’s admin$\System32 directory (HPCmdSvc.exe is a separate resource).

  3. HPCmd installs and starts the HPCmdService on the remote machine using the Win32 services API (OpenSCManager, OpenService, CreateService and StartService).

  4. HPCmdService creates and listens on a named pipe “\\pipe\\HPCmd_communication” for incoming messages to execute commands on the machine. This uses the Win32 interprocess communication API (CreateNamedPipe and ConnectNamedPipe). The pipe is created with the default security descriptor. For more information, see HPCmd Utility Risk Analysis.

  5. HPCmd opens a communication channel with the remote machine via a named pipe (WaitNamedPipe) and sends a message to HPCmdService (WriteFile). The message contains HPCmd’s process ID and the name of the executable to run along with its command line arguments.

  6. HPCmdService receives the message, creates three additional named pipes and launches the command. The pipes that are created have the following names:

    • \\pipe\\HPCmd_stdout<localMachineName><PID>
    • \\pipe\\HPCmd_stdin<localMachineName><PID>
    • \\pipe\\HPCmd_stderr<localMachineName><PID>

    where localMachineName is the IP address of HPCmd’s machine and PID is HPCmd’s process ID. The pipes are created for the purpose of redirecting stdin, stderr, and stdout from the command execution on a remote machine to the HPCmd utility.

  7. HPCmd connects to the three additional named pipes and consumes the data using these pipes.

  8. After all the commands have completed execution, HPCmd deletes the files that were copied to the remote share drive (DeleteFile) (in step 2 above) and closes the connections to the remote share drives. All the named pipes are closed by HPCmd, and in turn, the HPCmdService is stopped as well.