WMI persistence in C++

PostPosted:Fri Aug 19, 2016 2:12 pm
by geoffreyvdb
Hi, I was fiddling around with WMI to see how it all works and I'm having problems achieving WMI persistence in C++.

What I'm trying to do is get calc.exe to launch every time the system has booted up.
I've found a good explanation about what is needed to achieve this on slide 27 here: ... onKerr.pdf

Another document I've found interesting is the following: ... oor-wp.pdf
On page 16 there is a powershell example of what I want to do from the SEADADDY malware.

The problem is that I don't know how to translate this from powershell to C++, most of the WMI documentation on MSDN is for vbscript or powershell.
There are some C++ examples here but none of them describe how to create a permanent event: ... s.85).aspx