Skip to content
An implementation of PSExec in C#
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

CSExec (a C Sharp psexec implementation)

This is an example for how to implement psexec (from SysInternals Suite) functionality, but in open source C#. This does not implement all of the psexec functionality, but it does implement the equivalent functionality to running: psexec -s \\target-host cmd.exe


psexec works by doing the following steps:

  • copy a windows service executable (psexecsvc.exe) that is embedded within the psexec.exe binary to \\target-host\admin$\system32
  • remotely connect to the service control manager on \\target-host to install and start the psexecsvc.exe service
  • connect to the named pipe on the target host: \\target-host\pipe\psexecsvc
  • send commands to the psexecsvc via the named pipe
  • receive output via the psexecsvc named pipe
  • upon exit, uninstall service, delete service executable

This project csexec mimicks those steps in native C# with only a minimal amount of pinvoke for the remote service installation. It's actually surprisingly simple and takes a very minimal amount of code to implement.

The primary difference between this and psexec is that it must determine the .NET runtime on the remote host in order to install the correctly compiled service executable.

Build in Visual Studio to create .NET 3.5, 4.0, and 4.5 executables for your client preference (Win 7 - Win 10+).

You can’t perform that action at this time.