Well, you need to have a local version of the program to exploit. I do not think you can write a exploit against a service without having access to the service itself and some details of the system. You have to get the program somehow (using some other flaw or getting it from other server with lower security) or use your recon phase to gather enough information (OS version, service version, compiler, etc…) to rebuild a “close-enough” version of the service to develop the exploit whenever the service is publicly available (open source project for instance).
I’m not 100% sure but I do not think you can develop a remote exploit without some kind of access to the binary. If anybody know about any technique to achieve that I’m interested in knowing more 