Figure 1 Enumerating System Information
' ENUM.VBS
set WMI = GetObject("WinMgmts:")
'Show description of all services
set objs = WMI.InstancesOf("Win32_Service")
for each obj in objs
WScript.Echo obj.Description
next
'Show description of all printers
set objs = WMI.InstancesOf("Win32_Printer")
for each obj in objs
WScript.Echo obj.Description
next
'Show description of all processes
set objs = WMI.InstancesOf("Win32_Process")
for each obj in objs
WScript.Echo obj.Description
next
'Show description of all processors
set objs = WMI.InstancesOf("Win32_Processor")
for each obj in objs
WScript.Echo obj.Description
next
Figure 2 The WMI Architecture
.gif) |
Figure 3 Providers that Ship with WMI
| Provider |
Description |
| Win32 provider |
Supplies information about the operating system, computer system, peripheral devices, file systems, and security. |
| WDM provider |
Supplies low-level Windows Driver Model information for user input devices, storage devices, network interfaces, and communications ports. |
| Event Log provider |
Allows Windows NT event log entries to be read, controls configuration of event log administrative options, and event log backup. WMI events can be generated as events and added to a log. |
| Registry provider |
Allows Registry keys to be created, read, and written. WMI events can be generated when specified Registry keys are modified. |
| Performance Counter provider |
Exposes the raw performance counter information used to compute the performance values shown in the System Monitor tool. Any performance counters installed on a system will automatically be visible through this provider. Only supported on Windows 2000. |
| Active Directory provider |
Acts as a gateway to all information stored in Microsoft Active Directory services. Allows information from both WMI and Active Directory to be accessed using a single API. |
| Windows Installer provider |
Allows complete control of the Windows Installer and installation of software through WMI. Also supplies information about any application installed with the Windows Installer. |
| SNMP provider |
Acts as a gateway to systems and devices that use SNMP for management. SNMP MIB object variables can be read and written. SNMP traps can be automatically mapped to WMI events. |
| View provider |
Allows new aggregated classes to be built from existing classes. Source classes can be filtered for only the information of interest. Information from multiple classes can be combined into a single class, and data from multiple machines can be aggregated into a single view. |
Figure 5 System Properties for all Classes
| Property |
Description |
| __Class |
Class name. |
| __Derivation |
Class hierarchy of the current class or instance. The first element is the immediate superclass, the next is its parent, and so on; the last element is the base class. |
| __Dynasty |
Name of the top-level class from which this class or instance is derived. When this class or instance is the top-level class, the values of __Dynasty and __Class are the same. |
| __Genus |
Value that is used to distinguish between classes and instances. This value is WBEM_GENUS_CLASS for classes and WBEM_GENUS_INSTANCE for instances. |
| __Namespace |
Name of the namespace from which this class or instance came. |
| __Path |
Full path to the class or instance, including server and namespace. |
| __Property_Count |
Number of nonsystem properties defined for the class or instance. |
| __Relpath |
Relative path to the class or instance. |
| __Server |
Name of the server supplying this class or instance. |
| __Superclass |
Name of the immediate parent class of the class or instance. |
Figure 6 WMI Basics
// Sample1.js
// Get a locator object
var locator = new ActiveXObject("WbemScripting.SWbemLocator");
// Connect to the default namespace on the current machine
// This can be configured, but is usually 'root\cimv2'
var service = locator.ConnectServer();
// Get an object that describes the Win32_LogicalDisk class
var diskclass = service.Get("Win32_LogicalDisk");
// Get an object that describes the instance of Win32_Logical disk
// for the 'C:' drive
var diskinstance = service.Get("Win32_LogicalDisk.DeviceID=\"C:\"");
Figure 9 Monitoring Process Creation
<html>
<head>
<object ID="mysink" CLASSID=
"CLSID:75718C9A-F029-11d1-A1AC-00C04FB6C223"></object>
</head>
<SCRIPT>
function window.onload()
{
var locator = new ActiveXObject ("WbemScripting.SWbemLocator");
var service = locator.ConnectServer();
szQuery = "SELECT * FROM __InstanceCreationEvent ";
szQuery += "WITHIN 1 ";
szQuery += "WHERE TargetInstance ISA 'Win32_Process'";
service.ExecNotificationQueryAsync(mysink,szQuery);
}
</SCRIPT>
<script FOR="mysink" EVENT="OnObjectReady(obj, objAsyncContext)">
document.all.info.innerHTML += obj.TargetInstance.Name + "<br>";
</script>
<body>
<span ID="info"></span>
</body>
</html>
Figure 10 Monitoring Floppy Insertion
<html>
<head>
<object ID="mysink" CLASSID=
"CLSID:75718C9A-F029-11d1-A1AC-00C04FB6C223"></object>
</head>
<SCRIPT>
function window.onload()
{
var locator = new ActiveXObject ("WbemScripting.SWbemLocator");
var service = locator.ConnectServer();
szQuery = "SELECT * FROM __InstanceModificationEvent ";
szQuery += "WITHIN 2.5 ";
szQuery += "WHERE TargetInstance ISA 'Win32_LogicalDisk' ";
szQuery += "and TargetInstance.Name='A:' ";
szQuery += "and PreviousInstance.Size != TargetInstance.Size ";
szQuery += "and TargetInstance.Size > 0";
service.ExecNotificationQueryAsync(mysink,szQuery);
}
</SCRIPT>
<script FOR="mysink" EVENT="OnObjectReady(obj, objAsyncContext)">
document.all.info.innerHTML += "FLOPPY INSERTED<br>";
</script>
<body>
<span ID="info"></span>
</body>
</html>