Gigglestick Posted December 20, 2005 Share Posted December 20, 2005 This is a tutorial on how to access WMI Win32 classes using objects.Here is the top-level class list from the MSDN: http://msdn.microsoft.com/library/en-us/wm...n32_classes.aspBelow is an example of how to use the Win32_Process class. See http://msdn.microsoft.com/library/default....n32_process.asp for the actual definition of the Win32_Process WMI class.Here is our script in its entirety:Dim $strComputer = "." Dim $strFindProcess = "Notepad.exe" Dim $objWMI, $colResults, $objItem, $intCount, $answer $objWMI = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2") $colResults = $objWMI.ExecQuery("Select * from Win32_Process WHERE Name = '" & $strFindProcess & "'"); Note the single quotes $intCount = $colResults For $objItem in $colResults If $objItem.GetOwner(@UserName, @LogonDomain) = 0 Then $answer = MsgBox(1+64, $intCount & " Processes Found", @LogonDomain & "\" & @UserName & " is running notepad.exe" & @LF & _ "The path is " & $objItem.ExecutablePath & @LF & _ "It is running with a priority of " & $objItem.Priority & " (Max is 31 for highest priority)") If $answer = 2 Then ExitLoop; Cancel button EndIf NextNow let's break it down and explain the parts...Our script begins by defining variables. For $strComputer, "." is the local computer, otherwise use the NETBIOS name or FQDN of a remote computer.Dim $strComputer = "." Dim $strFindProcess = "Notepad.exe" Dim $objWMI, $colResults, $objItem, $intCount, $answerLet's define the object that will run our query.$objWMI = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")Next, let's run our query, which results in a "collection". ExecuteQuery accepts standard TransactSQL querying commands (SELECT, FROM, WHERE, ORDER BY, etc.) See http://msdn.microsoft.com/library/en-us/ts...sqlcon_6lyk.asp for more info. For this example, we'll query for processes (executable programs) running on the computer that are named "notepad.exe" and do something with each of those processes. Note that, depending on your level of access (Administrator vs. User), you may or may not see processes belonging to other users (Services running as SYSTEM or other users logged onto a Terminal Services server).$colResults = $objWMI.ExecQuery("Select * from Win32_Process WHERE Name = '" & $strFindProcess & "'"); Note the single quotesSince $colResults is a collection, it automatically has a property of "Count".$intCount = $colResults.CountNow we can loop through our collection one item at a time. For each loop, $objItem will "be" one of the items in the $colItems collection and will have its own set of properties defined in the MSDN (See link above).For $objItem in $colResultsNow let's do something with $objItem. Notice the methods in the definition at the bottom of this post. GetOwner requires a username and domain name and will return zero (0) if the process DOES belong to the user. It will return a non-zero value as an error, which you can lookup here.If $objItem.GetOwner(@UserName, @LogonDomain) = 0 Then $answer = MsgBox(1+64, $intCount & " Processes Found", @LogonDomain & "\" & @UserName & " is running notepad.exe" & @LF & _ "The path is " & $objItem.ExecutablePath & @LF & _ "It is running with a priority of " & $objItem.Priority & " (Max is 31 for highest priority)") If $answer = 2 Then ExitLoop; Cancel buttonThis is the end of our For loop.NextThat's all there is to it!Now here is the definition of the Win32_Process WMI class from http://msdn.microsoft.com/library/en-us/wm...n32_process.asp. Any of the items between the brackets ("{}") can be used above, as in $objItem.ItemName. The string, uint16, datetime stuff indicates what type of data will be returned.expandcollapse popupclass Win32_Process : CIM_Process { string Caption; string CommandLine; string CreationClassName; datetime CreationDate; string CSCreationClassName; string CSName; string Description; string ExecutablePath; uint16 ExecutionState; string Handle; uint32 HandleCount; datetime InstallDate; uint64 KernelModeTime; uint32 MaximumWorkingSetSize; uint32 MinimumWorkingSetSize; string Name; string OSCreationClassName; string OSName; uint64 OtherOperationCount; uint64 OtherTransferCount; uint32 PageFaults; uint32 PageFileUsage; uint32 ParentProcessId; uint32 PeakPageFileUsage; uint64 PeakVirtualSize; uint32 PeakWorkingSetSize; uint32 Priority; uint64 PrivatePageCount; uint32 ProcessId; uint32 QuotaNonPagedPoolUsage; uint32 QuotaPagedPoolUsage; uint32 QuotaPeakNonPagedPoolUsage; uint32 QuotaPeakPagedPoolUsage; uint64 ReadOperationCount; uint64 ReadTransferCount; uint32 SessionId; string Status; datetime TerminationDate; uint32 ThreadCount; uint64 UserModeTime; uint64 VirtualSize; string WindowsVersion; uint64 WorkingSetSize; uint64 WriteOperationCount; uint64 WriteTransferCount; };It has what are called "methods." Notice in the code above that we check for the owner by calling $objItem.GetOwner(...). A method is a function of the class that returns a value, just as the properties above do, except that methods require additional parameters. In the case of GetOwner, it wants you to specify a username and domain so it can tell if the process you're querying belongs to that user. In my example above, I just happen to use the current users info (@Username & @LogonDomain).uint32 GetOwner(string User, string Domain); uint32 SetPriority(sint32 Priority); uint32 Terminate(uint32 Reason);(There are other methods, but this subset will suffice for this example.) My UDFs: ExitCodes Link to comment Share on other sites More sharing options...
ptrex Posted December 20, 2005 Share Posted December 20, 2005 But if you use the SCRITPOMATIC.AU3 tool, you don't need to type the code by hand. all the code is generated automatically. Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
Gigglestick Posted December 20, 2005 Author Share Posted December 20, 2005 But if you use the SCRITPOMATIC.AU3 tool, you don't need to type the code by hand. all the code is generated automatically. Rrrrrriiiiiiiiight... So, for all the newbies who want to understand how to use objects, here you go. My UDFs: ExitCodes Link to comment Share on other sites More sharing options...
ioliver Posted December 20, 2005 Share Posted December 20, 2005 Thanks for the tutorial... I didn't realize AutoIt had WMI support... That's great. Ian "Blessed be the name of the Lord" - Job 1:21Check out Search IMF Link to comment Share on other sites More sharing options...
Klaatu Posted December 20, 2005 Share Posted December 20, 2005 2 points: 1) AutoIt (beta) doesn't have specific support for WMI; it has general support for COM objects, of which WMI is one. 2) Isn't this whole thread only applicable to the beta version of AutoIt? I don't think the current release version supports COM, does it? Anyway, if this applies to beta only, it might be good to specify that in your post so someone with the release version doesn't try your example and get frustrated with the (lack of) results. My Projects:DebugIt - Debug your AutoIt scripts with DebugIt! Link to comment Share on other sites More sharing options...
Rece Posted January 1, 2006 Share Posted January 1, 2006 Can I use INSERT or only SELECT? I would like to write to the event log (Win32_NTLogEvent)... Link to comment Share on other sites More sharing options...
coopdaveel Posted January 6, 2011 Share Posted January 6, 2011 Thank you! "It has what are called "methods." Notice in the code above that we check for the owner by calling $objItem.GetOwner(...). A method is a function of the class that returns a value, just as the properties above do, except that methods require additional parameters." That's what I needed to get my script going. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now