Event Notification using Windows MAnagement Instrumentation
-
hi all iam working on WMI . iam trying to write an application for Event notification. Iam usimg Win32_Process class, and ExecNotificationQuery for WQl query. Iam trying to display a message when a new process is created. my WQL query is hres = pSvc->ExecNotificationQuery( bstr_t("WQL"), bstr_t("SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process' And (TargetInstance.Name = 'notepad.exe' OR TargetInstance.Name = 'calc.exe' ) "), WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator); if iam not wrong ,After executing this query TargetInstance will be Instance of WIn32_process class. and now iam trying extract data usoing this statement hr = pclsObj->Get(L("TargetInstance.Name"), 0, &vtProp, 0, 0); but iam not able to get value of Name property of Win32_Process class into vtProp where vtProp is of type VARIANT. IWbemClassObject->Get( LPCWSTR wszName,LONG lFlags, VARIANT* pVal,CIMTYPE* pvtType, LONG* plFlavor) is used to retrieves Specified property value. but here iam using it for getting value fron an istance i.e TargetInstance.Name. Is it the correct way to do if not please help me in extracting value of Name Property. Please help me in solving this . Thanks in advance abhi
-
hi all iam working on WMI . iam trying to write an application for Event notification. Iam usimg Win32_Process class, and ExecNotificationQuery for WQl query. Iam trying to display a message when a new process is created. my WQL query is hres = pSvc->ExecNotificationQuery( bstr_t("WQL"), bstr_t("SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process' And (TargetInstance.Name = 'notepad.exe' OR TargetInstance.Name = 'calc.exe' ) "), WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator); if iam not wrong ,After executing this query TargetInstance will be Instance of WIn32_process class. and now iam trying extract data usoing this statement hr = pclsObj->Get(L("TargetInstance.Name"), 0, &vtProp, 0, 0); but iam not able to get value of Name property of Win32_Process class into vtProp where vtProp is of type VARIANT. IWbemClassObject->Get( LPCWSTR wszName,LONG lFlags, VARIANT* pVal,CIMTYPE* pvtType, LONG* plFlavor) is used to retrieves Specified property value. but here iam using it for getting value fron an istance i.e TargetInstance.Name. Is it the correct way to do if not please help me in extracting value of Name Property. Please help me in solving this . Thanks in advance abhi
abhiramsss wrote:
hr = pclsObj->Get(L("TargetInstance.Name"), 0, &vtProp, 0, 0);
I doubt you can get the TargetInstance.Name this way. I'd Get the TargetInstance, put that into a IWbemClassObject, then call Get again to retrieve the Name property of TargetInstance.
-
abhiramsss wrote:
hr = pclsObj->Get(L("TargetInstance.Name"), 0, &vtProp, 0, 0);
I doubt you can get the TargetInstance.Name this way. I'd Get the TargetInstance, put that into a IWbemClassObject, then call Get again to retrieve the Name property of TargetInstance.
I want to display a message when a process is closed can u please advice me regarding this. Thanks in Advance abhi
-
I want to display a message when a process is closed can u please advice me regarding this. Thanks in Advance abhi
-
Once you've got the ProcessID, open up a handle to it and wait on it. I *think* :~ you can get the process handle directly by Win32_Process::Handle, but in case you can't OpenProcess/WaitForSingleObject will work.
Hi iam working on WMI(windows MAnagement Instrumentation). i have created a sample application using WIn32_process class . iam able to display messages when an Process is opened or closed. now what i want to do is to create an object and then register a call back function . This class also take process names through another method . this class should call the above callbackfunction when one of the process(taken through the above method) is either started or exited. can you please suggest me how to procedd with this task. Thanks in advance abhi
-
Once you've got the ProcessID, open up a handle to it and wait on it. I *think* :~ you can get the process handle directly by Win32_Process::Handle, but in case you can't OpenProcess/WaitForSingleObject will work.
HI i want to create a wrapper class of win32_Process class and i want to define my own methods into that wrapper class and after that i want to display messages whenever a new process is started or class using that wrapper class . Can you please suggest how to procedd with this Thanks in Advance abhi
-
Once you've got the ProcessID, open up a handle to it and wait on it. I *think* :~ you can get the process handle directly by Win32_Process::Handle, but in case you can't OpenProcess/WaitForSingleObject will work.
Can u please suggest me how to write call back function for Event notification whenever a new process is executed using WMI Thanks Abhi abhi
-
Can u please suggest me how to write call back function for Event notification whenever a new process is executed using WMI Thanks Abhi abhi
Let's start off with a little modification of your original code. Use this WMI query instead, "Select * From Win32_ProcessStartTrace" to get notified of process creation. Now to receive notification whenever a new Win32_ProcessStartTrace is fired, you need to invoke that WMI query with ExecNotificationQueryAsync. This operates almost exactly like ExecNotificationQuery, except it takes one extra parameter: a pointer to your implementation of IWbemObjectSink. If you don't have an implementation of IWbemObjectSink, just use the stock implementation from MSDN[^] or Codeproject[^]. But why do you need to be notified when a new process is being created? What are you going to do to the process?
-
Let's start off with a little modification of your original code. Use this WMI query instead, "Select * From Win32_ProcessStartTrace" to get notified of process creation. Now to receive notification whenever a new Win32_ProcessStartTrace is fired, you need to invoke that WMI query with ExecNotificationQueryAsync. This operates almost exactly like ExecNotificationQuery, except it takes one extra parameter: a pointer to your implementation of IWbemObjectSink. If you don't have an implementation of IWbemObjectSink, just use the stock implementation from MSDN[^] or Codeproject[^]. But why do you need to be notified when a new process is being created? What are you going to do to the process?
thanks for your suggestion i will try to implement it. actually iam working on a network. so now i want to display messages remotely . Saty there aretwo machines A and B so whenever a exe is executed on machine B it should display message on machine A, so please suggest me how to work remotely using WMI. Thanks in Advance abhi abhi
-
thanks for your suggestion i will try to implement it. actually iam working on a network. so now i want to display messages remotely . Saty there aretwo machines A and B so whenever a exe is executed on machine B it should display message on machine A, so please suggest me how to work remotely using WMI. Thanks in Advance abhi abhi
I thought Windows already provided this functionality via the Event logs. System Policy editor (gpedit.msc) -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> Audit process tracking (audit success). :doh: Unfortunately, this option also audits a heap of other events, in addition to process startup/shutdown.
-
I thought Windows already provided this functionality via the Event logs. System Policy editor (gpedit.msc) -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> Audit process tracking (audit success). :doh: Unfortunately, this option also audits a heap of other events, in addition to process startup/shutdown.
Hi, Can u please suggest me how to get WMI data from a remote computer Can u please suggest me the changes i have to do in Connectserver Function and the required DCOM settings required to access data remotely. Thank you Abhi abhi
-
I thought Windows already provided this functionality via the Event logs. System Policy editor (gpedit.msc) -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> Audit process tracking (audit success). :doh: Unfortunately, this option also audits a heap of other events, in addition to process startup/shutdown.
hi iam trying to access remote data using the following arguments in ConnectServer hres = pLoc->ConnectServer( _bstr_t(L"\\\\test\\root\\cimv2"), _bstr_t(L"kumar"), // User name _bstr_t(L"Keta001"), // User password _bstr_t(L"MS_409"), // Locale NULL, // Security flags _bstr_t(L"CRAFT"), // Authority 0, // Context object &pSvc // IWbemServices proxy ); where test is the name of testPC kumar is the username of remote PC Keta001 is the password CRAFT is the domain name but when iam running my application iam getting error cannot be connected error code 80041008 can u please suggest how to solve this. Thanks In Advance abhi
-
I thought Windows already provided this functionality via the Event logs. System Policy editor (gpedit.msc) -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> Audit process tracking (audit success). :doh: Unfortunately, this option also audits a heap of other events, in addition to process startup/shutdown.
hi when iam tryig to acquire UPS data using WIN32_UninterruptiblePowerSupply class of WMI ,iam not able to get the output,and i have searched on net for the solution , what i found is Most UPS's now days disable native OS support when they install, because they want to use their agent program instead. A good example is APC. So if your using an APC by default it turns off UPS support (Maybe MS needs to beef up the UPS support so APC doesnt feel they need to do this for functionality). So in this case WMI wont be any help. But IF your UPS uses the built in UPS support Windows provides then you should be ok can u please elaborate on this and tell me how to get UPS data. Thanks in Advance abhi
-
I thought Windows already provided this functionality via the Event logs. System Policy editor (gpedit.msc) -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> Audit process tracking (audit success). :doh: Unfortunately, this option also audits a heap of other events, in addition to process startup/shutdown.
Hi iam working on winows 2003 clustering and i have to use WMI. can u please help me with waht all we can do with WMI wrt to clustering and can i have sample scripts Thanks in advance
abhi