Detecting Management Events via Windows Management Instrumentation (WMI) technology

.NET Framework allows us to monitor and manage applications, devices, and system via WMI.System.Management namespace is at the core of WMI. There are several important objects withinSystem.Management name space.

 

NameDescription
DirectoryObjectSearcher Programmatically access resources
ManagementQuery Used for WMI queries
EventQuery Query object used to query WMI objects
ObjectQuery Query object for querying both instances and classes
ManagementObjectSearcher Class used to query a collection of ManagementObjects

For instance we can use System.Management to enumerate logical dirves.
ConnectionOptions DemoOptions = new ConnectionOptions();
DemoOptions.Username = "\\Gill";
DemoOptions.Password = "paass";
ManagementScope DemoScope = new ManagementScope("\\mymachinename", DemoOptions);
ObjectQuery DemoQuery = new ObjectQuery("SELECT Size, Name FROM Win32_LogicalDisk where DriveType=3");
ManagementObjectSearcher DemoSearcher = new ManagementObjectSearcher(DemoScope, DemoQuery);
ManagementObjectCollection AllObjects = DemoSearcher.Get();
foreach (ManagementObject DemoObject in AllObjects)
{
  Console.WriteLine("Resource Name: " + DemoObject["Name"].ToString());
  Console.WriteLine("Resource Size: " + DemoObject["Size"].ToString());
}

We can also use System.Management to enumerate network adapters like that
    public const String IP_Enabled = "IPEnabled";
    public const String IP_Address = "IPAddress";
    public const String IP_Subnet = "IPSubnet";
    public const String DNS_HostName = "DNSHostName";
    public const String DNS_Domain = "DNSDomain";
    public void EnumerateAllNetworkAdapters()
    {
      ManagementObjectSearcher DemoQuery = new ManagementObjectSearcher("SELECT * FROM Win32_NetworkAdapterConfiguration");
ManagementObjectCollection DemoQueryCollection = DemoQuery.Get();

foreach (ManagementObject DemoManager in DemoQueryCollection)
{
    Console.WriteLine("Description : " + DemoManager["Description"]);
    Console.WriteLine("MacAddress  : " + DemoManager["MacAddress"]);
}
    }

We can also query all services that were paused for instance. Here SQL is WQL and only MaganangemtObjectSearcher or ManagementEventWatcher can work with it directly.
private static void MyListPausedServices()
{
  ManagementObjectSearcher DemoSearcher = new ManagementObjectSearcher("SELECT * FROM Win32_Service WHERE Started = FALSE");
  ManagementObjectCollection AllMyObjects = DemoSearcher.Get();
  foreach (ManagementObject PausedService in AllMyObjects)
  {
    Console.WriteLine("My Service = " + PausedService["Caption"]);
  }
}

We can also see info about each event within WMI context.
public static void QueryServices()
{
  EventQuery MyDemoQuery = new EventQuery();
  MyDemoQuery.QueryString = "SELECT * FROM __InstanceCreationEvent WITHIN 2
  WHERE TargetInstance isa \"Win32_Service\" AND TargetInstance.State = 'Paused'";
  ManagementEventWatcher MyDemoWatcher = new ManagementEventWatcher(MyDemoQuery);
  MyDemoWatcher.Options.Timeout = new TimeSpan(0, 0, 10);
  Console.WriteLine("Open to trigger WaitForNextEvent");
  ManagementBaseObject MyEvent = MyDemoWatcher.WaitForNextEvent();
  MyDemoWatcher.Stop();
}

In addition, if we want to access the properties collection of a ManagementObject we need to use PropertyData objects.