Detecting Management Events via Windows Management Instrumentation (WMI) technology
Name | Description |
---|---|
DirectoryObjectSearcher | Programmatically access resources |
ManagementQuery | Used for WMI queries |
EventQuery | Query object used to query WMI objects |
ObjectQuery | Query object for querying both instances and classes |
ManagementObjectSearcher | Class used to query a collection of ManagementObjects |
For instance we can use System.Management to enumerate logical dirves.
ConnectionOptions DemoOptions = new ConnectionOptions();
DemoOptions.Username = "\\Gill";
DemoOptions.Password = "paass";
ManagementScope DemoScope = new ManagementScope("\\mymachinename", DemoOptions);
ObjectQuery DemoQuery = new ObjectQuery("SELECT Size, Name FROM Win32_LogicalDisk where DriveType=3");
ManagementObjectSearcher DemoSearcher = new ManagementObjectSearcher(DemoScope, DemoQuery);
ManagementObjectCollection AllObjects = DemoSearcher.Get();
foreach (ManagementObject DemoObject in AllObjects)
{
Console.WriteLine("Resource Name: " + DemoObject["Name"].ToString());
Console.WriteLine("Resource Size: " + DemoObject["Size"].ToString());
}
We can also use System.Management to enumerate network adapters like that
public const String IP_Enabled = "IPEnabled";
public const String IP_Address = "IPAddress";
public const String IP_Subnet = "IPSubnet";
public const String DNS_HostName = "DNSHostName";
public const String DNS_Domain = "DNSDomain";
public void EnumerateAllNetworkAdapters()
{
ManagementObjectSearcher DemoQuery = new ManagementObjectSearcher("SELECT * FROM Win32_NetworkAdapterConfiguration");
ManagementObjectCollection DemoQueryCollection = DemoQuery.Get();
foreach (ManagementObject DemoManager in DemoQueryCollection)
{
Console.WriteLine("Description : " + DemoManager["Description"]);
Console.WriteLine("MacAddress : " + DemoManager["MacAddress"]);
}
}
We can also query all services that were paused for instance. Here SQL is WQL and only MaganangemtObjectSearcher or ManagementEventWatcher can work with it directly.
private static void MyListPausedServices()
{
ManagementObjectSearcher DemoSearcher = new ManagementObjectSearcher("SELECT * FROM Win32_Service WHERE Started = FALSE");
ManagementObjectCollection AllMyObjects = DemoSearcher.Get();
foreach (ManagementObject PausedService in AllMyObjects)
{
Console.WriteLine("My Service = " + PausedService["Caption"]);
}
}
We can also see info about each event within WMI context.
public static void QueryServices()
{
EventQuery MyDemoQuery = new EventQuery();
MyDemoQuery.QueryString = "SELECT * FROM __InstanceCreationEvent WITHIN 2
WHERE TargetInstance isa \"Win32_Service\" AND TargetInstance.State = 'Paused'";
ManagementEventWatcher MyDemoWatcher = new ManagementEventWatcher(MyDemoQuery);
MyDemoWatcher.Options.Timeout = new TimeSpan(0, 0, 10);
Console.WriteLine("Open to trigger WaitForNextEvent");
ManagementBaseObject MyEvent = MyDemoWatcher.WaitForNextEvent();
MyDemoWatcher.Stop();
}
In addition, if we want to access the properties collection of a ManagementObject we need to use PropertyData objects.