返回列表 发帖

在Autoit中使用WMI

一、什么是WMI

WMI是Windows 2K/XP管理系统的核心;对于其他的Win32操作系统,WMI是一个有用的插件。有了WMI,工具软件和脚本程序访问操作系统的不同部分时不需要使用不同的API;相反,操作系统的不同部分都可以插入WMI。

也就是说,利用WMI我们能更方便地管理 Windows 资源 — 例如磁盘、事件日志、文件、文件夹、文件系统、网络组件、操作系统设置、性能数据、打印机、进程、注册表设置、安全性、服务、共享、用户、组等等。。

二、对WMI中一些名词的解释

首先看到下面的一个例子,这段代码能够输出物理内存的大小(不是用已有的函数):
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $wbemObjectSet= $wbemServices.InstancesOf("Win32_LogicalMemoryConfiguration")

  4. For $wbemObject In $wbemObjectSet
  5. ConsoleWrite("Total Physical Memory (kb): " & $wbemObject.TotalPhysicalMemory)
  6. Next
复制代码
在对代码解释前,我先解释一下一些名词的含义:

对象:所谓对象,就是建立COM组件时的返回值,像$wbemServices就是,我们称之为SwbemServicesWMI服务对象,至于$wbemObjectSet则叫做SwbemObject类实例集合对象,后文我还会提到SwbemLocator教本库对象。它们的层级关系如下:SwbemLocator教本库对象→SwbemServicesWMI服务对象→SwbemObject类实例集合对象→SwbemObject类的实例。

属性:以$wbemServices.InstancesOff为例,我们就说$wbemServices对象的InstancesOff属性。

类:WMI能实现的操作有很多种,不同种类的操作都是分开的,我们称之为类,上面代码中的"Win32_LogicalMemoryConfiguration"就是一个类。

命名空间:类也分很多种,功能相近的类分在一起就是命名空间,比如说上面代码中的\root\cimv2。而另一个常用的命名空间是root\DEFAULT。例如,事件日志、性能计数器、Windows 安装程序和 Win32 提供程序都存储在 root\cimv2 命名空间中。另一方面,注册表提供程序存储在 root\DEFAULT 命名空间中。

集合:$wbemObjectSet的数据类型属于集合,用FOR...IN...能对其进行列举。

三、使用WMI的基本步骤

1.获取SwbemServicesWMI服务对象,或者说连接到目标计算机的命名空间
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
复制代码
2.获取类的集合对象
  1. $wbemObjectSet= $wbemServices.InstancesOf("Win32_LogicalMemoryConfiguration")
复制代码
3.使用指定对象的属性进行操作
  1. For $wbemObject In $wbemObjectSet
  2. ConsoleWrite("Total Physical Memory (kb): " & $wbemObject.TotalPhysicalMemory)
  3. Next
复制代码
上面三步仅仅是对WMI操作的概括,实际操作时每一步都很复杂,下面将对这3步逐一进行讲解。

四、连接到命名空间的方法

方法1.用moniker名字法建立WMI服务的连接

这一方法也就是本文的例子所用到的,它的要点就是通过编写一个moniker字符串作为ObjGet函数的参数,然后返回一个SwbemServices对象。

关于moniker字符串的完整格式如下:

"winmgmts:[{SecuritySettings}!][\\ComputerName][\Namespace][:ClassName][.KeyProperty='Value']"

"winmgmts:"是前缀, 表示为WMI服务,必须使用;第二部分用来验证权限和假冒级别的,省略。第三部分为计算机名字:"\\.\"是本机的计算机名字,默认可省略,,其余同上;第四部分命名空间:缺省的命名空间为"root\CIMV2",默认可省略。也就是说我给的那个例子中的相关代码可简写为:$wbemServices = ObjGet("winmgmts:"),但我绝不建议这样做。

第五部分为类名。第六部分为属性值。注意:当该moniker字符串不包括最后2项时(即为:"winmgmts:[\\ComputerName][\Namespace]"),则ObjGet(moniker字符串)返回的是一个命名空间的已验证的连接(SwbemServices对象);当不包括最后1项时,返回的是一个类(SWbemObject对象);当包括最后2项时,返回的是一个类的单独实例(SWbemObject对象)。

方法2.通过建立SwbemLocator对象

这第二种方法我并不推荐,因为操作很繁琐,但是这种方法却能直观反应WMI操作的原理。下面是具体步骤:

1.建立SwbemLocator对象
  1. $objLocator = ObjCreate("WbemScripting.SWbemLocator")
复制代码
2.通过ConnectServer属性登录到目标计算机,下面的代码是登录到本机
  1. $objService = $objLocator.ConnectServer(".", "root\cimv2")
复制代码
3.设置impersonation等级
  1. $objService.Security_.ImpersonationLevel = 3
复制代码
5.执行你的代码,还是以显示物理内存为例
  1. $objLocator = ObjCreate("WbemScripting.SWbemLocator")
  2. $objService = $objLocator.ConnectServer(".", "root\cimv2")
  3. $objService.Security_.ImpersonationLevel = 3

  4. ;和第一个例子不同,这里使用了ExecQuery属性来获取Win32_LogicalMemoryConfiguration类的对象
  5. $wbemObjectSet = $objService.ExecQuery("SELECT * FROM Win32_LogicalMemoryConfiguration")

  6. For $wbemObject In $wbemObjectSet
  7. ConsoleWrite("Total Physical Memory (kb): " & $wbemObject.TotalPhysicalMemory)
  8. Next
复制代码
五、获得类的集合对象的方法

方法1.使用InstancesOf方法

InstancesOf方法的语法参数格式如下:

SwbemServices.InstancesOf(strClass)

strClass为类名,例如"Win32_Service"。

范例:$wbemObjectSet = $wbemServices.InstancesOf("Win32_Service")

我在第一个例子里就是用这种方法来获取Win32_LogicalMemoryConfiguration类的实例集合。

方法2.使用ExecQuery方法

与InstancesOf方法不同,ExecQuery方法可以通过查询语句,只返回匹配部分实例和属性。ExecQuery方法的语法参数格式如下:

SwbemServices.ExecQuery(strQuery, [ strQueryLanguage = "WQL" ],[ iFlags ],[ objWbemNamedValueSet ]

strQuery为WQL(WMI Query Language)查询的字符串,具体语法可以查看这里,下面是几个例子:

SELECT * FROM Win32_LogicalDisk ; 即获取Win32_LogicalDisk类的全部集合对象

SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application",,48 ; 从Win32_NTLogEvent类中获取名为"Application"的全部实例

SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE TargetInstance ISA 'Win32_Service' AND TargetInstance._Class = 'win32_TerminalService' ; 当Win32_NTLogEvent有新的实例建立时发出通知(这属于WMI事件,具体内容后文再提)

而ExecQuery方法的后几个参数很少会用到,有兴趣的话可以在这里了解更多。

使用范例:$wbemObjectSet = $wbemServices.ExecQuery("select * from Win32_Service")

方法3.使用Get方法

和上面两种方法不同,Get方法获得的是单个的对象。

比方说,下面的代码能列举出全部的系统服务:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $wbemObjectSet = $wbemServices.InstancesOf("Win32_Service")


  4. For $wbemObject In $wbemObjectSet
  5. ConsoleWrite("Name: " & $wbemObject.Name & @CrLf & _
  6. "Display Name: " & $wbemObject.DisplayName & @CrLf & _
  7. " Description: " & $wbemObject.Description & @CrLf & _
  8. " Path Name: " & $wbemObject.PathName & @CrLf & _
  9. " Start Mode: " & $wbemObject.StartMode & @CrLf & _
  10. " State: " & $wbemObject.State & @CrLf & @CrLf )
  11. Next
复制代码
如果我改用Get方法的话,我们会得到单独的对象,下面的代码是只显示Name为ALG的服务的相关信息:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $wbemObjectSet = $wbemServices.Get("Win32_Service.Name='ALG'")

  4. ConsoleWrite("Name: " & $wbemObjectSet.Name & @CrLf & _
  5.    "Display Name: " & $wbemObjectSet.DisplayName & @CrLf & _
  6.    " Description: " & $wbemObjectSet.Description & @CrLf & _
  7.    " Path Name: " & $wbemObjectSet.PathName & @CrLf & _
  8.    " Start Mode: " & $wbemObjectSet.StartMode & @CrLf & _
  9.    " State: " & $wbemObjectSet.State & @CrLf & @CrLf )
复制代码
在这两个例子中,后一个例子里的$wbemObjectSet的意义等同于前一个例子里的$wbemObject。

Get方法的格式如下:

SwbemServices.Get([strObjectPath][.KeyProperty='Value'])

strObjectPath是类的名字,KeyProperty是主键属性名,Value是指定的主键属性值。需要注意的是,你要获取的对象的KeyProperty='Value'必须有别于其他对象,否则就会出错。比如下面的代码就无法正常运行:
  1. $wbemServices.Get("Win32_Service.State ='Stopped'")
复制代码
方法4.直接用用moniker名字法

如果你仔细阅读过第4节的话,应该会发现用moniker名字法不但能建立命名空间,还可以获取类和单独的实例。

具体语法我就不再复述了,下面是两个范例:

1.获取Win32_Service类
  1. $wbemObjectSet = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2:Win32_Service")
复制代码
2.获取Win32_Service类下Name属性为winmgmt的对象
  1. $wbemObject = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2:Win32_Service.name='winmgmt'")
复制代码
六、深入了解命名空间

1.管理脚本的默认命名空间

默认情况下,我们用下面的代码就能连接到root\cimv2命名空间:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer )
复制代码
这段代码没有指定目标命名空间,则脚本连接到由下列注册表设置识别的命名空间:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting\Default 命名空间

命名空间root\cimv2被初始配置为脚本默认的命名空间;但是,默认的脚本命名空间可以很容易地进行更改。因此,我们应该始终在WMI 脚本中标识一个托管资源的命名空间,而不是采用默认设置:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
复制代码
如果我们想查看脚本的默认命名空间的话,可以用下面的代码:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $colWMISettings = $wbemServices.InstancesOf("Win32_WMISetting")

  4. For $objWMISetting in $colWMISettings
  5. ConsoleWrite("Default namespace for scripting: " & _
  6. $objWMISetting.ASPScriptDefaultNamespace & @CrLf )
  7. Next
复制代码
同样的,你还可以用下面的代码来设置默认的命名空间:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. For $objWMISetting in $colWMISettings
  4. $objWMISetting.ASPScriptDefaultNamespace = "root\cimv2"
  5. $objWMISetting.Put_
  6. Next
复制代码
2.列出命名空间

读到这里,我们仅仅了解到root\cimv2这一个命名空间,不过通过WMI自身我们也能知道其他的命名空间。

WMI的命名空间信息可以通过__NAMESPACE类下的实例搜索到,下面的例子是用来搜索所有root\...形式的命名空间:
  1. $objServices = ObjGet("winmgmts:\\" & $strComputer & "\root")
  2. $colNameSpaces = $objServices.InstancesOf("__NAMESPACE")

  3. For $objNameSpace In $colNameSpaces
  4. ConsoleWrite( $objNameSpace.Name & @CrLf )
  5. Next
复制代码
你可能已经注意到,上面的代码不提供目标计算机上所有可用的命名空间的完整描述。它只检索并显示在单一的、指定命名空间下的命名空间。为了在本地或远程的启用 WMI 的计算机上回显所有命名空间,我们可以通过递归来连接到并枚举每个命名空间:
  1. #include <array.au3>
  2. Dim $strCsvListOfNamespaces

  3. EnumNameSpaces("root", $strCsvListOfNamespaces)

  4. $arrNamespaces = StringSplit($strCsvListOfNamespaces, ",")

  5. _ArrayDisplay($arrNamespaces)

  6. Func EnumNamespaces($strNamespace, ByRef $tmpCsvListOfNamespaces)

  7. If $tmpCsvListOfNamespaces = "" Then
  8. $tmpCsvListOfNamespaces = $strNamespace
  9. Else
  10. $tmpCsvListOfNamespaces = $tmpCsvListOfNamespaces & "," & $strNamespace
  11. EndIf

  12. $strComputer = "."
  13. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\" & $strNameSpace)

  14. If not @error Then
  15.    
  16. $colNameSpaces = $objWMIService.InstancesOf("__NAMESPACE")

  17. For $objNameSpace In $colNameSpaces
  18. EnumNamespaces($strNameSpace & "\" & $objNameSpace.Name, $tmpCsvListOfNamespaces)
  19. Next
  20. Else
  21. $tmpCsvListOfNamespaces=""
  22. EndIf

  23. EndFunc
复制代码
3.列出类

下面的代码列出了所有在root\cimv2命名空间中定义的类:
  1. $strComputer = "."

  2. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $colClasses = $wbemServices.SubclassesOf()

  4. For $objClass In $colClasses
  5. ConsoleWrite( $objClass.Path_.Path & @CrLf )
  6. Next
复制代码
4.列出指定对象的属性

下面的代码列出了Win32_Service类下的实例能使用的属性(还记得上面的那个列出服务的代码吗?里面所使用的属性可以这样查到):
  1. $strComputer = "."
  2. $strClass = "Win32_Service"

  3. $wbemServices = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  4. $objClass = $wbemServices.Get($strClass)

  5. For $objProperty in $objClass.Properties_() ; Must use (), because method ends with an underscore
  6. ConsoleWrite ($objProperty.Name& @CrLf )
  7. Next
复制代码
七、WMI编程常用资源

1.AutoIt Script-o-matic

你可以在这里下载到这个工具。这个工具能够列出指定命名空间下的全部类,并显示出该类的全部属性。你还能用这个工具导出AU3脚本。

2.MSDN

Scriptomatic 2.0 官方的WMI查询工具

WMI Reference WMI的全部信息

Querying with WQL WQL查询语法

WMI Tasks for Scripts and Applications 官方WMI范例

八、WMI的应用

这一节将主要分类举出WMI应用的例子,不过暂时不会涉及WMI事件。

No.1.计算机硬件

1.查看可用的物理内存

你可以使用Win32_OperatingSystem类和FreePhysicalMemory属性.
  1. $strComputer = "."

  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")

  5. $colSettings = $objWMIService.ExecQuery _
  6. ("Select * from Win32_OperatingSystem")

  7. For $objOperatingSystem in $colSettings
  8. ConsoleWrite( "可用物理内存: " & _
  9. $objOperatingSystem.FreePhysicalMemory )
  10. Next
复制代码
2.判断计算机是否有DVD驱动器

使用Win32_CDROMDrive类下的Name或者DeviceID属性。
  1. $strComputer = "."

  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")

  5. $colItems = $objWMIService.ExecQuery _
  6. ("Select * from Win32_CDROMDrive")

  7. For $objItem in $colItems
  8. ConsoleWrite( "Device ID: " & $objItem.DeviceID &@CRLF _
  9. & "Description: " & $objItem.Description &@CRLF _
  10. & "Name: " & $objItem.Name &@CRLF &@CRLF)
  11. Next
复制代码
3.检查系统信息处理器数目

使用Win32_ComputerSystem类下的NumberOfProcessors属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colSettings = $objWMIService.ExecQuery _
  6. ("Select * from Win32_ComputerSystem")
  7. For $objComputer in $colSettings
  8. ConsoleWrite( "System Name: " & $objComputer.Name & @CRLF )
  9. ConsoleWrite( "Number of Processors: " & _
  10. $objComputer.NumberOfProcessors )
  11. Next
复制代码
4.检查PCMCIA接口数量

使用Win32_PCMCIAController类下的 Count 属性
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
  3. $colItems = $objWMIService.ExecQuery("Select * from Win32_PCMCIAController")

  4. ConsoleWrite( "Number of PCMCIA slots: " _
  5. & $colItems.Count)
复制代码
5.列出没有工作的硬件

你可以使用 Win32_PnPEntity 类, 然后通过使用WQL 查询 WHERE ConfigManagerErrorCode <> 0 来判断
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
  3. $colItems = $objWMIService.ExecQuery _
  4. ("Select * from Win32_PnPEntity " _
  5. & "WHERE ConfigManagerErrorCode <> 0")

  6. For $objItem in $colItems
  7. ConsoleWrite( "Class GUID: " & $objItem.ClassGuid & @CRLF )
  8. ConsoleWrite( "Description: " & $objItem.Description & @CRLF )
  9. ConsoleWrite( "Device ID: " & $objItem.DeviceID & @CRLF )
  10. ConsoleWrite( "Manufacturer: " & $objItem.Manufacturer & @CRLF )
  11. ConsoleWrite( "Name: " & $objItem.Name & @CRLF )
  12. ConsoleWrite( "PNP Device ID: " & $objItem.PNPDeviceID & @CRLF )
  13. ConsoleWrite( "Service: " & $objItem.Service & @CRLF & @CRLF )
  14. Next
复制代码
6.列出所有鼠标的信息

使用 Win32_PointingDevice 类,这样会列出所有指针设备,而不仅仅是鼠标
  1. .$strComputer = "."
  2. $objWMIService = ObjGet( _
  3. "winmgmts:\\" & $strComputer & "\root\cimv2")
  4. $colItems = $objWMIService.ExecQuery( _
  5. "Select * from Win32_PointingDevice")
  6. For $objItem in $colItems
  7. ConsoleWrite( "Description: " & $objItem.Description & @CRLF )
  8. ConsoleWrite( "Device ID: " & $objItem.DeviceID & @CRLF )
  9. ConsoleWrite( "Device Interface: " _
  10. & $objItem.DeviceInterface & @CRLF )
  11. ConsoleWrite( "Double Speed Threshold: " _
  12. & $objItem.DoubleSpeedThreshold & @CRLF )
  13. ConsoleWrite( "Handedness: " & $objItem.Handedness & @CRLF )
  14. ConsoleWrite( "Hardware Type: " & $objItem.HardwareType & @CRLF )
  15. ConsoleWrite( "INF File Name: " & $objItem.InfFileName & @CRLF )
  16. ConsoleWrite( "INF Section: " & $objItem.InfSection & @CRLF )
  17. ConsoleWrite( "Manufacturer: " & $objItem.Manufacturer & @CRLF )
  18. ConsoleWrite( "Name: " & $objItem.Name & @CRLF )
  19. ConsoleWrite( "Number Of Buttons: " _
  20. & $objItem.NumberOfButtons & @CRLF )
  21. ConsoleWrite( "PNP Device ID: " & $objItem.PNPDeviceID & @CRLF )
  22. ConsoleWrite( "Pointing Type: " & $objItem.PointingType & @CRLF )
  23. ConsoleWrite( "Quad Speed Threshold: " _
  24. & $objItem.QuadSpeedThreshold & @CRLF )
  25. ConsoleWrite( "Resolution: " & $objItem.Resolution & @CRLF )
  26. ConsoleWrite( "Sample Rate: " & $objItem.SampleRate & @CRLF )
  27. ConsoleWrite( "Synch: " & $objItem.Synch & @CRLF & @CRLF )
  28. Next
复制代码
7.判断计算机是台式机还是笔记本

使用 Win32_SystemEnclosure 类下的 ChassisType 属性
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colChassis = $objWMIService.ExecQuery _
  6. ("Select * from Win32_SystemEnclosure")
  7. For $objChassis in $colChassis
  8. For $objItem in $objChassis.ChassisTypes
  9. ConsoleWrite( "Chassis Type: " & $objItem & @CRLF )
  10. Next
  11. Next
复制代码
8.检查USB接口里插入的是什么设备

使用 Win32_USBHub 类并检查 Description 属性
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
  3. $colItems = $objWMIService.ExecQuery( _
  4. "Select * from Win32_USBHub")
  5. For $objItem in $colItems
  6. ConsoleWrite( "Device ID: " & $objItem.DeviceID & @CRLF )
  7. ConsoleWrite( "PNP Device ID: " _
  8. & $objItem.PNPDeviceID & @CRLF )
  9. ConsoleWrite( "Description: " _
  10. & $objItem.Description & @CRLF & @CRLF )
  11. Next
复制代码
9.检查系统有多少Tape设备

使用 Win32_TapeDrive 类然后使用 Count 途径
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colItems = $objWMIService.ExecQuery( _
  6. "Select * from Win32_TapeDrive")
  7. ConsoleWrite( "Number of tape drives: " _
  8. & $colItems.Count & @CRLF )
复制代码
No.2.计算机软件

1.卸载软件

如果软件是使用Microsoft Windows Installer (MSI) 安装的话,使用 Win32_Product 类和 Uninstall 途径
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colSoftware = $objWMIService.ExecQuery _
  6. ("Select * from Win32_Product " _
  7. & "Where Name = 'Personnel database'")
  8. For $objSoftware in $colSoftware
  9. $objSoftware.Uninstall()
  10. Next
复制代码
2.列出全部的已安装的软件

如果软件是使用Microsoft Windows Installer (MSI) 安装的话,使用 Win32_Product 类
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colSoftware = $objWMIService.ExecQuery _
  6. ("Select * from Win32_Product")

  7. For $objSoftware in $colSoftware
  8. ConsoleWrite( "Name: " & $objSoftware.Name & @CRLF )
  9. ConsoleWrite( "Version: " & $objSoftware.Version & @CRLF & @CRLF )
  10. Next
复制代码
3.检查用户安装的Microsoft Office的版本

使用 Win32_Product 类下的 Version 属性
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colSoftware = $objWMIService.ExecQuery("Select * from Win32_Product " & _
  6. "Where IdentifyingNumber =" _
  7. & " '{90280409-6000-11D3-8CFE-0050048383C9}'")
  8. For $objItem in $colSoftware
  9. ConsoleWrite( "Name: " & $objItem.Name & @CRLF )
  10. ConsoleWrite( "Version: " & $objItem.Version & @CRLF & @CRLF )
  11. Next
复制代码
No.3.桌面管理

1.判断系统是否启动在安全模式的网络状态下下

使用 Win32_ComputerSystem 类并检查 PrimaryOwnerName 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colSettings = $objWMIService.ExecQuery _
  6. ("Select * from Win32_ComputerSystem")
  7. For $objComputer in $colSettings
  8. ConsoleWrite( "System Name: " _
  9. & $objComputer.Name & @CRLF )
  10. ConsoleWrite( "Registered owner: " _
  11. & $objComputer.PrimaryOwnerName & @CRLF )
  12. Next
复制代码
2.检查屏幕保护是否需要密码

使用 Win32_Desktop 类并检查 ScreenSaverSecure 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
  3. $colItems = $objWMIService.ExecQuery("Select * from Win32_Desktop")
  4. For $objItem in $colItems
  5. ConsoleWrite( "Screen Saver Secure: " _
  6. & $objItem.ScreenSaverSecure & @CRLF )
  7. Next
复制代码
3.获取屏幕分辨率

使用 Win32_DesktopMonitor 类并检查 ScreenHeight 和 ScreenWidth 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
  3. $colItems = $objWMIService.ExecQuery( "Select * from Win32_DesktopMonitor")
  4. For $objItem in $colItems
  5. ConsoleWrite( "Screen Height: " _
  6. & $objItem.ScreenHeight & @CRLF )
  7. ConsoleWrite( "Screen Width: " _
  8. & $objItem.ScreenWidth & @CRLF )
  9. Next
复制代码
4.获取系统开机的时间

使用 Win32_OperatingSystem 类的 LastBootUpTime 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colOperatingSystems = $objWMIService.ExecQuery _
  6. ("Select * from Win32_OperatingSystem")

  7. For $objOS in $colOperatingSystems
  8. ConsoleWrite( $objOS.LastBootUpTime)
  9. Next
复制代码
.5.重启或关闭远程计算机

使用 Win32_OperatingSystem 类以及 Win32Shutdown 途径
  1. $strComputer = "atl-dc-01"
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate,(Shutdown)}!\\" & _
  4. $strComputer & "\root\cimv2")
  5. $colOperatingSystems = $objWMIService.ExecQuery _
  6. ("Select * from Win32_OperatingSystem")
  7. For $objOperatingSystem in $colOperatingSystems
  8. $ObjOperatingSystem.Shutdown(1)
  9. Next
复制代码
6.检查开机自启动项

使用 Win32_StartupCommand 类
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colStartupCommands = $objWMIService.ExecQuery _
  6. ("Select * from Win32_StartupCommand")
  7. For $objStartupCommand in $colStartupCommands
  8. ConsoleWrite( "Command: " & $objStartupCommand.Command & @CRLF _
  9. & "Description: " & $objStartupCommand.Description & @CRLF _
  10. & "Location: " & $objStartupCommand.Location & @CRLF _
  11. & "Name: " & $objStartupCommand.Name & @CRLF _
  12. & "SettingID: " & $objStartupCommand.SettingID & @CRLF _
  13. & "User: " & $objStartupCommand.User & @CRLF & @CRLF )
  14. Next
复制代码
八、续接WMI的应用

No.4.进程

1.检查系统同时运行了多少个au3脚本

使用 Win32_Process 类并找出名字为AutoIt3.exe的进程.
  1. $strComputer = "."
  2. $objWMIService = ObjGet( _
  3. "winmgmts:\\" & $strComputer & "\root\CIMV2")
  4. $colItems = $objWMIService.ExecQuery( _
  5. "SELECT * FROM Win32_Process" & _
  6. " WHERE Name = 'AutoIt3.exe'")
  7. For $objItem in $colItems
  8. ConsoleWrite( "-------------------------------------------" & @CRLF )
  9. ConsoleWrite( "CommandLine: " & $objItem.CommandLine & @CRLF )
  10. ConsoleWrite( "Name: " & $objItem.Name & @CRLF & @CRLF )
  11. Next
复制代码
2.修改进程的优先权

使用 Win32_Process 类和 SetPriority 途径
  1. Const $ABOVE_NORMAL = 32768
  2. $strComputer = "."
  3. $objWMIService = ObjGet("winmgmts:" _
  4. & "{impersonationLevel=impersonate}!\\" _
  5. & $strComputer & "\root\cimv2")
  6. $colProcesses = $objWMIService.ExecQuery _
  7. ("Select * from Win32_Process Where Name = 'Notepad.exe'")
  8. For $objProcess in $colProcesses
  9. $objProcess.SetPriority($ABOVE_NORMAL)
  10. Next
复制代码
3.列出每个进程所占用的内存

使用 Win32_Process 类和诸如 KernelModeTime, WorkingSetSize, PageFileUsage, 与 PageFaults 的属性
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colProcesses = $objWMIService.ExecQuery _
  6. ("Select * from Win32_Process")
  7. For $objProcess in $colProcesses
  8. ConsoleWrite( "Process: " & $objProcess.Name & @CRLF )
  9. $sngProcessTime = (String($objProcess.KernelModeTime) + _
  10. String($objProcess.UserModeTime)) / 10000000
  11. ConsoleWrite( "Processor Time: " & $sngProcessTime & @CRLF )
  12. ConsoleWrite( "Process ID: " & $objProcess.ProcessID & @CRLF )
  13. ConsoleWrite( "Working $Size: " _
  14. & $objProcess.WorkingSetSize & @CRLF )
  15. ConsoleWrite( "Page File Size: " _
  16. & $objProcess.PageFileUsage & @CRLF)
  17. ConsoleWrite( "Page Faults: " & $objProcess.PageFaults & @CRLF & @CRLF )
  18. Next
复制代码
No.5.磁盘和文件系统

1.列出每个用户所占用的磁盘空间

使用 Win32_DiskQuota 类和 User 以及 DiskSpaceUsed 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colQuotas = $objWMIService.ExecQuery _
  6. ("Select * from Win32_DiskQuota")
  7. For $objQuota in $colQuotas
  8. ConsoleWrite( "Volume: "& @Tab _
  9. & $objQuota.QuotaVolume & @CRLF )
  10. ConsoleWrite( "User: "& @Tab & $objQuota.User & @CRLF )
  11. ConsoleWrite( "Disk Space Used: " _
  12. & @Tab & $objQuota.DiskSpaceUsed & @CRLF )
  13. Next
复制代码
2.检查软驱里是否有软盘

使用 Win32_LogicalDisk 类并检查 FreeSpace 属性
  1. $strComputer = "."
  2. $objWMIService = ObjGet( _
  3. "winmgmts:\\" & $strComputer & "\root\cimv2")
  4. $colItems = $objWMIService.ExecQuery _
  5. ("Select * From Win32_LogicalDisk Where DeviceID = 'A:'")

  6. For $objItem in $colItems
  7. $intFreeSpace = $objItem.FreeSpace
  8. If $intFreeSpace = "" Then
  9. ConsoleWrite( "There is no disk in the floppy drive." & @CRLF )
  10. Else
  11. ConsoleWrite( "There is a disk in the floppy drive." & @CRLF )
  12. EndIf
  13. Next
复制代码
3.判断磁盘是否为可移动驱动器

使用 Win32_LogicalDisk 类并检查 DriveType 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colDisks = $objWMIService.ExecQuery _
  6. ("Select * from Win32_LogicalDisk")
  7. For $objDisk in $colDisks
  8. ConsoleWrite( "DeviceID: "& @Tab _
  9. & $objDisk.DeviceID & @CRLF )
  10. Switch $objDisk.DriveType
  11. Case 1
  12. ConsoleWrite( "No root directory. " _
  13. & "Drive type could not be " _
  14. & "determined." & @CRLF )
  15. Case 2
  16. ConsoleWrite( "DriveType: "& @Tab _
  17. & "Removable drive." & @CRLF )
  18. Case 3
  19. ConsoleWrite( "DriveType: "& @Tab _
  20. & "Local hard disk." & @CRLF )
  21. Case 4
  22. ConsoleWrite( "DriveType: "& @Tab _
  23. & "Network disk." & @CRLF )
  24. Case 5
  25. ConsoleWrite( "DriveType: "& @Tab _
  26. & "Compact disk." & @CRLF )
  27. Case 6
  28. ConsoleWrite( "DriveType: "& @Tab _
  29. & "RAM disk." & @CRLF )
  30. Case Else
  31. ConsoleWrite( "Drive type could not be" _
  32. & " determined." & @CRLF )
  33. EndSwitch
  34. Next
复制代码
4.检查驱动器的文件系统类型

使用 Win32_LogicalDisk 类和 FileSystem 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colDisks = $objWMIService.ExecQuery _
  6. ("Select * from Win32_LogicalDisk")
  7. For $objDisk in $colDisks
  8. ConsoleWrite( "DeviceID: " & $objDisk.DeviceID & @CRLF )
  9. ConsoleWrite( "File System: " _
  10. & $objDisk.FileSystem & @CRLF )
  11. Next
复制代码
5.检查磁盘的可用空间

使用 Win32_LogicalDisk 类和 FreeSpace 属性.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & $strComputer & "\root\cimv2")
  5. $colDisks = $objWMIService.ExecQuery _
  6. ("Select * from Win32_LogicalDisk")
  7. For $objDisk in $colDisks
  8. ConsoleWrite( "DeviceID: " & $objDisk.DeviceID & @CRLF )
  9. ConsoleWrite( "Free Disk Space: " _
  10. & $objDisk.FreeSpace & @CRLF )
  11. Next
复制代码
6.进行磁盘整理

使用 Win32_Volume 类和 Defrag 途径.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" _
  3. & $strComputer & "\root\cimv2")
  4. $colVolumes = $objWMIService.ExecQuery ("Select * from Win32_Volume Where Name = 'K:\\'")
  5. For $objVolume in $colVolumes
  6. $errResult = $objVolume.Defrag()
  7. Next
复制代码
No.6.网络

1.禁用网络连接

使用 Win32_NetworkAdapterConfiguration 和 ReleaseDHCPLease 途径.
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
  3. $colNetCards = $objWMIService.ExecQuery _
  4. ("Select * From Win32_NetworkAdapterConfiguration " _
  5. & "Where IPEnabled = True";)
  6. For $objNetCard in $colNetCards
  7. $objNetCard.ReleaseDHCPLease()
  8. Next
复制代码
2.得到适配器信息

使用 Win32_NetworkAdapterConfiguration 类.
  1. $strComputer = "."
  2. $objWMIService = ObjGet( _
  3. "winmgmts:\\" & $strComputer & "\root\cimv2")
  4. $IPConfigSet= $objWMIService.ExecQuery ("Select IPAddress from Win32_NetworkAdapterConfiguration" _
  5. & " where IPEnabled=TRUE")

  6. For $IPConfig in $IPConfigSet
  7. If Not $IPConfig.IPAddress Then
  8. For $i=0 To UBound($IPConfig.IPAddress)
  9. ConsoleWrite( $IPConfig.IPAddress( $i) & @CRLF )
  10. Next
  11. EndIf
  12. Next
复制代码
九、WMI事件

所谓WMI事件,即特定对象的属性发生改变时发出的通知,其中包括增加、修改、删除三种类型。

首先看到下面一个例子:
  1. $strComputer = "."

  2. $objWMIService = ObjGet("winmgmts://" & $strComputer & "/root/cimv2")

  3. $strWQL = "SELECT * " & _
  4. "FROM __InstanceCreationEvent " & _
  5. "WITHin$2 " & _
  6. "WHERE TargetInstance ISA 'Win32_Process' " & _
  7. "AND TargetInstance.Name = 'notepad.exe'"

  8. ConsoleWrite( "Waiting for a new instance of Notepad to start..." & @CrLf )
  9. $objEventSource = $objWMIService.ExecNotificationQuery($strWQL)
  10. $objEventObject = $objEventSource.NextEvent()
  11. ConsoleWrite( "A new instance of Notepad was just started." & @CrLf )
复制代码
当你运行记事本时程序就会发出一条提示。下面是对这段代码的解释:
  1. $strComputer = "."

  2. $objWMIService = ObjGet("winmgmts://" & $strComputer & "/root/cimv2")
复制代码
连接到命名空间。
  1. $strWQL = "SELECT * " & _
  2. "FROM __InstanceCreationEvent " & _
  3. "WITHin 2 " & _
  4. "WHERE TargetInstance ISA 'Win32_Process' " & _
  5. "AND TargetInstance.Name = 'notepad.exe'"
复制代码
这是一段WQL查询代码,__InstanceCreationEvent 表示监视新实例的建立,在这里表示新进程建立。类似的东西还有__InstanceModificationEvent、__InstanceDeletionEvent、__InstanceOperationEvent,它们分别表示修改、删除、全部操作(既以上三种的综合)。WITHin 2 表示每两秒查询一次。TargetInstance ISA 'Win32_Process' 表示监控Win32_Process类。TargetInstance.Name = 'notepad.exe'表示监控Name属性为notepad.exe的实例。

$objEventSource = $objWMIService.ExecNotificationQuery($strWQL)
$objEventObject = $objEventSource.NextEvent()

ExecNotificationQuery和ExecQuery的意义差不多一样,不过前者是专门用来获取WMI事件。$objEventSource.NextEvent() 表示不断进行WQL查询,直到通知产生,这段时间内脚本会暂停。

另外,用$objEventObject.Path_.Class你可以获取通知的种类,比如__InstanceCreationEvent。你还可以用$objEventObject.TargetInstance.+属性 来获取产生通知的实例的属性。

理论就讲到这里,剩下的东西相信大家看了下面的几个例子后就明白了。

下面是一段监视进程的范例:
  1. $strComputer = "."

  2. $objWMIService = ObjGet("winmgmts://" & $strComputer & "/root/cimv2")

  3. $strQuery = "SELECT * " & _
  4. "FROM __InstanceOperationEvent " & _
  5. "WITHin 2 " & _
  6. "WHERE TargetInstance ISA 'Win32_Process' "

  7. $objEventSource = $objWMIService.ExecNotificationQuery($strQuery)

  8. ConsoleWrite( "进程监控开始..." & @CRLF )

  9. While 1
  10. $objEventObject = $objEventSource.NextEvent()
  11. Switch $objEventObject.Path_.Class
  12. Case "__InstanceCreationEvent"
  13. ConsoleWrite("新进程建立:" & $objEventObject.TargetInstance.Name & @CrLf )
  14. Case "__InstanceDeletionEvent"
  15. ConsoleWrite("进程被关闭:" & $objEventObject.TargetInstance.Name & @CrLf )
  16. EndSwitch
  17. WEnd
复制代码
下面是一段文件监控的例子:
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $colMonitoredEvents = $objWMIService.ExecNotificationQuery _
  4. ("SELECT * FROM __InstanceOperationEvent WITHIN 5 WHERE " _
  5. & "Targetinstance ISA 'CIM_DirectoryContainsFile' and " _
  6. & "TargetInstance.GroupComponent= " _
  7. & "'Win32_Directory.Name=""c:\\\\1""'")

  8. While 1
  9. $objEventObject = $colMonitoredEvents.NextEvent()

  10. Select
  11. Case $objEventObject.Path_.Class()="__InstanceCreationEvent"
  12. ConsoleWrite ("A new file was just created: " & $objEventObject.TargetInstance.PartComponent() & @CR)
  13. Case $objEventObject.Path_.Class()="__InstanceDeletionEvent"
  14. ConsoleWrite ("A file was just deleted: " & $objEventObject.TargetInstance.PartComponent() & @CR)
  15. EndSelect
  16. WEnd
复制代码
下面是监控USB设备的例子:
  1. $strComputer = "."
  2. $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")

  3. $colEvents = $objWMIService.ExecNotificationQuery _
  4. ("Select * From __InstanceOperationEvent Within 5 Where " _
  5. & "TargetInstance isa 'Win32_LogicalDisk'")

  6. While 1
  7. $objEvent = $colEvents.NextEvent
  8. If $objEvent.TargetInstance.DriveType = 2 Then
  9. Select
  10. Case $objEvent.Path_.Class()="__InstanceCreationEvent"
  11. Consolewrite("Drive " & $objEvent.TargetInstance.DeviceId & "has been added." & @CR)
  12. Case $objEvent.Path_.Class()="__InstanceDeletionEvent"
  13. Consolewrite("Drive " & $objEvent.TargetInstance.DeviceId & "has been removed."& @CR)
  14. EndSelect
  15. EndIf
  16. WEnd
复制代码
——END ,转载请注明本文地址——
5

评分人数

  • kingdsq

  • komaau3

  • qqgghh1

  • 逍遥子

  • 破帽遮颜

沙发。。。非常佩服兄才的教程。在下汗颜一个。
叁十功名何所求,
恨萍聚散谁人偶;
居仙笑谓人生戏,
士人但求仙鹤楼。

TOP

收藏了。

TOP

TAG:  WMI  USED IN AUTOIT
谢谢楼主教程,用得着

TOP

真是好东西!多谢了!

TOP

呵呵~坐下慢慢学习一下!

TOP

谢谢楼主,收藏了

TOP

收藏了,慢慢学习

TOP

强啊。。。怎么学啊。。。。。。

TOP

谢谢,收藏了.值得学

TOP

第一次这么全面接触WMI 谢谢楼主

TOP

专业名词多啊,一时还消化不了

TOP

太厉害了,学都学不完啊
-----------------------------------------------
人人为我,我为人人!交流扣扣312088415 验证:AU3

TOP

留名 以后漫漫看

TOP

高手用的。暂时留个记号

TOP

返回列表