找回密码
 加入
搜索
AUTOIT CN»论坛 AU3交流 『 中文资料 』 在Autoit中使用WMI:总索引
返回列表 发新帖
查看: 4837|回复: 3

在Autoit中使用WMI:总索引

[复制链接]
autoit
发表于 2008-5-3 14:19:48 | 显示全部楼层 |阅读模式
<blockquote dir="ltr" style="margin-right: 0px"><p><strong>九、WMI事件</strong></p><p>所谓WMI事件,即特定对象的属性发生改变时发出的通知,其中包括增加、修改、删除三种类型。</p><p>首先看到下面一个例子:</p><blockquote dir="ltr" style="margin-right: 0px"><p><span class="re0">$strComputer</span> = <span class="st0">&quot;.&quot;</span><br /><br /><span class="re0">$objWMIService</span> = <span class="kw3">ObjGet</span><span class="br0">(</span><span class="st0">&quot;winmgmts://&quot;</span> &amp; <span class="re0">$strComputer</span> &amp; <span class="st0">&quot;/root/cimv2&quot;</span><span class="br0">)</span><br /><br /><span class="re0">$strWQL</span> = <span class="st0">&quot;SELECT * &quot;</span> &amp; _<br /><span class="st0">&quot;FROM __InstanceCreationEvent &quot;</span> &amp; _ <br /><span class="st0">&quot;WITHin$2 &quot;</span> &amp; _<br /><span class="st0">&quot;WHERE TargetInstance ISA 'Win32_Process' &quot;</span> &amp; _<br /><span class="st0">&quot;AND TargetInstance.Name = 'notepad.exe'&quot;</span><br /><br /><span class="kw3">ConsoleWrite</span><span class="br0">(</span> <span class="st0">&quot;Waiting for a new instance of Notepad to start...&quot;</span> &amp; <span class="re0">@CrLf</span> <span class="br0">)</span><br /><span class="re0">$objEventSource</span> = <span class="re0">$objWMIService</span>.<span class="me1">ExecNotificationQuery</span><span class="br0">(</span><span class="re0">$strWQL</span><span class="br0">)</span><br /><span class="re0">$objEventObject</span> = <span class="re0">$objEventSource</span>.<span class="me1">NextEvent</span><span class="br0">(</span><span class="br0">)</span><br /><span class="kw3">ConsoleWrite</span><span class="br0">(</span> <span class="st0">&quot;A new instance of Notepad was just started.&quot;</span> &amp; <span class="re0">@CrLf</span> <span class="br0">)</span></p></blockquote><p>当你运行记事本时程序就会发出一条提示。下面是对这段代码的解释:</p><blockquote dir="ltr" style="margin-right: 0px"><p><span class="re0">$strComputer</span> = <span class="st0">&quot;.&quot;</span><br /><br /><span class="re0">$objWMIService</span> = <span class="kw3">ObjGet</span><span class="br0">(</span><span class="st0">&quot;winmgmts://&quot;</span> &amp; <span class="re0">$strComputer</span> &amp; <span class="st0">&quot;/root/cimv2&quot;</span><span class="br0">)</span></p></blockquote><p>连接到命名空间。</p><blockquote dir="ltr" style="margin-right: 0px"><p><span class="re0">$strWQL</span> = <span class="st0">&quot;SELECT * &quot;</span> &amp; _<br /><span class="st0">&quot;FROM __InstanceCreationEvent &quot;</span> &amp; _ <br /><span class="st0">&quot;WITHin 2 &quot;</span> &amp; _<br /><span class="st0">&quot;WHERE TargetInstance ISA 'Win32_Process' &quot;</span> &amp; _<br /><span class="st0">&quot;AND TargetInstance.Name = 'notepad.exe'&quot;</span></p></blockquote><p>这是一段WQL查询代码,__InstanceCreationEvent 表示监视新实例的建立,在这里表示新进程建立。类似的东西还有__InstanceModificationEvent、__InstanceDeletionEvent、__InstanceOperationEvent,它们分别表示修改、删除、全部操作(既以上三种的综合)。WITHin 2 表示每两秒查询一次。TargetInstance ISA 'Win32_Process' 表示监控Win32_Process类。TargetInstance.Name = 'notepad.exe'表示监控Name属性为notepad.exe的实例。</p><blockquote dir="ltr" style="margin-right: 0px"><p>$objEventSource = $objWMIService.ExecNotificationQuery($strWQL)<br />$objEventObject = $objEventSource.NextEvent()</p></blockquote><p>ExecNotificationQuery和ExecQuery的意义差不多一样,不过前者是专门用来获取WMI事件。$objEventSource.NextEvent() 表示不断进行WQL查询,直到通知产生,这段时间内脚本会暂停。</p><p>另外,用$objEventObject.Path_.Class你可以获取通知的种类,比如__InstanceCreationEvent。你还可以用$objEventObject.TargetInstance.+属性 来获取产生通知的实例的属性。</p><p>理论就讲到这里,剩下的东西相信大家看了下面的几个例子后就明白了。</p><p>下面是一段监视进程的范例:</p><blockquote dir="ltr" style="margin-right: 0px"><p><span class="re0">$strComputer</span> = <span class="st0">&quot;.&quot;</span><br /><br /><span class="re0">$objWMIService</span> = <span class="kw3">ObjGet</span><span class="br0">(</span><span class="st0">&quot;winmgmts://&quot;</span> &amp; <span class="re0">$strComputer</span> &amp; <span class="st0">&quot;/root/cimv2&quot;</span><span class="br0">)</span><br /><br /><span class="re0">$strQuery</span> = <span class="st0">&quot;SELECT * &quot;</span> &amp; _<br /><span class="st0">&quot;FROM __InstanceOperationEvent &quot;</span> &amp; _ <br /><span class="st0">&quot;WITHin 2 &quot;</span> &amp; _<br /><span class="st0">&quot;WHERE TargetInstance ISA 'Win32_Process' &quot;</span> <br /><br /><span class="re0">$objEventSource</span> = <span class="re0">$objWMIService</span>.<span class="me1">ExecNotificationQuery</span><span class="br0">(</span><span class="re0">$strQuery</span><span class="br0">)</span><br /><br /><span class="kw3">ConsoleWrite</span><span class="br0">(</span> <span class="st0">&quot;进程监控开始...&quot;</span> &amp; <span class="re0">@CRLF</span> <span class="br0">)</span><br /><br /><span class="kw1">While</span> <span class="nu0">1</span><br /><span class="re0">$objEventObject</span> = <span class="re0">$objEventSource</span>.<span class="me1">NextEvent</span><span class="br0">(</span><span class="br0">)</span><br /><span class="kw1">Switch</span> <span class="re0">$objEventObject</span>.<span class="me1">Path_</span>.<span class="me1">Class</span><br /><span class="kw1">Case</span> <span class="st0">&quot;__InstanceCreationEvent&quot;</span> <br /><span class="kw3">ConsoleWrite</span><span class="br0">(</span><span class="st0">&quot;新进程建立:&quot;</span> &amp; <span class="re0">$objEventObject</span>.<span class="me1">TargetInstance</span>.<span class="me1">Name</span> &amp; <span class="re0">@CrLf</span> <span class="br0">)</span><br /><span class="kw1">Case</span> <span class="st0">&quot;__InstanceDeletionEvent&quot;</span><br /><span class="kw3">ConsoleWrite</span><span class="br0">(</span><span class="st0">&quot;进程被关闭:&quot;</span> &amp; <span class="re0">$objEventObject</span>.<span class="me1">TargetInstance</span>.<span class="me1">Name</span> &amp; <span class="re0">@CrLf</span> <span class="br0">)</span><br /><span class="kw1">EndSwitch</span><br /><span class="kw1">WEnd</span></p></blockquote><p>下面是一段文件监控的例子:</p><blockquote dir="ltr" style="margin-right: 0px"><p><span class="re0">$strComputer</span> = <span class="st0">&quot;.&quot;</span><br /><span class="re0">$objWMIService</span> = <span class="kw3">ObjGet</span><span class="br0">(</span><span class="st0">&quot;winmgmts:&#92;&#92;&quot;</span> &amp; <span class="re0">$strComputer</span> &amp; <span class="st0">&quot;&#92;root&#92;cimv2&quot;</span><span class="br0">)</span><br /><br /><span class="re0">$colMonitoredEvents</span> = <span class="re0">$objWMIService</span>.<span class="me1">ExecNotificationQuery</span> _<br /><span class="br0">(</span><span class="st0">&quot;SELECT * FROM __InstanceOperationEvent WITHIN 5 WHERE &quot;</span> _<br />&amp; <span class="st0">&quot;Targetinstance ISA 'CIM_DirectoryContainsFile' and &quot;</span> _<br />&amp; <span class="st0">&quot;TargetInstance.GroupComponent= &quot;</span> _<br />&amp; <span class="st0">&quot;'Win32_Directory.Name=&quot;</span><span class="st0">&quot;c:&#92;&#92;&#92;&#92;1&quot;</span><span class="st0">&quot;'&quot;</span><span class="br0">)</span><br /><br /><span class="kw1">While</span> <span class="nu0">1</span><br /><span class="re0">$objEventObject</span> = <span class="re0">$colMonitoredEvents</span>.<span class="me1">NextEvent</span><span class="br0">(</span><span class="br0">)</span><br /><br /><span class="kw1">Select</span> <br /><span class="kw1">Case</span> <span class="re0">$objEventObject</span>.<span class="me1">Path_</span>.<span class="me1">Class</span><span class="br0">(</span><span class="br0">)</span>=<span class="st0">&quot;__InstanceCreationEvent&quot;</span><br /><span class="kw3">ConsoleWrite</span> <span class="br0">(</span><span class="st0">&quot;A new file was just created: &quot;</span> &amp; <span class="re0">$objEventObject</span>.<span class="me1">TargetInstance</span>.<span class="me1">PartComponent</span><span class="br0">(</span><span class="br0">)</span> &amp; <span class="re0">@CR</span><span class="br0">)</span><br /><span class="kw1">Case</span> <span class="re0">$objEventObject</span>.<span class="me1">Path_</span>.<span class="me1">Class</span><span class="br0">(</span><span class="br0">)</span>=<span class="st0">&quot;__InstanceDeletionEvent&quot;</span><br /><span class="kw3">ConsoleWrite</span> <span class="br0">(</span><span class="st0">&quot;A file was just deleted: &quot;</span> &amp; <span class="re0">$objEventObject</span>.<span class="me1">TargetInstance</span>.<span class="me1">PartComponent</span><span class="br0">(</span><span class="br0">)</span> &amp; <span class="re0">@CR</span><span class="br0">)</span><br /><span class="kw1">EndSelect</span><br /><span class="kw1">WEnd</span></p></blockquote><p>下面是监控USB设备的例子:</p><blockquote dir="ltr" style="margin-right: 0px"><p><span class="re0">$strComputer</span> = <span class="st0">&quot;.&quot;</span><br /><span class="re0">$objWMIService</span> = <span class="kw3">ObjGet</span><span class="br0">(</span><span class="st0">&quot;winmgmts:&#92;&#92;&quot;</span> &amp; <span class="re0">$strComputer</span> &amp; <span class="st0">&quot;&#92;root&#92;cimv2&quot;</span><span class="br0">)</span><br /><br /><span class="re0">$colEvents</span> = <span class="re0">$objWMIService</span>.<span class="me1">ExecNotificationQuery</span> _<br /><span class="br0">(</span><span class="st0">&quot;Select * From __InstanceOperationEvent Within 5 Where &quot;</span> _<br />&amp; <span class="st0">&quot;TargetInstance isa 'Win32_LogicalDisk'&quot;</span><span class="br0">)</span><br /><br /><span class="kw1">While</span> <span class="nu0">1</span><br /><span class="re0">$objEvent</span> = <span class="re0">$colEvents</span>.<span class="me1">NextEvent</span><br /><span class="kw1">If</span> <span class="re0">$objEvent</span>.<span class="me1">TargetInstance</span>.<span class="me1">DriveType</span> = <span class="nu0">2</span> <span class="kw1">Then</span> <br /><span class="kw1">Select</span> <br /><span class="kw1">Case</span> <span class="re0">$objEvent</span>.<span class="me1">Path_</span>.<span class="me1">Class</span><span class="br0">(</span><span class="br0">)</span>=<span class="st0">&quot;__InstanceCreationEvent&quot;</span><br /><span class="kw3">Consolewrite</span><span class="br0">(</span><span class="st0">&quot;Drive &quot;</span> &amp; <span class="re0">$objEvent</span>.<span class="me1">TargetInstance</span>.<span class="me1">DeviceId</span> &amp; <span class="st0">&quot;has been added.&quot;</span> &amp; <span class="re0">@CR</span><span class="br0">)</span><br /><span class="kw1">Case</span> <span class="re0">$objEvent</span>.<span class="me1">Path_</span>.<span class="me1">Class</span><span class="br0">(</span><span class="br0">)</span>=<span class="st0">&quot;__InstanceDeletionEvent&quot;</span><br /><span class="kw3">Consolewrite</span><span class="br0">(</span><span class="st0">&quot;Drive &quot;</span> &amp; <span class="re0">$objEvent</span>.<span class="me1">TargetInstance</span>.<span class="me1">DeviceId</span> &amp; <span class="st0">&quot;has been removed.&quot;</span>&amp; <span class="re0">@CR</span><span class="br0">)</span><br /><span class="kw1">EndSelect</span><br /><span class="kw1">EndIf</span><br /><span class="kw1">WEnd</span></p></blockquote></blockquote>
回复

举报

Au3代码高亮发贴标签: [AU3] 你的代码 [/AU3]                   支持论坛的发展,请添加此》》网址导航《《为您的主页          
abowan
发表于 2008-5-11 16:01:56 | 显示全部楼层
这个是 总索引嘛  骗人,发帖也不看看
回复

举报

dabaiyun
发表于 2010-4-17 09:33:59 | 显示全部楼层
很不错的呀
回复

举报

wher
发表于 2012-3-12 00:24:02 | 显示全部楼层
谢谢楼主提供
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 加入

本版积分规则

QQ|手机版|小黑屋|AUTOIT CN ( 鲁ICP备19019924号-1 )谷歌 百度

GMT+8, 2024-5-6 04:15 , Processed in 0.069896 second(s), 19 queries .

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表